diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2015-12-11 11:10:14 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-12-15 21:36:14 +0100 |
commit | 6b29a5bebb957387fe1aac8fcbfd431e6be237f0 (patch) | |
tree | 7e0be595ee6acfbdd2611045a7d227d5f329a16e /tests/py/inet | |
parent | 564b0e7c13f98b9ad054058137b4c0bb61bd46b4 (diff) |
tests/: rearrange tests directory
Rearrange the directory to obtain a better organization of files and
tests-suites.
We end with a tree like this:
tests
|
.--- py
.--- shell
.--- files
This was suggested by Pablo.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/inet')
43 files changed, 5197 insertions, 0 deletions
diff --git a/tests/py/inet/ah.t b/tests/py/inet/ah.t new file mode 100644 index 00000000..666659d3 --- /dev/null +++ b/tests/py/inet/ah.t @@ -0,0 +1,58 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +# nexthdr Bug to list table. + +- ah nexthdr esp;ok +- ah nexthdr ah;ok +- ah nexthdr comp;ok +- ah nexthdr udp;ok +- ah nexthdr udplite;ok +- ah nexthdr tcp;ok +- ah nexthdr dccp;ok +- ah nexthdr sctp;ok + +- ah nexthdr { esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok;ah nexthdr { 6, 132, 50, 17, 136, 33, 51, 108} +- ah nexthdr != { esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok + +ah hdrlength 11-23;ok +ah hdrlength != 11-23;ok +ah hdrlength { 11-23};ok +- ah hdrlength != { 11-23};ok +ah hdrlength {11, 23, 44 };ok +- ah hdrlength != {11-23 };ok + +ah reserved 22;ok +ah reserved != 233;ok +ah reserved 33-45;ok +ah reserved != 33-45;ok +ah reserved {23, 100};ok +- ah reserved != {33, 55, 67, 88};ok +ah reserved { 33-55};ok +- ah reserved != { 33-55};ok + +ah spi 111;ok +ah spi != 111;ok +ah spi 111-222;ok +ah spi != 111-222;ok +ah spi {111, 122};ok +- ah spi != {111, 122};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +ah spi { 111-122};ok +- ah spi != { 111-122};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +# sequence +ah sequence 123;ok +ah sequence != 123;ok +ah sequence {23, 25, 33};ok +- ah sequence != {23, 25, 33};ok +ah sequence { 23-33};ok +- ah sequence != { 33-44};ok +ah sequence 23-33;ok +ah sequence != 23-33;ok diff --git a/tests/py/inet/ah.t.payload.inet b/tests/py/inet/ah.t.payload.inet new file mode 100644 index 00000000..d8755980 --- /dev/null +++ b/tests/py/inet/ah.t.payload.inet @@ -0,0 +1,186 @@ +# ah hdrlength 11-23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x0000000b ] + [ cmp lte reg 1 0x00000017 ] + +# ah hdrlength != 11-23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x0000000b ] + [ cmp gt reg 1 0x00000017 ] + +# ah hdrlength { 11-23} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah hdrlength {11, 23, 44 } +set%d test-inet 3 +set%d test-inet 0 + element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ah reserved != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ah reserved 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ah reserved != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ah reserved {23, 100} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00006400 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi 111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x6f000000 ] + +# ah spi != 111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x6f000000 ] + +# ah spi 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# ah spi != 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# ah spi {111, 122} +set%d test-inet 3 +set%d test-inet 0 + element 6f000000 : 0 [end] element 7a000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi { 111-122} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 123 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x7b000000 ] + +# ah sequence != 123 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x7b000000 ] + +# ah sequence {23, 25, 33} +set%d test-inet 3 +set%d test-inet 0 + element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence { 23-33} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 23-33 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x17000000 ] + [ cmp lte reg 1 0x21000000 ] + +# ah sequence != 23-33 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x17000000 ] + [ cmp gt reg 1 0x21000000 ] + diff --git a/tests/py/inet/ah.t.payload.ip b/tests/py/inet/ah.t.payload.ip new file mode 100644 index 00000000..6a58bb1f --- /dev/null +++ b/tests/py/inet/ah.t.payload.ip @@ -0,0 +1,186 @@ +# ah hdrlength 11-23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x0000000b ] + [ cmp lte reg 1 0x00000017 ] + +# ah hdrlength != 11-23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x0000000b ] + [ cmp gt reg 1 0x00000017 ] + +# ah hdrlength { 11-23} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah hdrlength {11, 23, 44 } +set%d test-ip4 3 +set%d test-ip4 0 + element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ah reserved != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ah reserved 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ah reserved != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ah reserved {23, 100} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00006400 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi 111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x6f000000 ] + +# ah spi != 111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x6f000000 ] + +# ah spi 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# ah spi != 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# ah spi {111, 122} +set%d test-ip4 3 +set%d test-ip4 0 + element 6f000000 : 0 [end] element 7a000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi { 111-122} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 123 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x7b000000 ] + +# ah sequence != 123 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x7b000000 ] + +# ah sequence {23, 25, 33} +set%d test-ip4 3 +set%d test-ip4 0 + element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence { 23-33} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 23-33 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x17000000 ] + [ cmp lte reg 1 0x21000000 ] + +# ah sequence != 23-33 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x17000000 ] + [ cmp gt reg 1 0x21000000 ] + diff --git a/tests/py/inet/ah.t.payload.ip6 b/tests/py/inet/ah.t.payload.ip6 new file mode 100644 index 00000000..ce89754b --- /dev/null +++ b/tests/py/inet/ah.t.payload.ip6 @@ -0,0 +1,186 @@ +# ah hdrlength 11-23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x0000000b ] + [ cmp lte reg 1 0x00000017 ] + +# ah hdrlength != 11-23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x0000000b ] + [ cmp gt reg 1 0x00000017 ] + +# ah hdrlength { 11-23} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah hdrlength {11, 23, 44 } +set%d test-ip6 3 +set%d test-ip6 0 + element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ah reserved != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ah reserved 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ah reserved != