diff options
author | Phil Sutter <phil@nwl.cc> | 2018-05-08 13:08:45 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-11 12:17:45 +0200 |
commit | d196dccf1853039656f15c8da94ad349a3b7d07c (patch) | |
tree | ada3c2446bd764efd12fed37ea7a9bc16ab4b328 /tests/py | |
parent | 875232bc3e6bf55cc31f3763449503a80a7c2382 (diff) |
tests/py: Support testing JSON input and output as well
This extends nft-test.py by optional JSON testing capabilities,
activated via '-j'/'--enable-json' parameter).
JSON testing happens for all rules which are supposed to work: After a
rule has been added and the existing tests (payload, ruleset listing
output) have been performed, basically the same test is done again using
a recorded JSON equivalent and (if necessary) a recorded listing output.
The code tries to ease new test case creation overhead by
auto-generating JSON equivalent input via listing the (non-JSON) rule in
JSON format. Also, differing netlink debug and listing output are stored
in *.got files to assist in analyzing/fixing failing test cases.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py')
136 files changed, 34651 insertions, 5 deletions
diff --git a/tests/py/any/ct.t.json b/tests/py/any/ct.t.json new file mode 100644 index 00000000..83f1bbbd --- /dev/null +++ b/tests/py/any/ct.t.json @@ -0,0 +1,1352 @@ +# ct state new,established, related, untracked +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": [ + "new", + "established", + "related", + "untracked" + ] + } + } +] + +# ct state != related +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "!=", + "right": "related" + } + } +] + +# ct state {new,established, related, untracked} +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": { + "set": [ + "new", + "established", + "related", + "untracked" + ] + } + } + } +] + +# ct state != {new,established, related, untracked} +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "!=", + "right": { + "set": [ + "new", + "established", + "related", + "untracked" + ] + } + } + } +] + +# ct state invalid drop +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": "invalid" + } + }, + { + "drop": null + } +] + +# ct state established accept +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": "established" + } + }, + { + "accept": null + } +] + +# ct state 8 +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": 8 + } + } +] + +# ct direction original +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "right": "original" + } + } +] + +# ct direction != original +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "op": "!=", + "right": "original" + } + } +] + +# ct direction reply +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "right": "reply" + } + } +] + +# ct direction != reply +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "op": "!=", + "right": "reply" + } + } +] + +# ct direction {reply, original} +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "right": { + "set": [ + "reply", + "original" + ] + } + } + } +] + +# ct direction != {reply, original} +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "op": "!=", + "right": { + "set": [ + "reply", + "original" + ] + } + } + } +] + +# ct status expected +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "right": "expected" + } + } +] + +# ct status != expected +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "!=", + "right": "expected" + } + } +] + +# ct status seen-reply +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "right": "seen-reply" + } + } +] + +# ct status != seen-reply +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "!=", + "right": "seen-reply" + } + } +] + +# ct status {expected, seen-reply, assured, confirmed, dying} +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "right": { + "set": [ + "expected", + "seen-reply", + "assured", + "confirmed", + "dying" + ] + } + } + } +] + +# ct status expected,seen-reply,assured,confirmed,snat,dnat,dying +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "right": [ + "expected", + "seen-reply", + "assured", + "confirmed", + "snat", + "dnat", + "dying" + ] + } + } +] + +# ct status snat +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "right": "snat" + } + } +] + +# ct status dnat +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "right": "dnat" + } + } +] + +# ct mark 0 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": 0 + } + } +] + +# ct mark or 0x23 == 0x11 +[ + { + "match": { + "left": { + "|": [ + { + "ct": { + "key": "mark" + } + }, + "0x23" + ] + }, + "op": "==", + "right": "0x11" + } + } +] + +# ct mark or 0x3 != 0x1 +[ + { + "match": { + "left": { + "|": [ + { + "ct": { + "key": "mark" + } + }, + "0x3" + ] + }, + "op": "!=", + "right": "0x1" + } + } +] + +# ct mark and 0x23 == 0x11 +[ + { + "match": { + "left": { + "&": [ + { + "ct": { + "key": "mark" + } + }, + "0x23" + ] + }, + "op": "==", + "right": "0x11" + } + } +] + +# ct mark and 0x3 != 0x1 +[ + { + "match": { + "left": { + "&": [ + { + "ct": { + "key": "mark" + } + }, + "0x3" + ] + }, + "op": "!=", + "right": "0x1" + } + } +] + +# ct mark xor 0x23 == 0x11 +[ + { + "match": { + "left": { + "^": [ + { + "ct": { + "key": "mark" + } + }, + "0x23" + ] + }, + "right": "0x11" + } + } +] + +# ct mark xor 0x3 != 0x1 +[ + { + "match": { + "left": { + "^": [ + { + "ct": { + "key": "mark" + } + }, + "0x3" + ] + }, + "op": "!=", + "right": "0x1" + } + } +] + +# ct mark 0x00000032 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": "0x00000032" + } + } +] + +# ct mark != 0x00000032 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "!=", + "right": "0x00000032" + } + } +] + +# ct mark 0x00000032-0x00000045 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "range": [ "0x00000032", "0x00000045" ] + } + } + } +] + +# ct mark != 0x00000032-0x00000045 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "!=", + "right": { + "range": [ "0x00000032", "0x00000045" ] + } + } + } +] + +# ct mark {0x32, 0x2222, 0x42de3} +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "set": [ + "0x32", + "0x2222", + "0x42de3" + ] + } + } + } +] + +# ct mark {0x32-0x2222, 0x4444-0x42de3} +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "set": [ + { + "range": [ "0x32", "0x2222" ] + }, + { + "range": [ "0x4444", "0x42de3" ] + } + ] + } + } + } +] + +# ct mark != {0x32, 0x2222, 0x42de3} +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "!=", + "right": { + "set": [ + "0x32", + "0x2222", + "0x42de3" + ] + } + } + } +] + +# ct mark set 0x11 xor 0x1331 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { "^": [ "0x11", "0x1331" ] } + } + } +] + +# ct mark set 0x11333 and 0x11 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { "&": [ "0x11333", "0x11" ] } + } + } +] + +# ct mark set 0x12 or 0x11 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { "|": [ "0x12", "0x11" ] } + } + } +] + +# ct mark set 0x11 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": "0x11" + } + } +] + +# ct mark set mark +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "meta": "mark" + } + } + } +] + +# ct mark set mark map { 1 : 10, 2 : 20, 3 : 30 } +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "map": { + "left": { + "meta": "mark" + }, + "right": { + "set": [ + [ 1, 10 ], + [ 2, 20 ], + [ 3, 30 ] + ] + } + } + } + } + } +] + +# ct expiration 30 +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "right": 30 + } + } +] + +# ct expiration 22 +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "right": 22 + } + } +] + +# ct expiration != 233 +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# ct expiration 33-45 +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ct expiration != 33-45 +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ct expiration {33, 55, 67, 88} +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ct expiration != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ct expiration {33-55} +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "right": { + "set": [ + { + "range": [ 33, 55 ] + } + ] + } + } + } +] + +# ct expiration != {33-55} +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "!=", + "right": { + "set": [ + { + "range": [ 33, 55 ] + } + ] + } + } + } +] + +# ct helper "ftp" +[ + { + "match": { + "left": { + "ct": { + "key": "helper" + } + }, + "right": "ftp" + } + } +] + +# ct state . ct mark { new . 0x12345678} +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "key": "state" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "new", + "0x12345678" + ] + } + ] + } + } + } +] + +# ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634} +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "key": "state" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "right": { + "set": [ + { "concat": [ "new", "0x12345678" ] }, + { "concat": [ "new", "0x34127856" ] }, + { "concat": [ "established", "0x12785634" ] } + ] + } + } + } +] + +# ct direction . ct mark { original . 0x12345678} +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "key": "direction" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "original", + "0x12345678" + ] + } + ] + } + } + } +] + +# ct state . ct mark vmap { new . 0x12345678 : drop} +[ + { + "map": { + "left": { + "concat": [ + { + "ct": { + "key": "state" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "right": { + "set": [ + [ + { + "concat": [ + "new", + "0x12345678" + ] + }, + { + "drop": null + } + ] + ] + } + } + } +] + +# ct original bytes > 100000 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "bytes" + } + }, + "op": ">", + "right": 100000 + } + } +] + +# ct reply packets < 100 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "packets" + } + }, + "op": "<", + "right": 100 + } + } +] + +# ct bytes > 100000 +[ + { + "match": { + "left": { + "ct": { + "key": "bytes" + } + }, + "op": ">", + "right": 100000 + } + } +] + +# ct avgpkt > 200 +[ + { + "match": { + "left": { + "ct": { + "key": "avgpkt" + } + }, + "op": ">", + "right": 200 + } + } +] + +# ct original avgpkt < 500 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "avgpkt" + } + }, + "op": "<", + "right": 500 + } + } +] + +# ct event set new +[ + { + "mangle": { + "left": { + "ct": { + "key": "event" + } + }, + "right": "new" + } + } +] + +# ct event set new | related | destroy | label +[ + { + "mangle": { + "left": { + "ct": { + "key": "event" + } + }, + "right": [ + "new", + "related", + "destroy", + "label" + ] + } + } +] + +# ct event set new,related,destroy,label +[ + { + "mangle": { + "left": { + "ct": { + "key": "event" + } + }, + "right": [ + "new", + "related", + "destroy", + "label" + ] + } + } +] + +# ct event set new,destroy +[ + { + "mangle": { + "left": { + "ct": { + "key": "event" + } + }, + "right": [ + "new", + "destroy" + ] + } + } +] + +# ct event set 1 +[ + { + "mangle": { + "left": { + "ct": { + "key": "event" + } + }, + "right": 1 + } + } +] + +# ct event set 0x0 +[ + { + "mangle": { + "left": { + "ct": { + "key": "event" + } + }, + "right": "0x0" + } + } +] + +# ct label 127 +[ + { + "match": { + "left": { + "ct": { + "key": "label" + } + }, + "right": 127 + } + } +] + +# ct label set 127 +[ + { + "mangle": { + "left": { + "ct": { + "key": "label" + } + }, + "right": 127 + } + } +] + +# ct zone 0 +[ + { + "match": { + "left": { + "ct": { + "key": "zone" + } + }, + "right": 0 + } + } +] + +# ct zone 23 +[ + { + "match": { + "left": { + "ct": { + "key": "zone" + } + }, + "right": 23 + } + } +] + +# ct original zone 1 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "zone" + } + }, + "right": 1 + } + } +] + +# ct reply zone 1 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "zone" + } + }, + "right": 1 + } + } +] + +# ct zone set 1 +[ + { + "mangle": { + "left": { + "ct": { + "key": "zone" + } + }, + "right": 1 + } + } +] + +# ct original zone set 1 +[ + { + "mangle": { + "left": { + "ct": { + "dir": "original", + "key": "zone" + } + }, + "right": 1 + } + } +] + +# ct reply zone set 1 +[ + { + "mangle": { + "left": { + "ct": { + "dir": "reply", + "key": "zone" + } + }, + "right": 1 + } + } +] + +# ct zone set mark map { 1 : 1, 2 : 2 } +[ + { + "mangle": { + "left": { + "ct": { + "key": "zone" + } + }, + "right": { + "map": { + "left": { + "meta": "mark" + }, + "right": { + "set": [ + [ 1, 1 ], + [ 2, 2 ] + ] + } + } + } + } + } +] + +# notrack +[ + { + "notrack": null + } +] + diff --git a/tests/py/any/ct.t.json.output b/tests/py/any/ct.t.json.output new file mode 100644 index 00000000..01dbb486 --- /dev/null +++ b/tests/py/any/ct.t.json.output @@ -0,0 +1,575 @@ +# ct state new,established, related, untracked +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": [ + "established", + "related", + "new", + "untracked" + ] + } + } +] + +# ct state {new,established, related, untracked} +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": { + "set": [ + "established", + "related", + "new", + "untracked" + ] + } + } + } +] + +# ct state != {new,established, related, untracked} +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "!