diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-08-29 19:04:07 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-08-30 09:39:58 +0200 |
commit | 3e22505e470966635facc0395541ec80c587c063 (patch) | |
tree | 17330e31e6b88f4a48b78b4f95d6ccfa32c9ea00 /tests/py | |
parent | 67edd1f2330a31e93789639d31315b64d01a79a3 (diff) |
tests: py: extend ip frag-off coverage
Cover matching on DF and MF bits and fragments.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py')
-rw-r--r-- | tests/py/ip/ip.t | 3 | ||||
-rw-r--r-- | tests/py/ip/ip.t.json | 63 | ||||
-rw-r--r-- | tests/py/ip/ip.t.payload | 18 | ||||
-rw-r--r-- | tests/py/ip/ip.t.payload.bridge | 24 | ||||
-rw-r--r-- | tests/py/ip/ip.t.payload.inet | 24 | ||||
-rw-r--r-- | tests/py/ip/ip.t.payload.netdev | 24 |
6 files changed, 156 insertions, 0 deletions
diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t index 309faad4..a8f0d820 100644 --- a/tests/py/ip/ip.t +++ b/tests/py/ip/ip.t @@ -54,6 +54,9 @@ ip frag-off 0x21-0x2d;ok ip frag-off != 0x21-0x2d;ok ip frag-off { 0x21, 0x37, 0x43, 0x58};ok ip frag-off != { 0x21, 0x37, 0x43, 0x58};ok +ip frag-off & 0x1fff != 0x0;ok +ip frag-off & 0x2000 != 0x0;ok +ip frag-off & 0x4000 != 0x0;ok ip ttl 0 drop;ok ip ttl 233;ok diff --git a/tests/py/ip/ip.t.json b/tests/py/ip/ip.t.json index faf18fef..2f46ebcc 100644 --- a/tests/py/ip/ip.t.json +++ b/tests/py/ip/ip.t.json @@ -501,6 +501,69 @@ } ] +# ip frag-off & 0x1fff != 0x0 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + 8191 + ] + }, + "op": "!=", + "right": 0 + } + } +] + +# ip frag-off & 0x2000 != 0x0 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + 8192 + ] + }, + "op": "!=", + "right": 0 + } + } +] + +# ip frag-off & 0x4000 != 0x0 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + 16384 + ] + }, + "op": "!=", + "right": 0 + } + } +] + # ip ttl 0 drop [ { diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload index 1d677669..8224d4cd 100644 --- a/tests/py/ip/ip.t.payload +++ b/tests/py/ip/ip.t.payload @@ -162,6 +162,24 @@ ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip frag-off & 0x1fff != 0x0 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x2000 != 0x0 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + # ip ttl 0 drop ip test-ip4 input [ payload load 1b @ network header + 8 => reg 1 ] diff --git a/tests/py/ip/ip.t.payload.bridge b/tests/py/ip/ip.t.payload.bridge index 11e49540..25a43fed 100644 --- a/tests/py/ip/ip.t.payload.bridge +++ b/tests/py/ip/ip.t.payload.bridge @@ -212,6 +212,30 @@ bridge test-bridge input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip frag-off & 0x1fff != 0x0 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x2000 != 0x0 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + # ip ttl 0 drop bridge test-bridge input [ meta load protocol => reg 1 ] diff --git a/tests/py/ip/ip.t.payload.inet b/tests/py/ip/ip.t.payload.inet index 84fa66e9..ba10d444 100644 --- a/tests/py/ip/ip.t.payload.inet +++ b/tests/py/ip/ip.t.payload.inet @@ -212,6 +212,30 @@ inet test-inet input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip frag-off & 0x1fff != 0x0 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x2000 != 0x0 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + # ip ttl 0 drop inet test-inet input [ meta load nfproto => reg 1 ] diff --git a/tests/py/ip/ip.t.payload.netdev b/tests/py/ip/ip.t.payload.netdev index f14ff2c2..0274d39d 100644 --- a/tests/py/ip/ip.t.payload.netdev +++ b/tests/py/ip/ip.t.payload.netdev @@ -146,6 +146,30 @@ netdev test-netdev ingress [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip frag-off & 0x1fff != 0x0 +netdev x y + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x2000 != 0x0 +netdev x y + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +netdev x y + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + # ip ttl 0 drop netdev test-netdev ingress [ meta load protocol => reg 1 ] |