diff options
author | Stephen Suryaputra <ssuryaextr@gmail.com> | 2019-07-03 20:30:52 -0400 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-04 14:29:08 +0200 |
commit | 226a0e072d5c1edeb53cb61b959b011168c5c29a (patch) | |
tree | 07e43268efe15dc8b64b8ca9baca71e02239213f /tests/py/ip6/hbh.t.payload.inet | |
parent | 1694c01c30fba06461ca82ede070bf6a9cd9a4db (diff) |
exthdr: add support for matching IPv4 options
Add capability to have rules matching IPv4 options. This is developed
mainly to support dropping of IP packets with loose and/or strict source
route route options.
Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip6/hbh.t.payload.inet')
-rw-r--r-- | tests/py/ip6/hbh.t.payload.inet | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/tests/py/ip6/hbh.t.payload.inet b/tests/py/ip6/hbh.t.payload.inet index cf7e3535..e358351d 100644 --- a/tests/py/ip6/hbh.t.payload.inet +++ b/tests/py/ip6/hbh.t.payload.inet @@ -2,21 +2,21 @@ inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ cmp eq reg 1 0x00000016 ] # hbh hdrlength != 233 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ cmp neq reg 1 0x000000e9 ] # hbh hdrlength 33-45 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ cmp gte reg 1 0x00000021 ] [ cmp lte reg 1 0x0000002d ] @@ -24,7 +24,7 @@ inet test-inet filter-input inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ range neq reg 1 0x00000021 0x0000002d ] # hbh hdrlength {33, 55, 67, 88} @@ -34,7 +34,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ lookup reg 1 set __set%d ] # hbh hdrlength != {33, 55, 67, 88} @@ -44,7 +44,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # hbh hdrlength { 33-55} @@ -54,7 +54,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ lookup reg 1 set __set%d ] # hbh hdrlength != { 33-55} @@ -64,7 +64,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} @@ -74,7 +74,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d ] # hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} @@ -84,28 +84,28 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # hbh nexthdr 22 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ cmp eq reg 1 0x00000016 ] # hbh nexthdr != 233 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ cmp neq reg 1 0x000000e9 ] # hbh nexthdr 33-45 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ cmp gte reg 1 0x00000021 ] [ cmp lte reg 1 0x0000002d ] @@ -113,7 +113,7 @@ inet test-inet filter-input inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ range neq reg 1 0x00000021 0x0000002d ] # hbh nexthdr {33, 55, 67, 88} @@ -123,7 +123,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d ] # hbh nexthdr != {33, 55, 67, 88} @@ -133,7 +133,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # hbh nexthdr { 33-55} @@ -143,7 +143,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d ] # hbh nexthdr != { 33-55} @@ -153,20 +153,20 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # hbh nexthdr ip inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ cmp eq reg 1 0x00000000 ] # hbh nexthdr != ip inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ cmp neq reg 1 0x00000000 ] |