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ah reserved {23, 100} +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00006400 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi 111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x6f000000 ] + +# ah spi != 111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x6f000000 ] + +# ah spi 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# ah spi != 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# ah spi {111, 122} +set%d test-ip6 3 +set%d test-ip6 0 + element 6f000000 : 0 [end] element 7a000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi { 111-122} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 123 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x7b000000 ] + +# ah sequence != 123 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x7b000000 ] + +# ah sequence {23, 25, 33} +set%d test-ip6 3 +set%d test-ip6 0 + element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence { 23-33} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 23-33 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x17000000 ] + [ cmp lte reg 1 0x21000000 ] + +# ah sequence != 23-33 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x17000000 ] + [ cmp gt reg 1 0x21000000 ] + diff --git a/tests/py/inet/comp.t b/tests/py/inet/comp.t new file mode 100644 index 00000000..f4753bbc --- /dev/null +++ b/tests/py/inet/comp.t @@ -0,0 +1,31 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet + +:input;type filter hook input priority 0 + +# BUG: nft: payload.c:88: payload_expr_pctx_update: Assertion `left->payload.base + 1 <= (__PROTO_BASE_MAX - 1)' failed. +- comp nexthdr esp;ok;comp nexthdr 50 +comp nexthdr != esp;ok;comp nexthdr != 50 + +- comp nexthdr {esp, ah, comp, udp, udplite, tcp, tcp, dccp, sctp};ok +# comp flags ## 8-bit field. Reserved for future use. MUST be set to zero. + +# Bug comp flags: to list. List the decimal value. +comp flags 0x0;ok +comp flags != 0x23;ok +comp flags 0x33-0x45;ok +comp flags != 0x33-0x45;ok +comp flags {0x33, 0x55, 0x67, 0x88};ok +- comp flags != {0x33, 0x55, 0x67, 0x88};ok +comp flags { 0x33-0x55};ok +- comp flags != { 0x33-0x55};ok + +comp cpi 22;ok +comp cpi != 233;ok +comp cpi 33-45;ok +comp cpi != 33-45;ok +comp cpi {33, 55, 67, 88};ok +- comp cpi != {33, 55, 67, 88};ok +comp cpi { 33-55};ok +- comp cpi != { 33-55};ok diff --git a/tests/py/inet/comp.t.payload.inet b/tests/py/inet/comp.t.payload.inet new file mode 100644 index 00000000..c00bcc71 --- /dev/null +++ b/tests/py/inet/comp.t.payload.inet @@ -0,0 +1,107 @@ +# comp nexthdr != esp +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# comp flags 0x0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# comp flags != 0x23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x00000023 ] + +# comp flags 0x33-0x45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000033 ] + [ cmp lte reg 1 0x00000045 ] + +# comp flags != 0x33-0x45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000033 ] + [ cmp gt reg 1 0x00000045 ] + +# comp flags {0x33, 0x55, 0x67, 0x88} +set%d test-inet 3 +set%d test-inet 0 + element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp flags { 0x33-0x55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# comp cpi != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# comp cpi 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# comp cpi != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# comp cpi {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/comp.t.payload.ip b/tests/py/inet/comp.t.payload.ip new file mode 100644 index 00000000..e226c9a5 --- /dev/null +++ b/tests/py/inet/comp.t.payload.ip @@ -0,0 +1,107 @@ +# comp nexthdr != esp +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# comp flags 0x0 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# comp flags != 0x23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x00000023 ] + +# comp flags 0x33-0x45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000033 ] + [ cmp lte reg 1 0x00000045 ] + +# comp flags != 0x33-0x45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000033 ] + [ cmp gt reg 1 0x00000045 ] + +# comp flags {0x33, 0x55, 0x67, 0x88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp flags { 0x33-0x55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# comp cpi != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# comp cpi 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# comp cpi != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# comp cpi {33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/comp.t.payload.ip6 b/tests/py/inet/comp.t.payload.ip6 new file mode 100644 index 00000000..135e5a2e --- /dev/null +++ b/tests/py/inet/comp.t.payload.ip6 @@ -0,0 +1,107 @@ +# comp nexthdr != esp +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# comp flags 0x0 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# comp flags != 0x23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x00000023 ] + +# comp flags 0x33-0x45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000033 ] + [ cmp lte reg 1 0x00000045 ] + +# comp flags != 0x33-0x45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000033 ] + [ cmp gt reg 1 0x00000045 ] + +# comp flags {0x33, 0x55, 0x67, 0x88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp flags { 0x33-0x55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# comp cpi != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# comp cpi 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# comp cpi != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# comp cpi {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/dccp.t b/tests/py/inet/dccp.t new file mode 100644 index 00000000..e323992e --- /dev/null +++ b/tests/py/inet/dccp.t @@ -0,0 +1,33 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +dccp sport 21-35;ok +dccp sport != 21-35;ok +dccp sport {23, 24, 25};ok +- dccp sport != { 27, 34};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +dccp sport { 20-50 };ok +dccp sport ftp-data - re-mail-ck;ok;dccp sport 20-50 +dccp sport 20-50;ok +dccp sport { 20-50};ok +- dccp sport != {27-34};ok +# dccp sport != {27-34};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +# dccp dport 21-35;ok +# dccp dport != 21-35;ok +dccp dport {23, 24, 25};ok +# dccp dport != {27, 34};ok +dccp dport { 20-50};ok +# dccp dport != {27-34};ok + +# BUG dccp type +# dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok +# dccp type != {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok +# dccp type request;ok +# dccp type != request;ok diff --git a/tests/py/inet/dccp.t.payload.inet b/tests/py/inet/dccp.t.payload.inet new file mode 100644 index 00000000..ecd8863f --- /dev/null +++ b/tests/py/inet/dccp.t.payload.inet @@ -0,0 +1,82 @@ +# dccp sport 21-35 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001500 ] + [ cmp lte reg 1 0x00002300 ] + +# dccp sport != 21-35 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001500 ] + [ cmp gt reg 1 0x00002300 ] + +# dccp sport {23, 24, 25} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport { 20-50 } +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport ftp-data - re-mail-ck +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport 20-50 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/dccp.t.payload.ip b/tests/py/inet/dccp.t.payload.ip new file mode 100644 index 00000000..9e1cc2ec --- /dev/null +++ b/tests/py/inet/dccp.t.payload.ip @@ -0,0 +1,82 @@ +# dccp sport 21-35 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001500 ] + [ cmp lte reg 1 0x00002300 ] + +# dccp sport != 21-35 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001500 ] + [ cmp gt reg 1 0x00002300 ] + +# dccp sport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport { 20-50 } +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport ftp-data - re-mail-ck +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport 20-50 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/dccp.t.payload.ip6 b/tests/py/inet/dccp.t.payload.ip6 new file mode 100644 index 00000000..c0e1d70a --- /dev/null +++ b/tests/py/inet/dccp.t.payload.ip6 @@ -0,0 +1,82 @@ +# dccp sport 21-35 +ip test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001500 ] + [ cmp lte reg 1 0x00002300 ] + +# dccp sport != 21-35 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001500 ] + [ cmp gt reg 1 0x00002300 ] + +# dccp sport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport { 20-50 } +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport ftp-data - re-mail-ck +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport 20-50 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/esp.t b/tests/py/inet/esp.t new file mode 100644 index 00000000..3a8502d9 --- /dev/null +++ b/tests/py/inet/esp.t @@ -0,0 +1,23 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +esp spi 100;ok +esp spi != 100;ok +esp spi 111-222;ok +esp spi != 111-222;ok +esp spi { 100, 102};ok +- esp spi != { 100, 102};ok +esp spi { 100-102};ok +- esp spi {100-102};ok + +esp sequence 22;ok +esp sequence 22-24;ok +esp sequence != 22-24;ok +esp sequence { 22, 24};ok +- esp sequence != { 22, 24};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +esp sequence { 22-25};ok +- esp sequence != { 22-25};ok diff --git a/tests/py/inet/esp.t.payload.inet b/tests/py/inet/esp.t.payload.inet new file mode 100644 index 00000000..4ba9ea8e --- /dev/null +++ b/tests/py/inet/esp.t.payload.inet @@ -0,0 +1,93 @@ +# esp spi 100 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x64000000 ] + +# esp spi != 100 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x64000000 ] + +# esp spi 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# esp spi != 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# esp spi { 100, 102} +set%d test-inet 3 +set%d test-inet 0 + element 64000000 : 0 [end] element 66000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp spi { 100-102} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# esp sequence 22-24 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x16000000 ] + [ cmp lte reg 1 0x18000000 ] + +# esp sequence != 22-24 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x16000000 ] + [ cmp gt reg 1 0x18000000 ] + +# esp sequence { 22, 24} +set%d test-inet 3 +set%d test-inet 0 + element 16000000 : 0 [end] element 18000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence { 22-25} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/esp.t.payload.ip b/tests/py/inet/esp.t.payload.ip new file mode 100644 index 00000000..5a66b042 --- /dev/null +++ b/tests/py/inet/esp.t.payload.ip @@ -0,0 +1,93 @@ +# esp spi 100 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x64000000 ] + +# esp spi != 100 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x64000000 ] + +# esp spi 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# esp spi != 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# esp spi { 100, 102} +set%d test-ip4 3 +set%d test-ip4 0 + element 64000000 : 0 [end] element 66000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp spi { 100-102} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# esp sequence 22-24 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x16000000 ] + [ cmp lte reg 1 0x18000000 ] + +# esp sequence != 22-24 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x16000000 ] + [ cmp gt reg 1 0x18000000 ] + +# esp sequence { 22, 24} +set%d test-ip4 3 +set%d test-ip4 0 + element 16000000 : 0 [end] element 18000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence { 22-25} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/esp.t.payload.ip6 b/tests/py/inet/esp.t.payload.ip6 new file mode 100644 index 00000000..7c784262 --- /dev/null +++ b/tests/py/inet/esp.t.payload.ip6 @@ -0,0 +1,93 @@ +# esp spi 100 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x64000000 ] + +# esp spi != 100 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x64000000 ] + +# esp spi 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# esp spi != 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# esp spi { 100, 102} +set%d test-ip6 3 +set%d test-ip6 0 + element 64000000 : 0 [end] element 66000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp spi { 100-102} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# esp sequence 22-24 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x16000000 ] + [ cmp lte reg 1 0x18000000 ] + +# esp sequence != 22-24 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x16000000 ] + [ cmp gt reg 1 0x18000000 ] + +# esp sequence { 22, 24} +set%d test-ip6 3 +set%d test-ip6 0 + element 16000000 : 0 [end] element 18000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence { 22-25} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/ether-ip.t b/tests/py/inet/ether-ip.t new file mode 100644 index 00000000..3726db45 --- /dev/null +++ b/tests/py/inet/ether-ip.t @@ -0,0 +1,5 @@ +*inet;test-inet +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok diff --git a/tests/py/inet/ether-ip.t.payload b/tests/py/inet/ether-ip.t.payload new file mode 100644 index 00000000..62e37a59 --- /dev/null +++ b/tests/py/inet/ether-ip.t.payload @@ -0,0 +1,28 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] diff --git a/tests/py/inet/ether.t b/tests/py/inet/ether.t new file mode 100644 index 00000000..9d0f9729 --- /dev/null +++ b/tests/py/inet/ether.t @@ -0,0 +1,13 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +*bridge;test-bridge + +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 accept +tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept;ok + +ether saddr 00:0f:54:0c:11:04 accept;ok +ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4;ok diff --git a/tests/py/inet/ether.t.payload b/tests/py/inet/ether.t.payload new file mode 100644 index 00000000..86f30c37 --- /dev/null +++ b/tests/py/inet/ether.t.payload @@ -0,0 +1,55 @@ +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 accept +inet test-inet input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 +inet test-inet input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + diff --git a/tests/py/inet/ether.t.payload.bridge b/tests/py/inet/ether.t.payload.bridge new file mode 100644 index 00000000..4a6bccbe --- /dev/null +++ b/tests/py/inet/ether.t.payload.bridge @@ -0,0 +1,49 @@ +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 accept +bridge test-bridge input + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 +bridge test-bridge input + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + diff --git a/tests/py/inet/ether.t.payload.ip b/tests/py/inet/ether.t.payload.ip new file mode 100644 index 00000000..2d33f0ce --- /dev/null +++ b/tests/py/inet/ether.t.payload.ip @@ -0,0 +1,55 @@ +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 accept +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + diff --git a/tests/py/inet/ether.t.payload.ip6 b/tests/py/inet/ether.t.payload.ip6 new file mode 100644 index 00000000..9065952d --- /dev/null +++ b/tests/py/inet/ether.t.payload.ip6 @@ -0,0 +1,55 @@ +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 accept +ip6 test-ip6 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 +ip6 test-ip6 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + diff --git a/tests/py/inet/ip.t b/tests/py/inet/ip.t new file mode 100644 index 00000000..a56c5c97 --- /dev/null +++ b/tests/py/inet/ip.t @@ -0,0 +1,7 @@ +*ip;test-ip4 +*inet;test-inet +*bridge;test-bridge + +:input;type filter hook input priority 0 + +ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe };ok diff --git a/tests/py/inet/ip.t.payload.bridge b/tests/py/inet/ip.t.payload.bridge new file mode 100644 index 00000000..606e3b34 --- /dev/null +++ b/tests/py/inet/ip.t.payload.bridge @@ -0,0 +1,11 @@ +# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } +set%d test-bridge 3 +set%d test-bridge 0 + element 01010101 02020202 fecafeca 0000feca : 0 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 6b @ link header + 6 => reg 10 ] + [ lookup reg 1 set set%d ] diff --git a/tests/py/inet/ip.t.payload.inet b/tests/py/inet/ip.t.payload.inet new file mode 100644 index 00000000..c8e9b054 --- /dev/null +++ b/tests/py/inet/ip.t.payload.inet @@ -0,0 +1,13 @@ +# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } +set%d test-inet 3 +set%d test-inet 0 + element 01010101 02020202 fecafeca 0000feca : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 6b @ link header + 6 => reg 10 ] + [ lookup reg 1 set set%d ] diff --git a/tests/py/inet/ip.t.payload.ip b/tests/py/inet/ip.t.payload.ip new file mode 100644 index 00000000..66f14681 --- /dev/null +++ b/tests/py/inet/ip.t.payload.ip @@ -0,0 +1,11 @@ +# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } +set%d test-ip4 3 +set%d test-ip4 0 + element 01010101 02020202 fecafeca 0000feca : 0 [end] +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 6b @ link header + 6 => reg 10 ] + [ lookup reg 1 set set%d ] diff --git a/tests/py/inet/reject.t b/tests/py/inet/reject.t new file mode 100644 index 00000000..52e7b28b --- /dev/null +++ b/tests/py/inet/reject.t @@ -0,0 +1,35 @@ +*inet;test-inet +:input;type filter hook input priority 0 + +# The output is specific for inet family +reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable +reject with icmp type net-unreachable;ok;meta nfproto ipv4 reject with icmp type net-unreachable +reject with icmp type prot-unreachable;ok;meta nfproto ipv4 reject with icmp type prot-unreachable +reject with icmp type port-unreachable;ok;meta nfproto ipv4 reject +reject with icmp type net-prohibited;ok;meta nfproto ipv4 reject with icmp type net-prohibited +reject with icmp type host-prohibited;ok;meta nfproto ipv4 reject with icmp type host-prohibited +reject with icmp type admin-prohibited;ok;meta nfproto ipv4 reject with icmp type admin-prohibited + +reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route +reject with icmpv6 type admin-prohibited;ok;meta nfproto ipv6 reject with icmpv6 type admin-prohibited +reject with icmpv6 type addr-unreachable;ok;meta nfproto ipv6 reject with icmpv6 type addr-unreachable +reject with icmpv6 type port-unreachable;ok;meta nfproto ipv6 reject + +reject with tcp reset;ok;meta l4proto 6 reject with tcp reset + +reject;ok +meta nfproto ipv4 reject;ok +meta nfproto ipv6 reject;ok + +reject with icmpx type host-unreachable;ok +reject with icmpx type no-route;ok +reject with icmpx type admin-prohibited;ok +reject with icmpx type port-unreachable;ok;reject + +meta nfproto ipv4 reject with icmp type host-unreachable;ok +meta nfproto ipv6 reject with icmpv6 type no-route;ok + +meta nfproto ipv6 reject with icmp type host-unreachable;fail +meta nfproto ipv4 ip protocol icmp reject with icmpv6 type no-route;fail +meta nfproto ipv6 ip protocol icmp reject with icmp type host-unreachable;fail +meta l4proto udp reject with tcp reset;fail diff --git a/tests/py/inet/reject.t.payload.inet b/tests/py/inet/reject.t.payload.inet new file mode 100644 index 00000000..5770330d --- /dev/null +++ b/tests/py/inet/reject.t.payload.inet @@ -0,0 +1,220 @@ +# reject with icmp type host-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 1 ] + +# reject with icmp type net-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 10 ] + +# reject with icmp type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 13 ] + +# reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with tcp reset +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + +# reject +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# meta nfproto ipv6 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with icmpx type host-unreachable +inet test-inet input + [ reject type 2 code 2 ] + +# reject with icmpx type no-route +inet test-inet input + [ reject type 2 code 0 ] + +# reject with icmpx type admin-prohibited +inet test-inet input + [ reject type 2 code 3 ] + +# reject with icmpx type port-unreachable +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject with icmp type host-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 1 ] + +# meta nfproto ipv6 reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 10 ] + +# reject with icmp type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 13 ] + +# reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with tcp reset +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + +# reject +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# meta nfproto ipv6 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with icmpx type host-unreachable +inet test-inet input + [ reject type 2 code 2 ] + +# reject with icmpx type no-route +inet test-inet input + [ reject type 2 code 0 ] + +# reject with icmpx type admin-prohibited +inet test-inet input + [ reject type 2 code 3 ] + +# reject with icmpx type port-unreachable +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject with icmp type host-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 1 ] + +# meta nfproto ipv6 reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + diff --git a/tests/py/inet/sctp.t b/tests/py/inet/sctp.t new file mode 100644 index 00000000..537a9b17 --- /dev/null +++ b/tests/py/inet/sctp.t @@ -0,0 +1,42 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +sctp sport 23;ok +sctp sport != 23;ok +sctp sport 23-44;ok +sctp sport != 23-44;ok +sctp sport { 23, 24, 25};ok +- sctp sport != { 23, 24, 25};ok +sctp sport { 23-44};ok +- sctp sport != { 23-44};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +sctp dport 23;ok +sctp dport != 23;ok +sctp dport 23-44;ok +sctp dport != 23-44;ok +sctp dport { 23, 24, 25};ok +- sctp dport != { 23, 24, 25};ok +sctp dport { 23-44};ok +- sctp dport != { 23-44};ok + +sctp checksum 1111;ok +sctp checksum != 11;ok +sctp checksum 21-333;ok +sctp checksum != 32-111;ok +sctp checksum { 22, 33, 44};ok +- sctp checksum != { 22, 33, 44};ok +sctp checksum { 22-44};ok +- sctp checksum != { 22-44};ok + +sctp vtag 22;ok +sctp