diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-22 22:06:16 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-24 21:14:30 +0200 |
commit | 4b0f2a712b5792d2842d89fe68d4230e0eb05c7e (patch) | |
tree | 954a866715d95529e65f39c3ff90920973186ac1 /tests/py | |
parent | eeda228c2d1719f5b6276b40ad14a5b3c3e88536 (diff) |
src: support for arp sender and target ethernet and IPv4 addresses
# nft add table arp x
# nft add chain arp x y { type filter hook input priority 0\; }
# nft add rule arp x y arp saddr ip 192.168.2.1 counter
Testing this:
# ip neigh flush dev eth0
# ping 8.8.8.8
# nft list ruleset
table arp x {
chain y {
type filter hook input priority filter; policy accept;
arp saddr ip 192.168.2.1 counter packets 1 bytes 46
}
}
You can also specify hardware sender address, eg.
# nft add rule arp x y arp saddr ether aa:bb:cc:aa:bb:cc drop counter
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py')
-rw-r--r-- | tests/py/arp/arp.t | 7 | ||||
-rw-r--r-- | tests/py/arp/arp.t.payload | 21 | ||||
-rw-r--r-- | tests/py/arp/arp.t.payload.netdev | 28 |
3 files changed, 55 insertions, 1 deletions
diff --git a/tests/py/arp/arp.t b/tests/py/arp/arp.t index d62cc546..86bab523 100644 --- a/tests/py/arp/arp.t +++ b/tests/py/arp/arp.t @@ -55,4 +55,9 @@ arp operation != inreply;ok arp operation != nak;ok arp operation != reply;ok -meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566;ok;iifname "invalid" arp htype 1 arp ptype ip arp hlen 6 arp plen 4 @nh,192,32 3232272144 @nh,144,48 set 18838586676582 +arp saddr ip 1.2.3.4;ok +arp daddr ip 4.3.2.1;ok +arp saddr ether aa:bb:cc:aa:bb:cc;ok +arp daddr ether aa:bb:cc:aa:bb:cc;ok + +meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566;ok;iifname "invalid" arp htype 1 arp ptype ip arp hlen 6 arp plen 4 arp daddr ip 192.168.143.16 arp daddr ether set 11:22:33:44:55:66 diff --git a/tests/py/arp/arp.t.payload b/tests/py/arp/arp.t.payload index 33e73417..d36bef18 100644 --- a/tests/py/arp/arp.t.payload +++ b/tests/py/arp/arp.t.payload @@ -280,3 +280,24 @@ arp test-arp input [ cmp eq reg 1 0x108fa8c0 ] [ immediate reg 1 0x44332211 0x00006655 ] [ payload write reg 1 => 6b @ network header + 18 csum_type 0 csum_off 0 csum_flags 0x0 ] + +# arp saddr ip 1.2.3.4 +arp test-arp input + [ payload load 4b @ network header + 14 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + +# arp daddr ip 4.3.2.1 +arp test-arp input + [ payload load 4b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x01020304 ] + +# arp saddr ether aa:bb:cc:aa:bb:cc +arp test-arp input + [ payload load 6b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0xaaccbbaa 0x0000ccbb ] + +# arp daddr ether aa:bb:cc:aa:bb:cc +arp test-arp input + [ payload load 6b @ network header + 18 => reg 1 ] + [ cmp eq reg 1 0xaaccbbaa 0x0000ccbb ] + diff --git a/tests/py/arp/arp.t.payload.netdev b/tests/py/arp/arp.t.payload.netdev index 4fcf3504..0146cf50 100644 --- a/tests/py/arp/arp.t.payload.netdev +++ b/tests/py/arp/arp.t.payload.netdev @@ -373,3 +373,31 @@ netdev test-netdev ingress [ immediate reg 1 0x44332211 0x00006655 ] [ payload write reg 1 => 6b @ network header + 18 csum_type 0 csum_off 0 csum_flags 0x0 ] +# arp saddr ip 1.2.3.4 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000608 ] + [ payload load 4b @ network header + 14 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + +# arp daddr ip 4.3.2.1 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000608 ] + [ payload load 4b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x01020304 ] + +# arp saddr ether aa:bb:cc:aa:bb:cc +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000608 ] + [ payload load 6b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0xaaccbbaa 0x0000ccbb ] + +# arp daddr ether aa:bb:cc:aa:bb:cc +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000608 ] + [ payload load 6b @ network header + 18 => reg 1 ] + [ cmp eq reg 1 0xaaccbbaa 0x0000ccbb ] + |