=", + "right": { + "set": [ + "established", + "related", + "new", + "untracked" + ] + } + } + } +] + +# ct state 8 +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": "new" + } + } +] + +# ct direction {reply, original} +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "right": { + "set": [ + "original", + "reply" + ] + } + } + } +] + +# ct direction != {reply, original} +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "op": "!=", + "right": { + "set": [ + "original", + "reply" + ] + } + } + } +] + +# ct mark or 0x23 == 0x11 +[ + { + "match": { + "left": { + "|": [ + { + "ct": { + "key": "mark" + } + }, + 35 + ] + }, + "op": "==", + "right": 17 + } + } +] + +# ct mark or 0x3 != 0x1 +[ + { + "match": { + "left": { + "|": [ + { + "ct": { + "key": "mark" + } + }, + 3 + ] + }, + "op": "!=", + "right": 1 + } + } +] + +# ct mark and 0x23 == 0x11 +[ + { + "match": { + "left": { + "&": [ + { + "ct": { + "key": "mark" + } + }, + 35 + ] + }, + "op": "==", + "right": 17 + } + } +] + +# ct mark and 0x3 != 0x1 +[ + { + "match": { + "left": { + "&": [ + { + "ct": { + "key": "mark" + } + }, + 3 + ] + }, + "op": "!=", + "right": 1 + } + } +] + +# ct mark xor 0x23 == 0x11 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": 50 + } + } +] + +# ct mark xor 0x3 != 0x1 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "!=", + "right": 2 + } + } +] + +# ct mark 0x00000032 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": 50 + } + } +] + +# ct mark != 0x00000032 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "!=", + "right": 50 + } + } +] + +# ct mark 0x00000032-0x00000045 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "range": [ 50, 69 ] + } + } + } +] + +# ct mark != 0x00000032-0x00000045 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "!=", + "right": { + "range": [ 50, 69 ] + } + } + } +] + +# ct mark {0x32, 0x2222, 0x42de3} +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "set": [ + 50, + 8738, + 273891 + ] + } + } + } +] + +# ct mark {0x32-0x2222, 0x4444-0x42de3} +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "set": [ + { "range": [ 50, 8738 ] }, + { "range": [ 17476, 273891 ] } + ] + } + } + } +] + +# ct mark != {0x32, 0x2222, 0x42de3} +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "!=", + "right": { + "set": [ + 50, + 8738, + 273891 + ] + } + } + } +] + +# ct mark set 0x11 xor 0x1331 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": 4896 + } + } +] + +# ct mark set 0x11333 and 0x11 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": 17 + } + } +] + +# ct mark set 0x12 or 0x11 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": 19 + } + } +] + +# ct mark set 0x11 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": 17 + } + } +] + +# ct state . ct mark { new . 0x12345678} +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "key": "state" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "new", + 305419896 + ] + } + ] + } + } + } +] + +# ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634} +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "key": "state" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "established", + 309876276 + ] + }, + { + "concat": [ + "new", + 305419896 + ] + }, + { + "concat": [ + "new", + 873625686 + ] + } + ] + } + } + } +] + +# ct direction . ct mark { original . 0x12345678} +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "key": "direction" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "original", + 305419896 + ] + } + ] + } + } + } +] + +# ct state . ct mark vmap { new . 0x12345678 : drop} +[ + { + "map": { + "left": { + "concat": [ + { + "ct": { + "key": "state" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "right": { + "set": [ + [ + { + "concat": [ + "new", + 305419896 + ] + }, + { + "drop": null + } + ] + ] + } + } + } +] + +# ct event set 1 +[ + { + "mangle": { + "left": { + "ct": { + "key": "event" + } + }, + "right": "new" + } + } +] + +# ct event set 0x0 +[ + { + "mangle": { + "left": { + "ct": { + "key": "event" + } + }, + "right": 0 + } + } +] + diff --git a/tests/py/any/dup.t.json b/tests/py/any/dup.t.json new file mode 100644 index 00000000..5927f7ea --- /dev/null +++ b/tests/py/any/dup.t.json @@ -0,0 +1,30 @@ +# dup to "lo" +[ + { + "dup": { + "addr": "lo" + } + } +] + +# dup to mark map { 0x00000001 : "lo", 0x00000002 : "lo"} +[ + { + "dup": { + "addr": { + "map": { + "left": { + "meta": "mark" + }, + "right": { + "set": [ + [ 1, "lo" ], + [ 2, "lo" ] + ] + } + } + } + } + } +] + diff --git a/tests/py/any/fwd.t.json b/tests/py/any/fwd.t.json new file mode 100644 index 00000000..644d6d48 --- /dev/null +++ b/tests/py/any/fwd.t.json @@ -0,0 +1,32 @@ +# fwd to "lo" +[ + { + "fwd": "lo" + } +] + +# fwd to mark map { 0x00000001 : "lo", 0x00000002 : "lo"} +[ + { + "fwd": { + "map": { + "left": { + "meta": "mark" + }, + "right": { + "set": [ + [ + "0x00000001", + "lo" + ], + [ + "0x00000002", + "lo" + ] + ] + } + } + } + } +] + diff --git a/tests/py/any/fwd.t.json.output b/tests/py/any/fwd.t.json.output new file mode 100644 index 00000000..5a943567 --- /dev/null +++ b/tests/py/any/fwd.t.json.output @@ -0,0 +1,25 @@ +# fwd to mark map { 0x00000001 : "lo", 0x00000002 : "lo"} +[ + { + "fwd": { + "map": { + "left": { + "meta": "mark" + }, + "right": { + "set": [ + [ + 1, + "lo" + ], + [ + 2, + "lo" + ] + ] + } + } + } + } +] + diff --git a/tests/py/any/limit.t.json b/tests/py/any/limit.t.json new file mode 100644 index 00000000..8bab7e3d --- /dev/null +++ b/tests/py/any/limit.t.json @@ -0,0 +1,374 @@ +# limit rate 400/minute +[ + { + "limit": { + "per": "minute", + "rate": 400 + } + } +] + +# limit rate 20/second +[ + { + "limit": { + "per": "second", + "rate": 20 + } + } +] + +# limit rate 400/hour +[ + { + "limit": { + "per": "hour", + "rate": 400 + } + } +] + +# limit rate 40/day +[ + { + "limit": { + "per": "day", + "rate": 40 + } + } +] + +# limit rate 400/week +[ + { + "limit": { + "per": "week", + "rate": 400 + } + } +] + +# limit rate 1023/second burst 10 packets +[ + { + "limit": { + "burst": 10, + "per": "second", + "rate": 1023 + } + } +] + +# limit rate 1 kbytes/second +[ + { + "limit": { + "per": "second", + "rate": 1, + "rate_unit": "kbytes" + } + } +] + +# limit rate 2 kbytes/second +[ + { + "limit": { + "per": "second", + "rate": 2, + "rate_unit": "kbytes" + } + } +] + +# limit rate 1025 kbytes/second +[ + { + "limit": { + "per": "second", + "rate": 1025, + "rate_unit": "kbytes" + } + } +] + +# limit rate 1023 mbytes/second +[ + { + "limit": { + "per": "second", + "rate": 1023, + "rate_unit": "mbytes" + } + } +] + +# limit rate 10230 mbytes/second +[ + { + "limit": { + "per": "second", + "rate": 10230, + "rate_unit": "mbytes" + } + } +] + +# limit rate 1023000 mbytes/second +[ + { + "limit": { + "per": "second", + "rate": 1023000, + "rate_unit": "mbytes" + } + } +] + +# limit rate 1025 bytes/second burst 512 bytes +[ + { + "limit": { + "burst": 512, + "burst_unit": "bytes", + "per": "second", + "rate": 1025, + "rate_unit": "bytes" + } + } +] + +# limit rate 1025 kbytes/second burst 1023 kbytes +[ + { + "limit": { + "burst": 1023, + "burst_unit": "kbytes", + "per": "second", + "rate": 1025, + "rate_unit": "kbytes" + } + } +] + +# limit rate 1025 mbytes/second burst 1025 kbytes +[ + { + "limit": { + "burst": 1025, + "burst_unit": "kbytes", + "per": "second", + "rate": 1025, + "rate_unit": "mbytes" + } + } +] + +# limit rate 1025000 mbytes/second burst 1023 mbytes +[ + { + "limit": { + "burst": 1023, + "burst_unit": "mbytes", + "per": "second", + "rate": 1025000, + "rate_unit": "mbytes" + } + } +] + +# limit rate over 400/minute +[ + { + "limit": { + "inv": true, + "per": "minute", + "rate": 400 + } + } +] + +# limit rate over 20/second +[ + { + "limit": { + "inv": true, + "per": "second", + "rate": 20 + } + } +] + +# limit rate over 400/hour +[ + { + "limit": { + "inv": true, + "per": "hour", + "rate": 400 + } + } +] + +# limit rate over 40/day +[ + { + "limit": { + "inv": true, + "per": "day", + "rate": 40 + } + } +] + +# limit rate over 400/week +[ + { + "limit": { + "inv": true, + "per": "week", + "rate": 400 + } + } +] + +# limit rate over 1023/second burst 10 packets +[ + { + "limit": { + "burst": 10, + "inv": true, + "per": "second", + "rate": 1023 + } + } +] + +# limit rate over 1 kbytes/second +[ + { + "limit": { + "inv": true, + "per": "second", + "rate": 1, + "rate_unit": "kbytes" + } + } +] + +# limit rate over 2 kbytes/second +[ + { + "limit": { + "inv": true, + "per": "second", + "rate": 2, + "rate_unit": "kbytes" + } + } +] + +# limit rate over 1025 kbytes/second +[ + { + "limit": { + "inv": true, + "per": "second", + "rate": 1025, + "rate_unit": "kbytes" + } + } +] + +# limit rate over 1023 mbytes/second +[ + { + "limit": { + "inv": true, + "per": "second", + "rate": 1023, + "rate_unit": "mbytes" + } + } +] + +# limit rate over 10230 mbytes/second +[ + { + "limit": { + "inv": true, + "per": "second", + "rate": 10230, + "rate_unit": "mbytes" + } + } +] + +# limit rate over 1023000 mbytes/second +[ + { + "limit": { + "inv": true, + "per": "second", + "rate": 1023000, + "rate_unit": "mbytes" + } + } +] + +# limit rate over 1025 bytes/second burst 512 bytes +[ + { + "limit": { + "burst": 512, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 1025, + "rate_unit": "bytes" + } + } +] + +# limit rate over 1025 kbytes/second burst 1023 kbytes +[ + { + "limit": { + "burst": 1023, + "burst_unit": "kbytes", + "inv": true, + "per": "second", + "rate": 1025, + "rate_unit": "kbytes" + } + } +] + +# limit rate over 1025 mbytes/second burst 1025 kbytes +[ + { + "limit": { + "burst": 1025, + "burst_unit": "kbytes", + "inv": true, + "per": "second", + "rate": 1025, + "rate_unit": "mbytes" + } + } +] + +# limit rate over 1025000 mbytes/second burst 1023 mbytes +[ + { + "limit": { + "burst": 1023, + "burst_unit": "mbytes", + "inv": true, + "per": "second", + "rate": 1025000, + "rate_unit": "mbytes" + } + } +] + diff --git a/tests/py/any/log.t.json b/tests/py/any/log.t.json new file mode 100644 index 00000000..9c89dff8 --- /dev/null +++ b/tests/py/any/log.t.json @@ -0,0 +1,169 @@ +# log +[ + { + "log": null + } +] + +# log level emerg +[ + { + "log": { + "level": "emerg" + } + } +] + +# log level alert +[ + { + "log": { + "level": "alert" + } + } +] + +# log level crit +[ + { + "log": { + "level": "crit" + } + } +] + +# log level err +[ + { + "log": { + "level": "err" + } + } +] + +# log level warn +[ + { + "log": { + "level": "warn" + } + } +] + +# log