vtag != 233;ok +sctp vtag 33-45;ok +sctp vtag != 33-45;ok +sctp vtag {33, 55, 67, 88};ok +- sctp vtag != {33, 55, 67, 88};ok +sctp vtag { 33-55};ok +- sctp vtag != { 33-55};ok diff --git a/tests/py/inet/sctp.t.payload.inet b/tests/py/inet/sctp.t.payload.inet new file mode 100644 index 00000000..dd6e2759 --- /dev/null +++ b/tests/py/inet/sctp.t.payload.inet @@ -0,0 +1,200 @@ +# sctp sport 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp sport != 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp sport 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp sport != 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp sport { 23, 24, 25} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp sport { 23-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp dport != 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp dport 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp dport != 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp dport { 23, 24, 25} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport { 23-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum 1111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x57040000 ] + +# sctp checksum != 11 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x0b000000 ] + +# sctp checksum 21-333 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x15000000 ] + [ cmp lte reg 1 0x4d010000 ] + +# sctp checksum != 32-111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x20000000 ] + [ cmp gt reg 1 0x6f000000 ] + +# sctp checksum { 22, 33, 44} +set%d test-inet 3 +set%d test-inet 0 + element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum { 22-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# sctp vtag != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# sctp vtag 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# sctp vtag != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# sctp vtag {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/sctp.t.payload.ip b/tests/py/inet/sctp.t.payload.ip new file mode 100644 index 00000000..053d319e --- /dev/null +++ b/tests/py/inet/sctp.t.payload.ip @@ -0,0 +1,200 @@ +# sctp sport 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp sport != 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp sport 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp sport != 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp sport { 23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp sport { 23-44} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp dport != 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp dport 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp dport != 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp dport { 23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport { 23-44} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum 1111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x57040000 ] + +# sctp checksum != 11 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x0b000000 ] + +# sctp checksum 21-333 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x15000000 ] + [ cmp lte reg 1 0x4d010000 ] + +# sctp checksum != 32-111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x20000000 ] + [ cmp gt reg 1 0x6f000000 ] + +# sctp checksum { 22, 33, 44} +set%d test-ip4 3 +set%d test-ip4 0 + element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum { 22-44} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# sctp vtag != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# sctp vtag 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# sctp vtag != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# sctp vtag {33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/sctp.t.payload.ip6 b/tests/py/inet/sctp.t.payload.ip6 new file mode 100644 index 00000000..eae6fa94 --- /dev/null +++ b/tests/py/inet/sctp.t.payload.ip6 @@ -0,0 +1,200 @@ +# sctp sport 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp sport != 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp sport 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp sport != 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp sport { 23, 24, 25} +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp sport { 23-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp dport != 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp dport 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp dport != 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp dport { 23, 24, 25} +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport { 23-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum 1111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x57040000 ] + +# sctp checksum != 11 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x0b000000 ] + +# sctp checksum 21-333 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x15000000 ] + [ cmp lte reg 1 0x4d010000 ] + +# sctp checksum != 32-111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x20000000 ] + [ cmp gt reg 1 0x6f000000 ] + +# sctp checksum { 22, 33, 44} +set%d test-ip6 3 +set%d test-ip6 0 + element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum { 22-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# sctp vtag != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# sctp vtag 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# sctp vtag != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# sctp vtag {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t new file mode 100644 index 00000000..53a16898 --- /dev/null +++ b/tests/py/inet/tcp.t @@ -0,0 +1,105 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +tcp dport 22;ok +tcp dport != 233;ok +tcp dport 33-45;ok +tcp dport != 33-45;ok +tcp dport { 33, 55, 67, 88};ok +- tcp dport != { 33, 55, 67, 88};ok +tcp dport { 33-55};ok +- tcp dport != { 33-55};ok +tcp dport {telnet, http, https} accept;ok;tcp dport { 443, 23, 80} accept +tcp dport vmap { 22 : accept, 23 : drop };ok +tcp dport vmap { 25:accept, 28:drop };ok +tcp dport { 22, 53, 80, 110 };ok +- tcp dport != { 22, 53, 80, 110 };ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +tcp sport 22;ok +tcp sport != 233;ok +tcp sport 33-45;ok +tcp sport != 33-45;ok +tcp sport { 33, 55, 67, 88};ok +- tcp sport != { 33, 55, 67, 88};ok +tcp sport { 33-55};ok +- tcp sport != { 33-55};ok +tcp sport vmap { 25:accept, 28:drop };ok + +tcp sport 8080 drop;ok +tcp sport 1024 tcp dport 22;ok +tcp sport 1024 tcp dport 22 tcp sequence 0;ok + +tcp sequence 0 tcp sport 1024 tcp dport 22;ok;tcp sport 1024 tcp dport 22 tcp sequence 0 +tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22;ok + +tcp sequence 22;ok +tcp sequence != 233;ok +tcp sequence 33-45;ok +tcp sequence != 33-45;ok +tcp sequence { 33, 55, 67, 88};ok +- tcp sequence != { 33, 55, 67, 88};ok +tcp sequence { 33-55};ok +- tcp sequence != { 33-55};ok + +tcp ackseq 42949672 drop;ok +tcp ackseq 22;ok +tcp ackseq != 233;ok +tcp ackseq 33-45;ok +tcp ackseq != 33-45;ok +tcp ackseq { 33, 55, 67, 88};ok +- tcp ackseq != { 33, 55, 67, 88};ok +tcp ackseq { 33-55};ok +- tcp ackseq != { 33-55};ok + +- tcp doff 22;ok +- tcp doff != 233;ok +- tcp doff 33-45;ok +- tcp doff != 33-45;ok +- tcp doff { 33, 55, 67, 88};ok +- tcp doff != { 33, 55, 