summaryrefslogtreecommitdiffstats
path: root/tests/py/inet/ah.t.payload.netdev
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2017-05-25 09:14:58 +0200
committerFlorian Westphal <fw@strlen.de>2017-05-25 09:16:38 +0200
commitbb6a7f201a817652dd2c795539236c9319a23ad7 (patch)
tree1d56b003ba39a44ef0acca8f777389b7eccad394 /tests/py/inet/ah.t.payload.netdev
parent1e6ae0e42bdc161d178277c336886e18c259caf5 (diff)
parent5f46b18745d18c486e959c93da649c18c8b10fe0 (diff)
Merge branch 'meta_l4_dependency'
Currently nft inserts different types of dependencies for l4 protocols, depending on the family. For inet, nft inserts 'meta l4proto' to e.g. check for tcp, for ip, nft uses 'ip protocol'. Both are fine. The ip6 family however uses 'ip6 nexthdr', and thats a problem because e.g. tcp dport 22 will not match packets that use ipv6 extension headers. The series switches both ipv6 and ipv4 to use meta l4 instead so ipv6 will always check the last transport header value. We could ignore ip as only ipv6 uses extension headers. However, switching ipv4 as well makes things a bit simpler because nft then creates the same l4 dependency for all families. Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/py/inet/ah.t.payload.netdev')
-rw-r--r--tests/py/inet/ah.t.payload.netdev262
1 files changed, 0 insertions, 262 deletions
diff --git a/tests/py/inet/ah.t.payload.netdev b/tests/py/inet/ah.t.payload.netdev
deleted file mode 100644
index af150969..00000000
--- a/tests/py/inet/ah.t.payload.netdev
+++ /dev/null
@@ -1,262 +0,0 @@
-# ah hdrlength 11-23
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 1b @ transport header + 1 => reg 1 ]
- [ cmp gte reg 1 0x0000000b ]
- [ cmp lte reg 1 0x00000017 ]
-
-# ah hdrlength != 11-23
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 1b @ transport header + 1 => reg 1 ]
- [ range neq reg 1 0x0000000b 0x00000017 ]
-
-# ah hdrlength { 11-23}
-__set%d test-netdev 7
-__set%d test-netdev 0
- element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 1b @ transport header + 1 => reg 1 ]
- [ lookup reg 1 set __set%d ]
-
-# ah hdrlength != { 11-23}
-__set%d test-netdev 7
-__set%d test-netdev 0
- element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 1b @ transport header + 1 => reg 1 ]
- [ lookup reg 1 set __set%d 0x1 ]
-
-# ah hdrlength {11, 23, 44 }
-__set%d test-netdev 3
-__set%d test-netdev 0
- element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 1b @ transport header + 1 => reg 1 ]
- [ lookup reg 1 set __set%d ]
-
-# ah hdrlength != {11, 23, 44 }
-__set%d test-netdev 3
-__set%d test-netdev 0
- element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 1b @ transport header + 1 => reg 1 ]
- [ lookup reg 1 set __set%d 0x1 ]
-
-# ah reserved 22
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 2b @ transport header + 2 => reg 1 ]
- [ cmp eq reg 1 0x00001600 ]
-
-# ah reserved != 233
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 2b @ transport header + 2 => reg 1 ]
- [ cmp neq reg 1 0x0000e900 ]
-
-# ah reserved 33-45
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 2b @ transport header + 2 => reg 1 ]
- [ cmp gte reg 1 0x00002100 ]
- [ cmp lte reg 1 0x00002d00 ]
-
-# ah reserved != 33-45
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 2b @ transport header + 2 => reg 1 ]
- [ range neq reg 1 0x00002100 0x00002d00 ]
-
-# ah reserved {23, 100}
-__set%d test-netdev 3
-__set%d test-netdev 0
- element 00001700 : 0 [end] element 00006400 : 0 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 2b @ transport header + 2 => reg 1 ]
- [ lookup reg 1 set __set%d ]
-
-# ah reserved != {23, 100}
-__set%d test-netdev 3
-__set%d test-netdev 0
- element 00001700 : 0 [end] element 00006400 : 0 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 2b @ transport header + 2 => reg 1 ]
- [ lookup reg 1 set __set%d 0x1 ]
-
-# ah reserved { 33-55}
-__set%d test-netdev 7
-__set%d test-netdev 0
- element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 2b @ transport header + 2 => reg 1 ]
- [ lookup reg 1 set __set%d ]
-
-# ah reserved != { 33-55}
-__set%d test-netdev 7
-__set%d test-netdev 0
- element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 2b @ transport header + 2 => reg 1 ]
- [ lookup reg 1 set __set%d 0x1 ]
-
-# ah spi 111
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 4 => reg 1 ]
- [ cmp eq reg 1 0x6f000000 ]
-
-# ah spi != 111
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 4 => reg 1 ]
- [ cmp neq reg 1 0x6f000000 ]
-
-# ah spi 111-222
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 4 => reg 1 ]
- [ cmp gte reg 1 0x6f000000 ]
- [ cmp lte reg 1 0xde000000 ]
-
-# ah spi != 111-222
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 4 => reg 1 ]
- [ range neq reg 1 0x6f000000 0xde000000 ]
-
-# ah spi {111, 122}
-__set%d test-netdev 3
-__set%d test-netdev 0
- element 6f000000 : 0 [end] element 7a000000 : 0 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 4 => reg 1 ]
- [ lookup reg 1 set __set%d ]
-
-# ah spi != {111, 122}
-__set%d test-netdev 3
-__set%d test-netdev 0
- element 6f000000 : 0 [end] element 7a000000 : 0 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 4 => reg 1 ]
- [ lookup reg 1 set __set%d 0x1 ]
-
-# ah spi { 111-122}
-__set%d test-netdev 7
-__set%d test-netdev 0
- element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 4 => reg 1 ]
- [ lookup reg 1 set __set%d ]
-
-# ah spi != { 111-122}
-__set%d test-netdev 7
-__set%d test-netdev 0
- element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 4 => reg 1 ]
- [ lookup reg 1 set __set%d 0x1 ]
-
-# ah sequence 123
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 8 => reg 1 ]
- [ cmp eq reg 1 0x7b000000 ]
-
-# ah sequence != 123
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 8 => reg 1 ]
- [ cmp neq reg 1 0x7b000000 ]
-
-# ah sequence {23, 25, 33}
-__set%d test-netdev 3
-__set%d test-netdev 0
- element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 8 => reg 1 ]
- [ lookup reg 1 set __set%d ]
-
-# ah sequence != {23, 25, 33}
-__set%d test-netdev 3
-__set%d test-netdev 0
- element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 8 => reg 1 ]
- [ lookup reg 1 set __set%d 0x1 ]
-
-# ah sequence { 23-33}
-__set%d test-netdev 7
-__set%d test-netdev 0
- element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 8 => reg 1 ]
- [ lookup reg 1 set __set%d ]
-
-# ah sequence != { 23-33}
-__set%d test-netdev 7
-__set%d test-netdev 0
- element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end]
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 8 => reg 1 ]
- [ lookup reg 1 set __set%d 0x1 ]
-
-# ah sequence 23-33
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 8 => reg 1 ]
- [ cmp gte reg 1 0x17000000 ]
- [ cmp lte reg 1 0x21000000 ]
-
-# ah sequence != 23-33
-netdev test-netdev ingress
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000033 ]
- [ payload load 4b @ transport header + 8 => reg 1 ]
- [ range neq reg 1 0x17000000 0x21000000 ]
-