level notice +[ + { + "log": { + "level": "notice" + } + } +] + +# log level info +[ + { + "log": { + "level": "info" + } + } +] + +# log level debug +[ + { + "log": { + "level": "debug" + } + } +] + +# log prefix aaaaa-aaaaaa group 2 snaplen 33 +[ + { + "log": { + "group": 2, + "prefix": "aaaaa-aaaaaa", + "snaplen": 33 + } + } +] + +# log group 2 queue-threshold 2 +[ + { + "log": { + "group": 2, + "queue-threshold": 2 + } + } +] + +# log group 2 snaplen 33 +[ + { + "log": { + "group": 2, + "snaplen": 33 + } + } +] + +# log group 2 prefix "nft-test: " +[ + { + "log": { + "group": 2, + "prefix": "nft-test: " + } + } +] + +# log flags all +[ + { + "log": { + "flags": "all" + } + } +] + +# log level debug flags ip options flags skuid +[ + { + "log": { + "flags": [ + "ip options", + "skuid" + ], + "level": "debug" + } + } +] + +# log flags tcp sequence,options +[ + { + "log": { + "flags": [ + "tcp sequence", + "tcp options" + ] + } + } +] + +# log flags ip options flags ether flags skuid flags tcp sequence,options +[ + { + "log": { + "flags": [ + "ip options", + "ether", + "skuid", + "tcp sequence", + "tcp options" + ] + } + } +] + diff --git a/tests/py/any/log.t.json.output b/tests/py/any/log.t.json.output new file mode 100644 index 00000000..051c448b --- /dev/null +++ b/tests/py/any/log.t.json.output @@ -0,0 +1,16 @@ +# log level warn +[ + { + "log": null + } +] + +# log flags ip options flags ether flags skuid flags tcp sequence,options +[ + { + "log": { + "flags": "all" + } + } +] + diff --git a/tests/py/any/meta.t.json b/tests/py/any/meta.t.json new file mode 100644 index 00000000..ae745078 --- /dev/null +++ b/tests/py/any/meta.t.json @@ -0,0 +1,2418 @@ +# meta length 1000 +[ + { + "match": { + "left": { + "meta": "length" + }, + "right": 1000 + } + } +] + +# meta length 22 +[ + { + "match": { + "left": { + "meta": "length" + }, + "right": 22 + } + } +] + +# meta length != 233 +[ + { + "match": { + "left": { + "meta": "length" + }, + "op": "!=", + "right": 233 + } + } +] + +# meta length 33-45 +[ + { + "match": { + "left": { + "meta": "length" + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# meta length != 33-45 +[ + { + "match": { + "left": { + "meta": "length" + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# meta length { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "meta": "length" + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# meta length { 33-55, 67-88} +[ + { + "match": { + "left": { + "meta": "length" + }, + "right": { + "set": [ + { "range": [ 33, 55 ] }, + { "range": [ 67, 88 ] } + ] + } + } + } +] + +# meta length { 33-55, 56-88, 100-120} +[ + { + "match": { + "left": { + "meta": "length" + }, + "right": { + "set": [ + { "range": [ 33, 88 ] }, + { "range": [ 100, 120 ] } + ] + } + } + } +] + +# meta length != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "meta": "length" + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# meta length { 33-55} +[ + { + "match": { + "left": { + "meta": "length" + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# meta length != { 33-55} +[ + { + "match": { + "left": { + "meta": "length" + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# meta protocol { ip, arp, ip6, vlan } +[ + { + "match": { + "left": { + "meta": "protocol" + }, + "right": { + "set": [ + "ip", + "arp", + "ip6", + "vlan" + ] + } + } + } +] + +# meta protocol != {ip, arp, ip6, vlan} +[ + { + "match": { + "left": { + "meta": "protocol" + }, + "op": "!=", + "right": { + "set": [ + "ip", + "arp", + "ip6", + "vlan" + ] + } + } + } +] + +# meta protocol ip +[ + { + "match": { + "left": { + "meta": "protocol" + }, + "right": "ip" + } + } +] + +# meta protocol != ip +[ + { + "match": { + "left": { + "meta": "protocol" + }, + "op": "!=", + "right": "ip" + } + } +] + +# meta l4proto 22 +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": 22 + } + } +] + +# meta l4proto != 233 +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "op": "!=", + "right": 233 + } + } +] + +# meta l4proto 33-45 +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# meta l4proto != 33-45 +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# meta l4proto { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# meta l4proto != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# meta l4proto { 33-55} +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# meta l4proto != { 33-55} +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# meta priority root +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": "root" + } + } +] + +# meta priority none +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": "none" + } + } +] + +# meta priority 0x87654321 +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": "0x87654321" + } + } +] + +# meta priority 2271560481 +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": 2271560481 + } + } +] + +# meta priority 1:1234 +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": "1:1234" + } + } +] + +# meta priority bcad:dadc +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": "bcad:dadc" + } + } +] + +# meta priority aabb:0 +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": "aabb:0" + } + } +] + +# meta priority != bcad:dadc +[ + { + "match": { + "left": { + "meta": "priority" + }, + "op": "!=", + "right": "bcad:dadc" + } + } +] + +# meta priority != aabb:0 +[ + { + "match": { + "left": { + "meta": "priority" + }, + "op": "!=", + "right": "aabb:0" + } + } +] + +# meta priority bcad:dada-bcad:dadc +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": { + "range": [ "bcad:dada", "bcad:dadc" ] + } + } + } +] + +# meta priority != bcad:dada-bcad:dadc +[ + { + "match": { + "left": { + "meta": "priority" + }, + "op": "!=", + "right": { + "range": [ "bcad:dada", "bcad:dadc" ] + } + } + } +] + +# meta priority {bcad:dada, bcad:dadc, aaaa:bbbb} +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": { + "set": [ + "bcad:dada", + "bcad:dadc", + "aaaa:bbbb" + ] + } + } + } +] + +# meta priority set cafe:beef +[ + { + "mangle": { + "left": { + "meta": "priority" + }, + "right": "cafe:beef" + } + } +] + +# meta priority != {bcad:dada, bcad:dadc, aaaa:bbbb} +[ + { + "match": { + "left": { + "meta": "priority" + }, + "op": "!=", + "right": { + "set": [ + "aaaa:bbbb", + "bcad:dada", + "bcad:dadc" + ] + } + } + } +] + +# meta mark 0x4 +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": "0x4" + } + } +] + +# meta mark 0x32 +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": "0x32" + } + } +] + +# meta mark and 0x03 == 0x01 +[ + { + "match": { + "left": { + "&": [ + { + "meta": "mark" + }, + "0x03" + ] + }, + "op": "==", + "right": "0x01" + } + } +] + +# meta mark and 0x03 != 0x01 +[ + { + "match": { + "left": { + "&": [ + { + "meta": "mark" + }, + "0x03" + ] + }, + "op": "!=", + "right": "0x01" + } + } +] + +# meta mark 0x10 +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": "0x10" + } + } +] + +# meta mark != 0x10 +[ + { + "match": { + "left": { + "meta": "mark" + }, + "op": "!=", + "right": "0x10" + } + } +] + +# meta mark or 0x03 == 0x01 +[ + { + "match": { + "left": { + "|": [ + { + "meta": "mark" + }, + "0x03" + ] + }, + "op": "==", + "right": "0x01" + } + } +] + +# meta mark or 0x03 != 0x01 +[ + { + "match": { + "left": { + "|": [ + { + "meta": "mark" + }, + "0x03" + ] + }, + "op": "!=", + "right": "0x01" + } + } +] + +# meta mark xor 0x03 == 0x01 +[ + { + "match": { + "left": { + "^": [ + { + "meta": "mark" + }, + "0x03" + ] + }, + "right": "0x01" + } + } +] + +# meta mark xor 0x03 != 0x01 +[ + { + "match": { + "left": { + "^": [ + { + "meta": "mark" + }, + "0x03" + ] + }, + "op": "!=", + "right": "0x01" + } + } +] + +# meta iif "lo" accept +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "accept": null + } +] + +# meta iif != "lo" accept +[ + { + "match": { + "left": { + "meta": "iif" + }, + "op": "!=", + "right": "lo" + } + }, + { + "accept": null + } +] + +# meta iifname "dummy0" +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "dummy0" + } + } +] + +# meta iifname != "dummy0" +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "op": "!=", + "right": "dummy0" + } + } +] + +# meta iifname {"dummy0", "lo"} +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": { + "set": [ + "dummy0", + "lo" + ] + } + } + } +] + +# meta iifname != {"dummy0", "lo"} +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "op": "!=", + "right": { + "set": [ + "dummy0", + "lo" + ] + } + } + } +] + +# meta iifname "dummy*" +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "dummy*" + } + } +] + +# meta iifname "dummy\*" +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "dummy\\*" + } + } +] + +# meta iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre} +[ + { + "match": { + "left": { + "meta": "iiftype" + }, + "right": { + "set": [ + "ether", + "ppp", + "ipip", + "ipip6", + "loopback", + "sit", + "ipgre" + ] + } + } + } +] + +# meta iiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre} +[ + { + "match": { + "left": { + "meta": "iiftype" + }, + "op": "!=", + "right": { + "set": [ + "ether", + "ppp", + "ipip", + "ipip6", + "loopback", + "sit", + "ipgre" + ] + } + } + } +] + +# meta iiftype != ether +[ + { + "match": { + "left": { + "meta": "iiftype" + }, + "op": "!=", + "right": "ether" + } + } +] + +# meta iiftype ether +[ + { + "match": { + "left": { + "meta": "iiftype" + }, + "right": "ether" + } + } +] + +# meta iiftype != ppp +[ + { + "match": { + "left": { + "meta": "iiftype" + }, + "op": "!=", + "right": "ppp" + } + } +] + +# meta iiftype ppp +[ + { + "match": { + "left": { + "meta": "iiftype" + }, + "right": "ppp" + } + } +] + +# meta oif "lo" accept +[ + { + "match": { + "left": { + "meta": "oif" + }, + "right": "lo" + } + }, + { + "accept": null + } +] + +# meta oif != "lo" accept +[ + { + "match": { + "left": { + "meta": "oif" + }, + "op": "!=", + "right": "lo" + } + }, + { + "accept": null + } +] + +# meta oif {"lo"} accept +[ + { + "match": { + "left": { + "meta": "oif" + }, + "right": { + "set": [ + "lo" + ] + } + } + }, + { + "accept": null + } +] + +# meta oif != {"lo"} accept +[ + { + "match": { + "left": { + "meta": "oif" + }, + "op": "!=", + "right": { + "set": [ + "lo" + ] + } + } + }, + { + "accept": null + } +] + +# meta oifname "dummy0" +[ + { + "match": { + "left": { + "meta": "oifname" + }, + "right": "dummy0" + } + } +] + +# meta oifname != "dummy0" +[ + { + "match": { + "left": { + "meta": "oifname" + }, + "op": "!=", + "right": "dummy0" + } + } +] + +# meta oifname { "dummy0", "lo"} +[ + { + "match": { + "left": { + "meta": "oifname" + }, + "right": { + "set": [ + "dummy0", + "lo" + ] + } + } + } +] + +# meta oifname "dummy*" +[ + { + "match": { + "left": { + "meta": "oifname" + }, + "right": "dummy*" + } + } +] + +# meta oifname "dummy\*" +[ + { + "match": { + "left": { + "meta": "oifname" + }, + "right": "dummy\\*" + } + } +] + +# meta oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre} +[ + { + "match": { + "left": { + "meta": "oiftype" + }, + "right": { + "set": [ + "ether", + "ppp", + "ipip", + "ipip6", + "loopback", + "sit", + "ipgre" + ] + } + } + } +] + +# meta oiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre} +[ + { + "match": { + "left": { + "meta": "oiftype" + }, + "op": "!=", + "right": { + "set": [ + "ether", + "ppp", + "ipip", + "ipip6", + "loopback", + "sit", + "ipgre" + ] + } + } + } +] + +# meta oiftype != ether +[ + { + "match": { + "left": { + "meta": "oiftype" + }, + "op": "!=", + "right": "ether" + } + } +] + +# meta oiftype ether +[ + { + "match": { + "left": { + "meta": "oiftype" + }, + "right": "ether" + } + } +] + +# meta skuid {"bin", "root", "daemon"} accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "right": { + "set": [ + "bin", + "root", + "daemon" + ] + } + } + }, + { + "accept": null + } +] + +# meta skuid != {"bin", "root", "daemon"} accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "op": "!