67, 88};ok +- tcp doff { 33-55};ok +- tcp doff != { 33-55};ok + +# BUG reserved +# BUG: It is accepted but it is not shown then. tcp reserver + +tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop;ok +- tcp flags != { fin, urg, ecn, cwr} drop;ok +tcp flags cwr;ok +tcp flags != cwr;ok + +tcp window 22222;ok +tcp window 22;ok +tcp window != 233;ok +tcp window 33-45;ok +tcp window != 33-45;ok +tcp window { 33, 55, 67, 88};ok +- tcp window != { 33, 55, 67, 88};ok +tcp window { 33-55};ok +- tcp window != { 33-55};ok + +tcp checksum 23456 log drop;ok +tcp checksum 22;ok +tcp checksum != 233;ok +tcp checksum 33-45;ok +tcp checksum != 33-45;ok +tcp checksum { 33, 55, 67, 88};ok +- tcp checksum != { 33, 55, 67, 88};ok +tcp checksum { 33-55};ok +- tcp checksum != { 33-55};ok + +tcp urgptr 1234 accept;ok +tcp urgptr 22;ok +tcp urgptr != 233;ok +tcp urgptr 33-45;ok +tcp urgptr != 33-45;ok +tcp urgptr { 33, 55, 67, 88};ok +- tcp urgptr != { 33, 55, 67, 88};ok +tcp urgptr { 33-55};ok +- tcp urgptr != { 33-55};ok + +tcp doff 8;ok diff --git a/tests/py/inet/tcp.t.payload.inet b/tests/py/inet/tcp.t.payload.inet new file mode 100644 index 00000000..21b21abc --- /dev/null +++ b/tests/py/inet/tcp.t.payload.inet @@ -0,0 +1,508 @@ +# tcp dport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp dport != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp dport 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp dport != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp dport { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport {telnet, http, https} accept +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# tcp dport vmap { 22 : accept, 23 : drop } +map%d test-inet b +map%d test-inet 0 + element 00001600 : 0 [end] element 00001700 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport vmap { 25:accept, 28:drop } +map%d test-inet b +map%d test-inet 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport { 22, 53, 80, 110 } +set%d test-inet 3 +set%d test-inet 0 + element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp sport 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp sport != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp sport { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport vmap { 25:accept, 28:drop } +map%d test-inet b +map%d test-inet 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp sport 8080 drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000901f ] + [ immediate reg 0 drop ] + +# tcp sport 1024 tcp dport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 ] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +set%d test-inet 3 +set%d test-inet 0 + element 00000004 : 0 [end] element 0000fe03 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ payload load 6b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 0x00000000 ] + +# tcp sequence 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp sequence != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp sequence 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp sequence != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp sequence { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sequence { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq 42949672 drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x285c8f02 ] + [ immediate reg 0 drop ] + +# tcp ackseq 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp ackseq != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp ackseq 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp ackseq != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp ackseq { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +set%d test-inet 3 +set%d test-inet 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# tcp flags cwr +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags != cwr +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ cmp neq reg 1 0x00000080 ] + +# tcp window 22222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x0000ce56 ] + +# tcp window 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp window != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp window 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp window != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp window { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp window { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum 23456 log drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x0000a05b ] + [ log prefix (null) ] + [ immediate reg 0 drop ] + +# tcp checksum 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp checksum != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp checksum 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp checksum != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp checksum { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr 1234 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 0 accept ] + +# tcp urgptr 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp urgptr != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp urgptr 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp urgptr != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp urgptr { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp doff 8 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000080 ] + diff --git a/tests/py/inet/tcp.t.payload.ip b/tests/py/inet/tcp.t.payload.ip new file mode 100644 index 00000000..34c97143 --- /dev/null +++ b/tests/py/inet/tcp.t.payload.ip @@ -0,0 +1,508 @@ +# tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp dport != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp dport 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp dport != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp dport { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport {telnet, http, https} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# tcp dport vmap { 22 : accept, 23 : drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001600 : 0 [end] element 00001700 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport vmap { 25:accept, 28:drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport { 22, 53, 80, 110 } +set%d test-ip4 3 +set%d test-ip4 0 + element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp sport 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp sport != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp sport { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport vmap { 25:accept, 28:drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp sport 8080 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000901f ] + [ immediate reg 0 drop ] + +# tcp sport 1024 tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 ] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +set%d test-ip4 3 +set%d test-ip4 0 + element 00000004 : 0 [end] element 0000fe03 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ payload load 6b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 0x00000000 ] + +# tcp sequence 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp sequence != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp sequence 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp sequence != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp sequence { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sequence { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq 42949672 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x285c8f02 ] + [ immediate reg 0 drop ] + +# tcp ackseq 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp ackseq != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp ackseq 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp ackseq != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp ackseq { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# tcp flags cwr +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags != cwr +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ cmp neq reg 1 0x00000080 ] + +# tcp window 22222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x0000ce56 ] + +# tcp window 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp window != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp window 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp window != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp window { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp window { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum 23456 log drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x0000a05b ] + [ log prefix (null) ] + [ immediate reg 0 drop ] + +# tcp checksum 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp checksum != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp checksum 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp checksum != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr 1234 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 0 accept ] + +# tcp urgptr 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp urgptr != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp urgptr 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp urgptr != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp urgptr { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp doff 8 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000080 ] + diff --git a/tests/py/inet/tcp.t.payload.ip6 b/tests/py/inet/tcp.t.payload.ip6 new file mode 100644 index 00000000..44decab4 --- /dev/null +++ b/tests/py/inet/tcp.t.payload.ip6 @@ -0,0 +1,508 @@ +# tcp dport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp dport != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp dport 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp dport != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp dport { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport {telnet, http, https} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# tcp dport vmap { 22 : accept, 23 : drop } +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0 [end] element 00001700 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport vmap { 25:accept, 28:drop } +map%d test-ip6 b +map%d test-ip6 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport { 22, 53, 80, 110 } +set%d test-ip6 3 +set%d test-ip6 0 + element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp sport 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp sport != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp sport { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport vmap { 25:accept, 28:drop } +map%d test-ip6 b +map%d test-ip6 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp sport 8080 drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000901f ] + [ immediate reg 0 drop ] + +# tcp sport 1024 tcp dport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 ] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +set%d test-ip6 3 +set%d test-ip6 0 + element 00000004 : 0 [end] element 0000fe03 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ payload load 6b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 0x00000000 ] + +# tcp sequence 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp sequence != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp sequence 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp sequence != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp sequence { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sequence { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq 42949672 drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x285c8f02 ] + [ immediate reg 0 drop ] + +# tcp ackseq 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp ackseq != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp ackseq 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp ackseq != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp ackseq { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +set%d test-ip6 3 +set%d test-ip6 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# tcp flags cwr +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags != cwr +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ cmp neq reg 1 0x00000080 ] + +# tcp window 22222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x0000ce56 ] + +# tcp window 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp window != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp window 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp window != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp window { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp window { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum 23456 log drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x0000a05b ] + [ log prefix (null) ] + [ immediate reg 0 drop ] + +# tcp checksum 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp checksum != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp checksum 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp checksum != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp checksum { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr 1234 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 0 accept ] + +# tcp urgptr 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp urgptr != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp urgptr 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp urgptr != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp urgptr { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp doff 8 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000080 ] + diff --git a/tests/py/inet/udp.t b/tests/py/inet/udp.t new file mode 100644 index 00000000..58f4002d --- /dev/null +++ b/tests/py/inet/udp.t @@ -0,0 +1,49 @@ +*ip;test-ip4 +*ip;test-ip6 +*ip;test-inet +:input;type filter hook input priority 0 + +udp sport 80 accept;ok +udp sport != 60 accept;ok +udp sport 50-70 accept;ok +udp sport != 50-60 accept;ok +udp sport { 49, 50} drop;ok +- udp sport != { 50, 60} accept;ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +udp sport { 12-40};ok +- udp sport != { 13-24};ok + +udp dport 80 accept;ok +udp dport != 60 accept;ok +udp dport 70-75 accept;ok +udp dport != 50-60 accept;ok +udp dport { 49, 50} drop;ok +- udp dport != { 50, 60} accept;ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +udp dport { 70-75} accept;ok +- udp dport != { 50-60} accept;ok + +udp length 6666;ok +udp length != 6666;ok +udp length 50-65 accept;ok +udp length != 50-65 accept;ok +udp length { 50, 65} accept;ok +- udp length != { 50, 65} accept;ok +udp length { 35-50};ok +- udp length != { 35-50};ok + +udp checksum 6666 drop;ok +- udp checksum != { 444, 555} accept;ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +udp checksum 22;ok +udp checksum != 233;ok +udp checksum 33-45;ok +udp checksum != 33-45;ok +udp checksum { 33, 55, 67, 88};ok +- udp checksum != { 33, 55, 67, 88};ok +udp checksum { 33-55};ok +- udp checksum != { 33-55};ok diff --git a/tests/py/inet/udp.t.payload.ip b/tests/py/inet/udp.t.payload.ip new file mode 100644 index 00000000..b3ec24b2 --- /dev/null +++ b/tests/py/inet/udp.t.payload.ip @@ -0,0 +1,222 @@ +# udp sport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udp sport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp sport 50-70 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udp sport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udp sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udp dport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udp dport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp dport 70-75 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udp dport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udp dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udp length 6666 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + +# udp length != 6666 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x00000a1a ] + +# udp length 50-65 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004100 ] + [ immediate reg 0 accept ] + +# udp length != 50-65 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00004100 ] + [ immediate reg 0 accept ] + +# udp length { 50, 65} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00003200 : 0 [end] element 00004100 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udp length { 35-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002300 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udp checksum 6666 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udp checksum 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udp checksum != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udp checksum 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udp checksum != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udp checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udp checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/udplite.t b/tests/py/inet/udplite.t new file mode 100644 index 00000000..9420ab45 --- /dev/null +++ b/tests/py/inet/udplite.t @@ -0,0 +1,42 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +udplite sport 80 accept;ok +udplite sport != 60 accept;ok +udplite sport 50-70 accept;ok +udplite sport != 50-60 accept;ok +udplite sport { 49, 50} drop;ok +- udplite sport != { 50, 60} accept;ok +udplite sport { 12-40};ok +- udplite sport != { 13-24};ok + +udplite dport 80 accept;ok +udplite dport != 60 accept;ok +udplite dport 70-75 accept;ok +udplite dport != 50-60 accept;ok +udplite dport { 49, 50} drop;ok +- udplite dport != { 50, 60} accept;ok +udplite dport { 70-75} accept;ok +- udplite dport != { 50-60} accept;ok + +- udplite csumcov 6666;ok +- udplite csumcov != 6666;ok +- udplite csumcov 50-65 accept;ok +- udplite csumcov != 50-65 accept;ok +- udplite csumcov { 50, 65} accept;ok +- udplite csumcov != { 50, 65} accept;ok +- udplite csumcov { 35-50};ok +- udplite csumcov != { 35-50};ok + +udplite checksum 6666 drop;ok +- udplite checksum != { 444, 555} accept;ok +udplite checksum 22;ok +udplite checksum != 233;ok +udplite checksum 33-45;ok +udplite checksum != 33-45;ok +udplite checksum { 33, 55, 67, 88};ok +- udplite checksum != { 33, 55, 67, 88};ok +udplite checksum { 33-55};ok +- udplite checksum != { 33-55};ok diff --git a/tests/py/inet/udplite.t.payload.inet b/tests/py/inet/udplite.t.payload.inet new file mode 100644 index 00000000..4c57239f --- /dev/null +++ b/tests/py/inet/udplite.t.payload.inet @@ -0,0 +1,169 @@ +# udplite sport 80 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite sport != 60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport 50-70 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udplite sport != 50-60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite dport 80 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite dport != 60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport 70-75 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udplite dport != 50-60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udplite checksum 6666 drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udplite checksum 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udplite checksum != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udplite checksum 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udplite checksum != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udplite checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/udplite.t.payload.ip b/tests/py/inet/udplite.t.payload.ip new file mode 100644 index 00000000..e870c701 --- /dev/null +++ b/tests/py/inet/udplite.t.payload.ip @@ -0,0 +1,169 @@ +# udplite sport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite sport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport 50-70 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udplite sport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite dport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite dport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport 70-75 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udplite dport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udplite checksum 6666 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udplite checksum 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udplite checksum != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udplite checksum 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udplite checksum != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udplite checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/udplite.t.payload.ip6 b/tests/py/inet/udplite.t.payload.ip6 new file mode 100644 index 00000000..2d318854 --- /dev/null +++ b/tests/py/inet/udplite.t.payload.ip6 @@ -0,0 +1,169 @@ +# udplite sport 80 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite sport != 60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport 50-70 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udplite sport != 50-60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite dport 80 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite dport != 60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport 70-75 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udplite dport != 50-60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udplite checksum 6666 drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udplite checksum 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udplite checksum != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udplite checksum 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udplite checksum != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udplite checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + |