diff options
| author | Florian Westphal <fw@strlen.de> | 2017-05-25 09:14:58 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2017-05-25 09:16:38 +0200 |
| commit | bb6a7f201a817652dd2c795539236c9319a23ad7 (patch) | |
| tree | 1d56b003ba39a44ef0acca8f777389b7eccad394 /tests/py/ip/tcpopt.t.payload | |
| parent | 1e6ae0e42bdc161d178277c336886e18c259caf5 (diff) | |
| parent | 5f46b18745d18c486e959c93da649c18c8b10fe0 (diff) | |
Merge branch 'meta_l4_dependency'
Currently nft inserts different types of dependencies for l4 protocols,
depending on the family.
For inet, nft inserts 'meta l4proto' to e.g. check for tcp, for
ip, nft uses 'ip protocol'. Both are fine. The ip6 family however
uses 'ip6 nexthdr', and thats a problem because e.g. tcp dport 22 will
not match packets that use ipv6 extension headers.
The series switches both ipv6 and ipv4 to use meta l4 instead
so ipv6 will always check the last transport header value.
We could ignore ip as only ipv6 uses extension headers.
However, switching ipv4 as well makes things a bit simpler because nft
then creates the same l4 dependency for all families.
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/py/ip/tcpopt.t.payload')
| -rw-r--r-- | tests/py/ip/tcpopt.t.payload | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/tests/py/ip/tcpopt.t.payload b/tests/py/ip/tcpopt.t.payload index 3e1d4ad1..b2e5bdb2 100644 --- a/tests/py/ip/tcpopt.t.payload +++ b/tests/py/ip/tcpopt.t.payload @@ -1,181 +1,181 @@ # tcp option eol kind 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option noop kind 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option maxseg kind 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option maxseg length 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 2 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option maxseg size 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ] [ cmp eq reg 1 0x00000100 ] # tcp option window kind 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option window length 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option window count 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option sack-permitted kind 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option sack-permitted length 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option sack kind 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option sack length 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 5 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option sack left 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack0 left 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack1 left 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 10 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack2 left 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 18 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack3 left 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 26 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack right 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack0 right 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack1 right 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 14 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack2 right 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 22 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack3 right 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option timestamp kind 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option timestamp length 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 8 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option timestamp tsval 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 8 + 2 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option timestamp tsecr 1 ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 8 + 6 => reg 1 ] [ cmp eq reg 1 0x01000000 ] |