=", + "right": { + "set": [ + "bin", + "root", + "daemon" + ] + } + } + }, + { + "accept": null + } +] + +# meta skuid "root" +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "right": "root" + } + } +] + +# meta skuid != "root" +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "op": "!=", + "right": "root" + } + } +] + +# meta skuid lt 3000 accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "op": "<", + "right": 3000 + } + }, + { + "accept": null + } +] + +# meta skuid gt 3000 accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "op": ">", + "right": 3000 + } + }, + { + "accept": null + } +] + +# meta skuid eq 3000 accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "right": 3000 + } + }, + { + "accept": null + } +] + +# meta skuid 3001-3005 accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "right": { + "range": [ 3001, 3005 ] + } + } + }, + { + "accept": null + } +] + +# meta skuid != 2001-2005 accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "op": "!=", + "right": { + "range": [ 2001, 2005 ] + } + } + }, + { + "accept": null + } +] + +# meta skuid { 2001-2005} accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "right": { + "set": [ + { "range": [ 2001, 2005 ] } + ] + } + } + }, + { + "accept": null + } +] + +# meta skuid != { 2001-2005} accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 2001, 2005 ] } + ] + } + } + }, + { + "accept": null + } +] + +# meta skgid {"bin", "root", "daemon"} accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "right": { + "set": [ + "bin", + "root", + "daemon" + ] + } + } + }, + { + "accept": null + } +] + +# meta skgid != {"bin", "root", "daemon"} accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "op": "!=", + "right": { + "set": [ + "bin", + "root", + "daemon" + ] + } + } + }, + { + "accept": null + } +] + +# meta skgid "root" +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "right": "root" + } + } +] + +# meta skgid != "root" +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "op": "!=", + "right": "root" + } + } +] + +# meta skgid lt 3000 accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "op": "<", + "right": 3000 + } + }, + { + "accept": null + } +] + +# meta skgid gt 3000 accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "op": ">", + "right": 3000 + } + }, + { + "accept": null + } +] + +# meta skgid eq 3000 accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "right": 3000 + } + }, + { + "accept": null + } +] + +# meta skgid 2001-2005 accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "right": { + "range": [ 2001, 2005 ] + } + } + }, + { + "accept": null + } +] + +# meta skgid != 2001-2005 accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "op": "!=", + "right": { + "range": [ 2001, 2005 ] + } + } + }, + { + "accept": null + } +] + +# meta skgid { 2001-2005} accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "right": { + "set": [ + { "range": [ 2001, 2005 ] } + ] + } + } + }, + { + "accept": null + } +] + +# meta skgid != { 2001-2005} accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 2001, 2005 ] } + ] + } + } + }, + { + "accept": null + } +] + +# meta mark set 0xffffffc8 xor 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { "^": [ "0xffffffc8", "0x16" ] } + } + } +] + +# meta mark set 0x16 and 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { "&": [ "0x16", "0x16" ] } + } + } +] + +# meta mark set 0xffffffe9 or 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { "|": [ "0xffffffe9", "0x16" ] } + } + } +] + +# meta mark set 0xffffffde and 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { "&": [ "0xffffffde", "0x16" ] } + } + } +] + +# meta mark set 0xf045ffde or 0x10 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { "|": [ "0xf045ffde", "0x10" ] } + } + } +] + +# meta mark set 0xffffffde or 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { "|": [ "0xffffffde", "0x16" ] } + } + } +] + +# meta mark set 0x32 or 0xfffff +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { "|": [ "0x32", "0xfffff" ] } + } + } +] + +# meta mark set 0xfffe xor 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { "^": [ "0xfffe", "0x16" ] } + } + } +] + +# meta iif "lo" +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + } +] + +# meta oif "lo" +[ + { + "match": { + "left": { + "meta": "oif" + }, + "right": "lo" + } + } +] + +# meta oifname "dummy2" accept +[ + { + "match": { + "left": { + "meta": "oifname" + }, + "right": "dummy2" + } + }, + { + "accept": null + } +] + +# meta skuid 3000 +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "right": 3000 + } + } +] + +# meta skgid 3000 +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "right": 3000 + } + } +] + +# meta rtclassid "cosmos" +[ + { + "match": { + "left": { + "meta": "rtclassid" + }, + "right": "cosmos" + } + } +] + +# meta pkttype broadcast +[ + { + "match": { + "left": { + "meta": "pkttype" + }, + "right": "broadcast" + } + } +] + +# meta pkttype host +[ + { + "match": { + "left": { + "meta": "pkttype" + }, + "right": "host" + } + } +] + +# meta pkttype multicast +[ + { + "match": { + "left": { + "meta": "pkttype" + }, + "right": "multicast" + } + } +] + +# meta pkttype != broadcast +[ + { + "match": { + "left": { + "meta": "pkttype" + }, + "op": "!=", + "right": "broadcast" + } + } +] + +# meta pkttype != host +[ + { + "match": { + "left": { + "meta": "pkttype" + }, + "op": "!=", + "right": "host" + } + } +] + +# meta pkttype != multicast +[ + { + "match": { + "left": { + "meta": "pkttype" + }, + "op": "!=", + "right": "multicast" + } + } +] + +# pkttype { broadcast, multicast} accept +[ + { + "match": { + "left": { + "meta": "pkttype" + }, + "right": { + "set": [ + "broadcast", + "multicast" + ] + } + } + }, + { + "accept": null + } +] + +# meta cpu 1 +[ + { + "match": { + "left": { + "meta": "cpu" + }, + "right": 1 + } + } +] + +# meta cpu != 1 +[ + { + "match": { + "left": { + "meta": "cpu" + }, + "op": "!=", + "right": 1 + } + } +] + +# meta cpu 1-3 +[ + { + "match": { + "left": { + "meta": "cpu" + }, + "right": { + "range": [ 1, 3 ] + } + } + } +] + +# meta cpu != 1-2 +[ + { + "match": { + "left": { + "meta": "cpu" + }, + "op": "!=", + "right": { + "range": [ 1, 2 ] + } + } + } +] + +# meta cpu { 2,3} +[ + { + "match": { + "left": { + "meta": "cpu" + }, + "right": { + "set": [ + 2, + 3 + ] + } + } + } +] + +# meta cpu { 2-3, 5-7} +[ + { + "match": { + "left": { + "meta": "cpu" + }, + "right": { + "set": [ + { "range": [ 2, 3 ] }, + { "range": [ 5, 7 ] } + ] + } + } + } +] + +# meta cpu != { 2,3} +[ + { + "match": { + "left": { + "meta": "cpu" + }, + "op": "!=", + "right": { + "set": [ + 2, + 3 + ] + } + } + } +] + +# meta iifgroup 0 +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "right": 0 + } + } +] + +# meta iifgroup != 0 +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "op": "!=", + "right": 0 + } + } +] + +# meta iifgroup "default" +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "right": "default" + } + } +] + +# meta iifgroup != "default" +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "op": "!=", + "right": "default" + } + } +] + +# meta iifgroup {"default"} +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "right": { + "set": [ + "default" + ] + } + } + } +] + +# meta iifgroup != {"default"} +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "op": "!=", + "right": { + "set": [ + "default" + ] + } + } + } +] + +# meta iifgroup { 11,33} +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "right": { + "set": [ + 11, + 33 + ] + } + } + } +] + +# meta iifgroup {11-33} +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "right": { + "set": [ + { "range": [ 11, 33 ] } + ] + } + } + } +] + +# meta iifgroup != { 11,33} +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "op": "!=", + "right": { + "set": [ + 11, + 33 + ] + } + } + } +] + +# meta iifgroup != {11-33} +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 11, 33 ] } + ] + } + } + } +] + +# meta oifgroup 0 +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "right": 0 + } + } +] + +# meta oifgroup != 0 +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "op": "!=", + "right": 0 + } + } +] + +# meta oifgroup "default" +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "right": "default" + } + } +] + +# meta oifgroup != "default" +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "op": "!=", + "right": "default" + } + } +] + +# meta oifgroup {"default"} +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "right": { + "set": [ + "default" + ] + } + } + } +] + +# meta oifgroup != {"default"} +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "op": "!=", + "right": { + "set": [ + "default" + ] + } + } + } +] + +# meta oifgroup { 11,33} +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "right": { + "set": [ + 11, + 33 + ] + } + } + } +] + +# meta oifgroup {11-33} +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "right": { + "set": [ + { "range": [ 11, 33 ] } + ] + } + } + } +] + +# meta oifgroup != { 11,33} +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "op": "!=", + "right": { + "set": [ + 11, + 33 + ] + } + } + } +] + +# meta oifgroup != {11-33} +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 11, 33 ] } + ] + } + } + } +] + +# meta cgroup 1048577 +[ + { + "match": { + "left": { + "meta": "cgroup" + }, + "right": 1048577 + } + } +] + +# meta cgroup != 1048577 +[ + { + "match": { + "left": { + "meta": "cgroup" + }, + "op": "!=", + "right": 1048577 + } + } +] + +# meta cgroup { 1048577, 1048578 } +[ + { + "match": { + "left": { + "meta": "cgroup" + }, + "right": { + "set": [ + 1048577, + 1048578 + ] + } + } + } +] + +# meta cgroup != { 1048577, 1048578} +[ + { + "match": { + "left": { + "meta": "cgroup" + }, + "op": "!=", + "right": { + "set": [ + 1048577, + 1048578 + ] + } + } + } +] + +# meta cgroup 1048577-1048578 +[ + { + "match": { + "left": { + "meta": "cgroup" + }, + "right": { + "range": [ 1048577, 1048578 ] + } + } + } +] + +# meta cgroup != 1048577-1048578 +[ + { + "match": { + "left": { + "meta": "cgroup" + }, + "op": "!=", + "right": { + "range": [ 1048577, 1048578 ] + } + } + } +] + +# meta cgroup {1048577-1048578} +[ + { + "match": { + "left": { + "meta": "cgroup" + }, + "right": { + "set": [ + { + "range": [ 1048577, 1048578 ] + } + ] + } + } + } +] + +# meta cgroup != { 1048577-1048578} +[ + { + "match": { + "left": { + "meta": "cgroup" + }, + "op": "!=", + "right": { + "set": [ + { + "range": [ 1048577, 1048578 ] + } + ] + } + } + } +] + +# meta iif . meta oif { "lo" . "lo" } +[ + { + "match": { + "left": { + "concat": [ + { + "meta": "iif" + }, + { + "meta": "oif" + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "lo", + "lo" + ] + } + ] + } + } + } +] + +# meta iif . meta oif . meta mark { "lo" . "lo" . 0x0000000a } +[ + { + "match": { + "left": { + "concat": [ + { + "meta": "iif" + }, + { + "meta": "oif" + }, + { + "meta": "mark" + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "lo", + "lo", + "0x0000000a" + ] + } + ] + } + } + } +] + +# meta iif . meta oif vmap { "lo" . "lo" : drop } +[ + { + "map": { + "left": { + "concat": [ + { + "meta": "iif" + }, + { + "meta": "oif" + } + ] + }, + "right": { + "set": [ + [ + { + "concat": [ + "lo", + "lo" + ] + }, + { + "drop": null + } + ] + ] + } + } + } +] + +# meta random eq 1 +[ + { + "match": { + "left": { + "meta": "random" + }, + "right": 1 + } + } +] + +# meta random gt 1000000 +[ + { + "match": { + "left": { + "meta": "random" + }, + "op": ">", + "right": 1000000 + } + } +] + diff --git a/tests/py/any/meta.t.json.output b/tests/py/any/meta.t.json.output new file mode 100644 index 00000000..a4b9633a --- /dev/null +++ b/tests/py/any/meta.t.json.output @@ -0,0 +1,577 @@ +# meta protocol { ip, arp, ip6, vlan } +[ + { + "match": { + "left": { + "meta": "protocol" + }, + "right": { + "set": [ + "ip", + "arp", + "vlan", + "ip6" + ] + } + } + } +] + +# meta protocol != {ip, arp, ip6, vlan} +[ + { + "match": { + "left": { + "meta": "protocol" + }, + "op": "!=", + "right": { + "set": [ + "ip", + "arp", + "vlan", + "ip6" + ] + } + } + } +] + +# meta priority 0x87654321 +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": "8765:4321" + } + } +] + +# meta priority 2271560481 +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": "8765:4321" + } + } +] + +# meta priority {bcad:dada, bcad:dadc, aaaa:bbbb} +[ + { + "match": { + "left": { + "meta": "priority" + }, + "right": { + "set": [ + "aaaa:bbbb", + "bcad:dada", + "bcad:dadc" + ] + } + } + } +] + +# meta mark 0x4 +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": 4 + } + } +] + +# meta mark 0x32 +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": 50 + } + } +] + +# meta mark and 0x03 == 0x01 +[ + { + "match": { + "left": { + "&": [ + { + "meta": "mark" + }, + 3 + ] + }, + "op": "==", + "right": 1 + } + } +] + +# meta mark and 0x03 != 0x01 +[ + { + "match": { + "left": { + "&": [ + { + "meta": "mark" + }, + 3 + ] + }, + "op": "!=", + "right": 1 + } + } +] + +# meta mark 0x10 +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": 16 + } + } +] + +# meta mark != 0x10 +[ + { + "match": { + "left": { + "meta": "mark" + }, + "op": "!=", + "right": 16 + } + } +] + +# meta mark or 0x03 == 0x01 +[ + { + "match": { + "left": { + "|": [ + { + "meta": "mark" + }, + 3 + ] + }, + "op": "==", + "right": 1 + } + } +] + +# meta mark or 0x03 != 0x01 +[ + { + "match": { + "left": { + "|": [ + { + "meta": "mark" + }, + 3 + ] + }, + "op": "!=", + "right": 1 + } + } +] + +# meta mark xor 0x03 == 0x01 +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": 2 + } + } +] + +# meta mark xor 0x03 != 0x01 +[ + { + "match": { + "left": { + "meta": "mark" + }, + "op": "!=", + "right": 2 + } + } +] + +# meta iifname {"dummy0", "lo"} +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": { + "set": [ + "lo", + "dummy0" + ] + } + } + } +] + +# meta iifname != {"dummy0", "lo"} +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "op": "!=", + "right": { + "set": [ + "lo", + "dummy0" + ] + } + } + } +] + +# meta oifname { "dummy0", "lo"} +[ + { + "match": { + "left": { + "meta": "oifname" + }, + "right": { + "set": [ + "lo", + "dummy0" + ] + } + } + } +] + +# meta skuid {"bin", "root", "daemon"} accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "right": { + "set": [ 0, 1, 2 ] + } + } + }, + { + "accept": null + } +] + +# meta skuid != {"bin", "root", "daemon"} accept +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "op": "!=", + "right": { + "set": [ 0, 1, 2 ] + } + } + }, + { + "accept": null + } +] + +# meta skuid "root" +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "right": 0 + } + } +] + +# meta skuid != "root" +[ + { + "match": { + "left": { + "meta": "skuid" + }, + "op": "!=", + "right": 0 + } + } +] + +# meta skgid {"bin", "root", "daemon"} accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "right": { + "set": [ 0, 1, 2 ] + } + } + }, + { + "accept": null + } +] + +# meta skgid != {"bin", "root", "daemon"} accept +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "op": "!=", + "right": { + "set": [ 0, 1, 2 ] + } + } + }, + { + "accept": null + } +] + +# meta skgid "root" +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "right": 0 + } + } +] + +# meta skgid != "root" +[ + { + "match": { + "left": { + "meta": "skgid" + }, + "op": "!=", + "right": 0 + } + } +] + +# meta mark set 0xffffffc8 xor 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": 4294967262 + } + } +] + +# meta mark set 0x16 and 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": 22 + } + } +] + +# meta mark set 0xffffffe9 or 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": 4294967295 + } + } +] + +# meta mark set 0xffffffde and 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": 22 + } + } +] + +# meta mark set 0xf045ffde or 0x10 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": 4031119326 + } + } +] + +# meta mark set 0xffffffde or 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": 4294967262 + } + } +] + +# meta mark set 0x32 or 0xfffff +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": 1048575 + } + } +] + +# meta mark set 0xfffe xor 0x16 +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": 65512 + } + } +] + +# meta iifgroup 0 +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "right": "default" + } + } +] + +# meta iifgroup != 0 +[ + { + "match": { + "left": { + "meta": "iifgroup" + }, + "op": "!=", + "right": "default" + } + } +] + +# meta oifgroup 0 +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "right": "default" + } + } +] + +# meta oifgroup != 0 +[ + { + "match": { + "left": { + "meta": "oifgroup" + }, + "op": "!=", + "right": "default" + } + } +] + +# meta iif . meta oif . meta mark { "lo" . "lo" . 0x0000000a } +[ + { + "match": { + "left": { + "concat": [ + { + "meta": "iif" + }, + { + "meta": "oif" + }, + { + "meta": "mark" + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "lo", + "lo", + 10 + ] + } + ] + } + } + } +] + diff --git a/tests/py/any/queue.t.json b/tests/py/any/queue.t.json new file mode 100644 index 00000000..48e86727 --- /dev/null +++ b/tests/py/any/queue.t.json @@ -0,0 +1,86 @@ +# queue +[ + { + "queue": null + } +] + +# queue num 2 +[ + { + "queue": { + "num": 2 + } + } +] + +# queue num 65535 +[ + { + "queue": { + "num": 65535 + } + } +] + +# queue num 2-3 +[ + { + "queue": { + "num": { + "range": [ 2, 3 ] + } + } + } +] + +# queue num 1-65535 +[ + { + "queue": { + "num": { + "range": [ 1, 65535 ] + } + } + } +] + +# queue num 4-5 fanout bypass +[ + { + "queue": { + "flags": [ + "bypass", + "fanout" + ], + "num": { + "range": [ 4, 5 ] + } + } + } +] + +# queue num 4-5 fanout +[ + { + "queue": { + "flags": "fanout", + "num": { + "range": [ 4, 5 ] + } + } + } +] + +# queue num 4-5 bypass +[ + { + "queue": { + "flags": "bypass", + "num": { + "range": [ 4, 5 ] + } + } + } +] + diff --git a/tests/py/any/queue.t.json.output b/tests/py/any/queue.t.json.output new file mode 100644 index 00000000..1104d760 --- /dev/null +++ b/tests/py/any/queue.t.json.output @@ -0,0 +1,9 @@ +# queue +[ + { + "queue": { + "num": 0 + } + } +] + diff --git a/tests/py/any/quota.t.json b/tests/py/any/quota.t.json new file mode 100644 index 00000000..59ccc72c --- /dev/null +++ b/tests/py/any/quota.t.json @@ -0,0 +1,136 @@ +# quota 1025 bytes +[ + { + "quota": { + "val": 1025, + "val_unit": "bytes" + } + } +] + +# quota 1 kbytes +[ + { + "quota": { + "val": 1, + "val_unit": "kbytes" + } + } +] + +# quota 2 kbytes +[ + { + "quota": { + "val": 2, + "val_unit": "kbytes" + } + } +] + +# quota 1025 kbytes +[ + { + "quota": { + "val": 1025, + "val_unit": "kbytes" + } + } +] + +# quota 1023 mbytes +[ + { + "quota": { + "val": 1023, + "val_unit": "mbytes" + } + } +] + +# quota 10230 mbytes +[ + { + "quota": { + "val": 10230, + "val_unit": "mbytes" + } + } +] + +# quota 1023000 mbytes +[ + { + "quota": { + "val": 1023000, + "val_unit": "mbytes" + } + } +] + +# quota over 1 kbytes +[ + { + "quota": { + "inv": true, + "val": 1, + "val_unit": "kbytes" + } + } +] + +# quota over 2 kbytes +[ + { + "quota": { + "inv": true, + "val": 2, + "val_unit": "kbytes" + } + } +] + +# quota over 1025 kbytes +[ + { + "quota": { + "inv": true, + "val": 1025, + "val_unit": "kbytes" + } + } +] + +# quota over 1023 mbytes +[ + { + "quota": { + "inv": true, + "val": 1023, + "val_unit": "mbytes" + } + } +] + +# quota over 10230 mbytes +[ + { + "quota": { + "inv": true, + "val": 10230, + "val_unit": "mbytes" + } + } +] + +# quota over 1023000 mbytes +[ + { + "quota": { + "inv": true, + "val": 1023000, + "val_unit": "mbytes" + } + } +] + diff --git a/tests/py/any/rawpayload.t.json b/tests/py/any/rawpayload.t.json new file mode 100644 index 00000000..b4ce0bd8 --- /dev/null +++ b/tests/py/any/rawpayload.t.json @@ -0,0 +1,157 @@ +# meta l4proto { tcp, udp, sctp} @th,16,16 { 22, 23, 80 } +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": { + "set": [ + "tcp", + "udp", + "sctp" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "base": "th", + "len": 16, + "name": "raw", + "offset": 16 + } + }, + "right": { + "set": [ + 22, + 23, + 80 + ] + } + } + } +] + +# meta l4proto tcp @th,16,16 { 22, 23, 80} +[ + { + "match": { + "left": { "meta": "l4proto" }, + "right": "tcp" + } + }, + { + "match": { + "left": { + "payload": { + "base": "th", + "len": 16, + "offset": 16, + "name": "raw" + } + }, + "right": { + "set": [ + 22, + 23, + 80 + ] + } + } + } +] + +# @nh,8,8 255 +[ + { + "match": { + "left": { + "payload": { + "base": "nh", + "len": 8, + "name": "raw", + "offset": 8 + } + }, + "right": 255 + } + } +] + +# @nh,8,16 0 +[ + { + "match": { + "left": { + "payload": { + "base": "nh", + "len": 16, + "name": "raw", + "offset": 8 + } + }, + "right": 0 + } + } +] + +# @ll,0,1 1 +[ + { + "match": { + "left": { + "payload": { + "base": "ll", + "len": 1, + "name": "raw", + "offset": 0 + } + }, + "right": 1 + } + } +] + +# @ll,0,8 and 0x80 eq 0x80 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "base": "ll", + "len": 8, + "name": "raw", + "offset": 0 + } + }, + "0x80" + ] + }, + "op": "==", + "right": "0x80" + } + } +] + +# @ll,0,128 0xfedcba987654321001234567890abcde +[ + { + "match": { + "left": { + "payload": { + "base": "ll", + "len": 128, + "name": "raw", + "offset": 0 + } + }, + "right": "0xfedcba987654321001234567890abcde" + } + } +] + diff --git a/tests/py/any/rawpayload.t.json.output b/tests/py/any/rawpayload.t.json.output new file mode 100644 index 00000000..fd70341c --- /dev/null +++ b/tests/py/any/rawpayload.t.json.output @@ -0,0 +1,104 @@ +# meta l4proto { tcp, udp, sctp} @th,16,16 { 22, 23, 80 } +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": { + "set": [ + 6, + 17, + 132 + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "base": "th", + "len": 16, + "name": "raw", + "offset": 16 + } + }, + "right": { + "set": [ + 22, + 23, + 80 + ] + } + } + } +] + +# meta l4proto tcp @th,16,16 { 22, 23, 80} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 22, + 23, + 80 + ] + } + } + } +] + +# @ll,0,1 1 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "base": "ll", + "len": 8, + "name": "raw", + "offset": 0 + } + }, + 128 + ] + }, + "op": "==", + "right": 128 + } + } +] + +# @ll,0,8 and 0x80 eq 0x80 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "base": "ll", + "len": 8, + "name": "raw", + "offset": 0 + } + }, + 128 + ] + }, + "op": "==", + "right": 128 + } + } +] + diff --git a/tests/py/any/rt.t.json b/tests/py/any/rt.t.json new file mode 100644 index 00000000..146a8a01 --- /dev/null +++ b/tests/py/any/rt.t.json @@ -0,0 +1,14 @@ +# rt classid "cosmos" +[ + { + "match": { + "left": { + "rt": { + "key": "classid" + } + }, + "right": "cosmos" + } + } +] + diff --git a/tests/py/arp/arp.t.json b/tests/py/arp/arp.t.json new file mode 100644 index 00000000..005fcf64 --- /dev/null +++ b/tests/py/arp/arp.t.json @@ -0,0 +1,877 @@ +# arp htype 1 +[ + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "right": 1 + } + } +] + +# arp htype != 1 +[ + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "op": "!=", + "right": 1 + } + } +] + +# arp htype 22 +[ + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "right": 22 + } + } +] + +# arp htype != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# arp htype 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# arp htype != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# arp htype { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# arp htype != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# arp htype { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# arp htype != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# arp ptype 0x0800 +[ + { + "match": { + "left": { + "payload": { + "field": "ptype", + "name": "arp" + } + }, + "right": "0x0800" + } + } +] + +# arp hlen 22 +[ + { + "match": { + "left": { + "payload": { + "field": "hlen", + "name": "arp" + } + }, + "right": 22 + } + } +] + +# arp hlen != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "hlen", + "name": "arp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# arp hlen 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "hlen", + "name": "arp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# arp hlen != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "hlen", + "name": "arp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# arp hlen { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "hlen", + "name": "arp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# arp hlen != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "hlen", + "name": "arp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# arp hlen { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "hlen", + "name": "arp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# arp hlen != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "hlen", + "name": "arp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# arp plen 22 +[ + { + "match": { + "left": { + "payload": { + "field": "plen", + "name": "arp" + } + }, + "right": 22 + } + } +] + +# arp plen != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "plen", + "name": "arp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# arp plen 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "plen", + "name": "arp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# arp plen != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "plen", + "name": "arp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# arp plen { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "plen", + "name": "arp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# arp plen != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "plen", + "name": "arp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# arp plen { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "plen", + "name": "arp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# arp plen != {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "plen", + "name": "arp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request} +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "right": { + "set": [ + "nak", + "inreply", + "inrequest", + "rreply", + "rrequest", + "reply", + "request" + ] + } + } + } +] + +# arp operation != {nak, inreply, inrequest, rreply, rrequest, reply, request} +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "op": "!=", + "right": { + "set": [ + "nak", + "inreply", + "inrequest", + "rreply", + "rrequest", + "reply", + "request" + ] + } + } + } +] + +# arp operation request +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "right": "request" + } + } +] + +# arp operation reply +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "right": "reply" + } + } +] + +# arp operation rrequest +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "right": "rrequest" + } + } +] + +# arp operation rreply +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "right": "rreply" + } + } +] + +# arp operation inrequest +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "right": "inrequest" + } + } +] + +# arp operation inreply +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "right": "inreply" + } + } +] + +# arp operation nak +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "right": "nak" + } + } +] + +# arp operation reply +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "right": "reply" + } + } +] + +# arp operation != request +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "op": "!=", + "right": "request" + } + } +] + +# arp operation != reply +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "op": "!=", + "right": "reply" + } + } +] + +# arp operation != rrequest +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "op": "!=", + "right": "rrequest" + } + } +] + +# arp operation != rreply +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "op": "!=", + "right": "rreply" + } + } +] + +# arp operation != inrequest +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "op": "!=", + "right": "inrequest" + } + } +] + +# arp operation != inreply +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "op": "!=", + "right": "inreply" + } + } +] + +# arp operation != nak +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "op": "!=", + "right": "nak" + } + } +] + +# arp operation != reply +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "op": "!=", + "right": "reply" + } + } +] + +# meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "invalid" + } + }, + { + "match": { + "left": { + "payload": { + "field": "ptype", + "name": "arp" + } + }, + "right": "0x0800" + } + }, + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "hlen", + "name": "arp" + } + }, + "right": 6 + } + }, + { + "match": { + "left": { + "payload": { + "field": "plen", + "name": "arp" + } + }, + "right": 4 + } + }, + { + "match": { + "left": { + "payload": { + "base": "nh", + "len": 32, + "name": "raw", + "offset": 192 + } + }, + "right": "0xc0a88f10" + } + }, + { + "mangle": { + "left": { + "payload": { + "base": "nh", + "len": 48, + "name": "raw", + "offset": 144 + } + }, + "right": "0x112233445566" + } + } +] + diff --git a/tests/py/arp/arp.t.json.output b/tests/py/arp/arp.t.json.output new file mode 100644 index 00000000..0120025b --- /dev/null +++ b/tests/py/arp/arp.t.json.output @@ -0,0 +1,148 @@ +# arp ptype 0x0800 +[ + { + "match": { + "left": { + "payload": { + "field": "ptype", + "name": "arp" + } + }, + "right": "ip" + } + } +] + +# arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request} +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "right": { + "set": [ + "request", + "reply", + "rrequest", + "rreply", + "inrequest", + "inreply", + "nak" + ] + } + } + } +] + +# arp operation != {nak, inreply, inrequest, rreply, rrequest, reply, request} +[ + { + "match": { + "left": { + "payload": { + "field": "operation", + "name": "arp" + } + }, + "op": "!=", + "right": { + "set": [ + "request", + "reply", + "rrequest", + "rreply", + "inrequest", + "inreply", + "nak" + ] + } + } + } +] + +# meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "invalid" + } + }, + { + "match": { + "left": { + "payload": { + "field": "htype", + "name": "arp" + } + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "ptype", + "name": "arp" + } + }, + "right": "ip" + } + }, + { + "match": { + "left": { + "payload": { + "field": "hlen", + "name": "arp" + } + }, + "right": 6 + } + }, + { + "match": { + "left": { + "payload": { + "field": "plen", + "name": "arp" + } + }, + "right": 4 + } + }, + { + "match": { + "left": { + "payload": { + "base": "nh", + "len": 32, + "name": "raw", + "offset": 192 + } + }, + "right": 3232272144 + } + }, + { + "mangle": { + "left": { + "payload": { + "base": "nh", + "len": 48, + "name": "raw", + "offset": 144 + } + }, + "right": 18838586676582 + } + } +] + diff --git a/tests/py/bridge/ether.t.json b/tests/py/bridge/ether.t.json new file mode 100644 index 00000000..89cd128c --- /dev/null +++ b/tests/py/bridge/ether.t.json @@ -0,0 +1,180 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "meta": "iiftype" + }, + "right": "ether" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + } +] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + } +] + +# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "accept": null + } +] + +# ether daddr 00:01:02:03:04:05 ether saddr set ff:fe:dc:ba:98:76 drop +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ether" + } + }, + "right": "00:01:02:03:04:05" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "ff:fe:dc:ba:98:76" + } + }, + { + "drop": null + } +] + diff --git a/tests/py/bridge/ether.t.json.output b/tests/py/bridge/ether.t.json.output new file mode 100644 index 00000000..f68748cb --- /dev/null +++ b/tests/py/bridge/ether.t.json.output @@ -0,0 +1,77 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "accept": null + } +] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + } +] + diff --git a/tests/py/bridge/icmpX.t.json b/tests/py/bridge/icmpX.t.json new file mode 100644 index 00000000..77638825 --- /dev/null +++ b/tests/py/bridge/icmpX.t.json @@ -0,0 +1,82 @@ +# ip protocol icmp icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "icmp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# ip6 nexthdr icmpv6 icmpv6 type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": "icmpv6" + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "echo-request" + } + } +] + +# icmpv6 type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "echo-request" + } + } +] + diff --git a/tests/py/bridge/icmpX.t.json.output b/tests/py/bridge/icmpX.t.json.output new file mode 100644 index 00000000..e2695750 --- /dev/null +++ b/tests/py/bridge/icmpX.t.json.output @@ -0,0 +1,52 @@ +# ip protocol icmp icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# ip6 nexthdr icmpv6 icmpv6 type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": 58 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "echo-request" + } + } +] + diff --git a/tests/py/bridge/meta.t.json b/tests/py/bridge/meta.t.json new file mode 100644 index 00000000..dad5c6e1 --- /dev/null +++ b/tests/py/bridge/meta.t.json @@ -0,0 +1,23 @@ +# meta obrname "br0" +[ + { + "match": { + "left": { + "meta": "obrname" + }, + "right": "br0" + } + } +] + +# meta ibrname "br0" +[ + { + "match": { + "left": { + "meta": "ibrname" + }, + "right": "br0" + } + } +] diff --git a/tests/py/bridge/reject.t.json b/tests/py/bridge/reject.t.json new file mode 100644 index 00000000..aa716f80 --- /dev/null +++ b/tests/py/bridge/reject.t.json @@ -0,0 +1,221 @@ +# reject with icmp type host-unreachable +[ + { + "reject": { + "expr": "host-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type net-unreachable +[ + { + "reject": { + "expr": "net-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type prot-unreachable +[ + { + "reject": { + "expr": "prot-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type net-prohibited +[ + { + "reject": { + "expr": "net-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp type host-prohibited +[ + { + "reject": { + "expr": "host-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp type admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmp" + } + } +] + +# reject with icmpv6 type no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type addr-unreachable +[ + { + "reject": { + "expr": "addr-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpv6" + } + } +] + +# mark 12345 ip protocol tcp reject with tcp reset +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": 12345 + } + }, + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "tcp" + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + +# reject +[ + { + "reject": null + } +] + +# ether type ip reject +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip" + } + }, + { + "reject": null + } +] + +# ether type ip6 reject +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip6" + } + }, + { + "reject": null + } +] + +# reject with icmpx type host-unreachable +[ + { + "reject": { + "expr": "host-unreachable", + "type": "icmpx" + } + } +] + +# reject with icmpx type no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpx" + } + } +] + +# reject with icmpx type admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + +# reject with icmpx type port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpx" + } + } +] + diff --git a/tests/py/bridge/reject.t.json.output b/tests/py/bridge/reject.t.json.output new file mode 100644 index 00000000..6effd179 --- /dev/null +++ b/tests/py/bridge/reject.t.json.output @@ -0,0 +1,260 @@ +# reject with icmp type host-unreachable +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip" + } + }, + { + "reject": { + "expr": "host-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type net-unreachable +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip" + } + }, + { + "reject": { + "expr": "net-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type prot-unreachable +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip" + } + }, + { + "reject": { + "expr": "prot-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type port-unreachable +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip" + } + }, + { + "reject": null + } +] + +# reject with icmp type net-prohibited +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip" + } + }, + { + "reject": { + "expr": "net-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp type host-prohibited +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip" + } + }, + { + "reject": { + "expr": "host-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp type admin-prohibited +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmp" + } + } +] + +# reject with icmpv6 type no-route +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip6" + } + }, + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type admin-prohibited +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip6" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type addr-unreachable +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip6" + } + }, + { + "reject": { + "expr": "addr-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type port-unreachable +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip6" + } + }, + { + "reject": null + } +] + +# mark 12345 ip protocol tcp reject with tcp reset +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": 12345 + } + }, + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 6 + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + +# reject with icmpx type port-unreachable +[ + { + "reject": null + } +] + diff --git a/tests/py/bridge/vlan.t.json b/tests/py/bridge/vlan.t.json new file mode 100644 index 00000000..b57deca7 --- /dev/null +++ b/tests/py/bridge/vlan.t.json @@ -0,0 +1,468 @@ +# vlan id 4094 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 4094 + } + } +] + +# vlan id 0 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 0 + } + } +] + +# vlan id 4094 vlan cfi 0 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 4094 + } + }, + { + "match": { + "left": { + "payload": { + "field": "cfi", + "name": "vlan" + } + }, + "right": 0 + } + } +] + +# vlan id 4094 vlan cfi != 1 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 4094 + } + }, + { + "match": { + "left": { + "payload": { + "field": "cfi", + "name": "vlan" + } + }, + "op": "!=", + "right": 1 + } + } +] + +# vlan id 4094 vlan cfi 1 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 4094 + } + }, + { + "match": { + "left": { + "payload": { + "field": "cfi", + "name": "vlan" + } + }, + "right": 1 + } + } +] + +# vlan id 4094 vlan cfi 1 vlan pcp 7 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 4094 + } + }, + { + "match": { + "left": { + "payload": { + "field": "cfi", + "name": "vlan" + } + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "pcp", + "name": "vlan" + } + }, + "right": 7 + } + } +] + +# vlan id 4094 vlan cfi 1 vlan pcp 3 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 4094 + } + }, + { + "match": { + "left": { + "payload": { + "field": "cfi", + "name": "vlan" + } + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "pcp", + "name": "vlan" + } + }, + "right": 3 + } + } +] + +# ether type vlan vlan id 4094 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 4094 + } + } +] + +# ether type vlan vlan id 0 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 0 + } + } +] + +# ether type vlan vlan id 4094 vlan cfi 0 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 4094 + } + }, + { + "match": { + "left": { + "payload": { + "field": "cfi", + "name": "vlan" + } + }, + "right": 0 + } + } +] + +# ether type vlan vlan id 4094 vlan cfi 1 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 4094 + } + }, + { + "match": { + "left": { + "payload": { + "field": "cfi", + "name": "vlan" + } + }, + "right": 1 + } + } +] + +# vlan id 4094 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 4094 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# vlan id 1 ip saddr 10.0.0.1 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "10.0.0.1" + } + } +] + +# vlan id 1 ip saddr 10.0.0.0/23 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "prefix": { + "addr": "10.0.0.0", + "len": 23 + } + } + } + } +] + +# vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "prefix": { + "addr": "10.0.0.0", + "len": 23 + } + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + } +] + +# ether type vlan vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "prefix": { + "addr": "10.0.0.0", + "len": 23 + } + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + } +] + +# vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "vlan" + } + }, + "right": { + "set": [ + 1, + 2, + 4, + 100, + 4095 + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "pcp", + "name": "vlan" + } + }, + "right": { + "range": [ 1, 3 ] + } + } + } +] + diff --git a/tests/py/inet/ah.t.json b/tests/py/inet/ah.t.json new file mode 100644 index 00000000..4489f2d3 --- /dev/null +++ b/tests/py/inet/ah.t.json @@ -0,0 +1,557 @@ +# ah hdrlength 11-23 +[ + { + "match": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ah" + } + }, + "right": { + "range": [ 11, 23 ] + } + } + } +] + +# ah hdrlength != 11-23 +[ + { + "match": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ah" + } + }, + "op": "!=", + "right": { + "range": [ 11, 23 ] + } + } + } +] + +# ah hdrlength { 11-23} +[ + { + "match": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ah" + } + }, + "right": { + "set": [ + { "range": [ 11, 23 ] } + ] + } + } + } +] + +# ah hdrlength != { 11-23} +[ + { + "match": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ah" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 11, 23 ] } + ] + } + } + } +] + +# ah hdrlength {11, 23, 44 } +[ + { + "match": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ah" + } + }, + "right": { + "set": [ + 11, + 23, + 44 + ] + } + } + } +] + +# ah hdrlength != {11, 23, 44 } +[ + { + "match": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ah" + } + }, + "op": "!=", + "right": { + "set": [ + 11, + 23, + 44 + ] + } + } + } +] + +# ah reserved 22 +[ + { + "match": { + "left": { + "payload": { + "field": "reserved", + "name": "ah" + } + }, + "right": 22 + } + } +] + +# ah reserved != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "reserved", + "name": "ah" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# ah reserved 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "reserved", + "name": "ah" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ah reserved != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "reserved", + "name": "ah" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ah reserved {23, 100} +[ + { + "match": { + "left": { + "payload": { + "field": "reserved", + "name": "ah" + } + }, + "right": { + "set": [ + 23, + 100 + ] + } + } + } +] + +# ah reserved != {23, 100} +[ + { + "match": { + "left": { + "payload": { + "field": "reserved", + "name": "ah" + } + }, + "op": "!=", + "right": { + "set": [ + 23, + 100 + ] + } + } + } +] + +# ah reserved { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "reserved", + "name": "ah" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ah reserved != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "reserved", + "name": "ah" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ah spi 111 +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "ah" + } + }, + "right": 111 + } + } +] + +# ah spi != 111 +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "ah" + } + }, + "op": "!=", + "right": 111 + } + } +] + +# ah spi 111-222 +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "ah" + } + }, + "right": { + "range": [ 111, 222 ] + } + } + } +] + +# ah spi != 111-222 +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "ah" + } + }, + "op": "!=", + "right": { + "range": [ 111, 222 ] + } + } + } +] + +# ah spi {111, 122} +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "ah" + } + }, + "right": { + "set": [ + 111, + 122 + ] + } + } + } +] + +# ah spi != {111, 122} +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "ah" + } + }, + "op": "!=", + "right": { + "set": [ + 111, + 122 + ] + } + } + } +] + +# ah spi { 111-122} +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "ah" + } + }, + "right": { + "set": [ + { "range": [ 111, 122 ] } + ] + } + } + } +] + +# ah spi != { 111-122} +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "ah" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 111, 122 ] } + ] + } + } + } +] + +# ah sequence 123 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "ah" + } + }, + "right": 123 + } + } +] + +# ah sequence != 123 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "ah" + } + }, + "op": "!=", + "right": 123 + } + } +] + +# ah sequence {23, 25, 33} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "ah" + } + }, + "right": { + "set": [ + 23, + 25, + 33 + ] + } + } + } +] + +# ah sequence != {23, 25, 33} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "ah" + } + }, + "op": "!=", + "right": { + "set": [ + 23, + 25, + 33 + ] + } + } + } +] + +# ah sequence { 23-33} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "ah" + } + }, + "right": { + "set": [ + { "range": [ 23, 33 ] } + ] + } + } + } +] + +# ah sequence != { 23-33} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "ah" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 23, 33 ] } + ] + } + } + } +] + +# ah sequence 23-33 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "ah" + } + }, + "right": { + "range": [ 23, 33 ] + } + } + } +] + +# ah sequence != 23-33 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "ah" + } + }, + "op": "!=", + "right": { + "range": [ 23, 33 ] + } + } + } +] + diff --git a/tests/py/inet/comp.t.json b/tests/py/inet/comp.t.json new file mode 100644 index 00000000..d76d6ed8 --- /dev/null +++ b/tests/py/inet/comp.t.json @@ -0,0 +1,316 @@ +# comp nexthdr != esp +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "comp" + } + }, + "op": "!=", + "right": "esp" + } + } +] + +# comp flags 0x0 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "right": "0x0" + } + } +] + +# comp flags != 0x23 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "op": "!=", + "right": "0x23" + } + } +] + +# comp flags 0x33-0x45 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "right": { + "range": [ "0x33", "0x45" ] + } + } + } +] + +# comp flags != 0x33-0x45 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "op": "!=", + "right": { + "range": [ "0x33", "0x45" ] + } + } + } +] + +# comp flags {0x33, 0x55, 0x67, 0x88} +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "right": { + "set": [ + "0x33", + "0x55", + "0x67", + "0x88" + ] + } + } + } +] + +# comp flags != {0x33, 0x55, 0x67, 0x88} +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "op": "!=", + "right": { + "set": [ + "0x33", + "0x55", + "0x67", + "0x88" + ] + } + } + } +] + +# comp flags { 0x33-0x55} +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "right": { + "set": [ + { "range": [ "0x33", "0x55" ] } + ] + } + } + } +] + +# comp flags != { 0x33-0x55} +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ "0x33", "0x55" ] } + ] + } + } + } +] + +# comp cpi 22 +[ + { + "match": { + "left": { + "payload": { + "field": "cpi", + "name": "comp" + } + }, + "right": 22 + } + } +] + +# comp cpi != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "cpi", + "name": "comp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# comp cpi 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "cpi", + "name": "comp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# comp cpi != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "cpi", + "name": "comp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# comp cpi {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "cpi", + "name": "comp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# comp cpi != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "cpi", + "name": "comp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# comp cpi { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "cpi", + "name": "comp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# comp cpi != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "cpi", + "name": "comp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + diff --git a/tests/py/inet/comp.t.json.output b/tests/py/inet/comp.t.json.output new file mode 100644 index 00000000..79e286b7 --- /dev/null +++ b/tests/py/inet/comp.t.json.output @@ -0,0 +1,166 @@ +# comp nexthdr != esp +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "comp" + } + }, + "op": "!=", + "right": 50 + } + } +] + +# comp flags 0x0 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "right": 0 + } + } +] + +# comp flags != 0x23 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "op": "!=", + "right": 35 + } + } +] + +# comp flags 0x33-0x45 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "right": { + "range": [ 51, 69 ] + } + } + } +] + +# comp flags != 0x33-0x45 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "op": "!=", + "right": { + "range": [ 51, 69 ] + } + } + } +] + +# comp flags {0x33, 0x55, 0x67, 0x88} +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "right": { + "set": [ + 51, + 85, + 103, + 136 + ] + } + } + } +] + +# comp flags != {0x33, 0x55, 0x67, 0x88} +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "op": "!=", + "right": { + "set": [ + 51, + 85, + 103, + 136 + ] + } + } + } +] + +# comp flags { 0x33-0x55} +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "right": { + "set": [ + { "range": [ 51, 85 ] } + ] + } + } + } +] + +# comp flags != { 0x33-0x55} +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "comp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 51, 85 ] } + ] + } + } + } +] + diff --git a/tests/py/inet/ct.t.json b/tests/py/inet/ct.t.json new file mode 100644 index 00000000..686c43f4 --- /dev/null +++ b/tests/py/inet/ct.t.json @@ -0,0 +1,39 @@ +# meta nfproto ipv4 ct original saddr 1.2.3.4 +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "saddr" + } + }, + "right": "1.2.3.4" + } + } +] + +# ct original ip6 saddr ::1 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "family": "ip6", + "key": "saddr" + } + }, + "right": "::1" + } + } +] + diff --git a/tests/py/inet/ct.t.json.output b/tests/py/inet/ct.t.json.output new file mode 100644 index 00000000..5605ebcf --- /dev/null +++ b/tests/py/inet/ct.t.json.output @@ -0,0 +1,16 @@ +# meta nfproto ipv4 ct original saddr 1.2.3.4 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "family": "ip", + "key": "saddr" + } + }, + "right": "1.2.3.4" + } + } +] + diff --git a/tests/py/inet/dccp.t.json b/tests/py/inet/dccp.t.json new file mode 100644 index 00000000..7f925047 --- /dev/null +++ b/tests/py/inet/dccp.t.json @@ -0,0 +1,340 @@ +# dccp sport 21-35 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "dccp" + } + }, + "right": { + "range": [ 21, 35 ] + } + } + } +] + +# dccp sport != 21-35 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "dccp" + } + }, + "op": "!=", + "right": { + "range": [ 21, 35 ] + } + } + } +] + +# dccp sport {23, 24, 25} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "dccp" + } + }, + "right": { + "set": [ + 23, + 24, + 25 + ] + } + } + } +] + +# dccp sport != {23, 24, 25} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "dccp" + } + }, + "op": "!=", + "right": { + "set": [ + 23, + 24, + 25 + ] + } + } + } +] + +# dccp sport { 20-50 } +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "dccp" + } + }, + "right": { + "set": [ + { "range": [ 20, 50 ] } + ] + } + } + } +] + +# dccp sport ftp-data - re-mail-ck +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "dccp" + } + }, + "right": { + "range": [ "ftp-data", "re-mail-ck" ] + } + } + } +] + +# dccp sport 20-50 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "dccp" + } + }, + "right": { + "range": [ 20, 50 ] + } + } + } +] + +# dccp sport { 20-50} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "dccp" + } + }, + "right": { + "set": [ + { "range": [ 20, 50 ] } + ] + } + } + } +] + +# dccp sport != { 20-50} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "dccp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 20, 50 ] } + ] + } + } + } +] + +# dccp dport {23, 24, 25} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "dccp" + } + }, + "right": { + "set": [ + 23, + 24, + 25 + ] + } + } + } +] + +# dccp dport != {23, 24, 25} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "dccp" + } + }, + "op": "!=", + "right": { + "set": [ + 23, + 24, + 25 + ] + } + } + } +] + +# dccp dport { 20-50} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "dccp" + } + }, + "right": { + "set": [ + { "range": [ 20, 50 ] } + ] + } + } + } +] + +# dccp dport != { 20-50} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "dccp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 20, 50 ] } + ] + } + } + } +] + +# dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack} +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "dccp" + } + }, + "right": { + "set": [ + "request", + "response", + "data", + "ack", + "dataack", + "closereq", + "close", + "reset", + "sync", + "syncack" + ] + } + } + } +] + +# dccp type != {request, response, data, ack, dataack, closereq, close, reset, sync, syncack} +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "dccp" + } + }, + "op": "!=", + "right": { + "set": [ + "request", + "response", + "data", + "ack", + "dataack", + "closereq", + "close", + "reset", + "sync", + "syncack" + ] + } + } + } +] + +# dccp type request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "dccp" + } + }, + "right": "request" + } + } +] + +# dccp type != request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "dccp" + } + }, + "op": "!=", + "right": "request" + } + } +] + diff --git a/tests/py/inet/dccp.t.json.output b/tests/py/inet/dccp.t.json.output new file mode 100644 index 00000000..9e3a57a7 --- /dev/null +++ b/tests/py/inet/dccp.t.json.output @@ -0,0 +1,17 @@ +# dccp sport ftp-data - re-mail-ck +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "dccp" + } + }, + "right": { + "range": [ 20, 50 ] + } + } + } +] + diff --git a/tests/py/inet/esp.t.json b/tests/py/inet/esp.t.json new file mode 100644 index 00000000..39c446c7 --- /dev/null +++ b/tests/py/inet/esp.t.json @@ -0,0 +1,256 @@ +# esp spi 100 +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "esp" + } + }, + "right": 100 + } + } +] + +# esp spi != 100 +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "esp" + } + }, + "op": "!=", + "right": 100 + } + } +] + +# esp spi 111-222 +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "esp" + } + }, + "right": { + "range": [ 111, 222 ] + } + } + } +] + +# esp spi != 111-222 +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "esp" + } + }, + "op": "!=", + "right": { + "range": [ 111, 222 ] + } + } + } +] + +# esp spi { 100, 102} +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "esp" + } + }, + "right": { + "set": [ + 100, + 102 + ] + } + } + } +] + +# esp spi != { 100, 102} +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "esp" + } + }, + "op": "!=", + "right": { + "set": [ + 100, + 102 + ] + } + } + } +] + +# esp spi { 100-102} +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "name": "esp" + } + }, + "right": { + "set": [ + { "range": [ 100, 102 ] } + ] + } + } + } +] + +# esp sequence 22 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "esp" + } + }, + "right": 22 + } + } +] + +# esp sequence 22-24 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "esp" + } + }, + "right": { + "range": [ 22, 24 ] + } + } + } +] + +# esp sequence != 22-24 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "esp" + } + }, + "op": "!=", + "right": { + "range": [ 22, 24 ] + } + } + } +] + +# esp sequence { 22, 24} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "esp" + } + }, + "right": { + "set": [ + 22, + 24 + ] + } + } + } +] + +# esp sequence != { 22, 24} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "esp" + } + }, + "op": "!=", + "right": { + "set": [ + 22, + 24 + ] + } + } + } +] + +# esp sequence { 22-25} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "esp" + } + }, + "right": { + "set": [ + { "range": [ 22, 25 ] } + ] + } + } + } +] + +# esp sequence != { 22-25} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "esp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 22, 25 ] } + ] + } + } + } +] + diff --git a/tests/py/inet/ether-ip.t.json b/tests/py/inet/ether-ip.t.json new file mode 100644 index 00000000..0c0964e6 --- /dev/null +++ b/tests/py/inet/ether-ip.t.json @@ -0,0 +1,85 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "meta": "iiftype" + }, + "right": "ether" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + } +] + diff --git a/tests/py/inet/ether-ip.t.json.output b/tests/py/inet/ether-ip.t.json.output new file mode 100644 index 00000000..80f8a4c3 --- /dev/null +++ b/tests/py/inet/ether-ip.t.json.output @@ -0,0 +1,40 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "accept": null + } +] + diff --git a/tests/py/inet/ether.t.json b/tests/py/inet/ether.t.json new file mode 100644 index 00000000..0daf46e9 --- /dev/null +++ b/tests/py/inet/ether.t.json @@ -0,0 +1,84 @@ +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "meta": "iiftype" + }, + "right": "ether" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + +# ether saddr 00:0f:54:0c:11:04 accept +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + diff --git a/tests/py/inet/ether.t.json.output b/tests/py/inet/ether.t.json.output new file mode 100644 index 00000000..bd7bd67e --- /dev/null +++ b/tests/py/inet/ether.t.json.output @@ -0,0 +1,29 @@ +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + diff --git a/tests/py/inet/fib.t.json b/tests/py/inet/fib.t.json new file mode 100644 index 00000000..cb15e397 --- /dev/null +++ b/tests/py/inet/fib.t.json @@ -0,0 +1,128 @@ +# fib saddr . iif oif ne 0 +[ + { + "match": { + "left": { + "fib": { + "flags": [ + "saddr", + "iif" + ], + "result": "oif" + } + }, + "op": "!=", + "right": "0" + } + } +] + +# fib saddr . iif oifname "lo" +[ + { + "match": { + "left": { + "fib": { + "flags": [ + "saddr", + "iif" + ], + "result": "oifname" + } + }, + "right": "lo" + } + } +] + +# fib daddr . iif type local +[ + { + "match": { + "left": { + "fib": { + "flags": [ + "daddr", + "iif" + ], + "result": "type" + } + }, + "right": "local" + } + } +] + +# fib daddr . iif type vmap { blackhole : drop, prohibit : drop, unicast : accept } +[ + { + "map": { + "left": { + "fib": { + "flags": [ + "daddr", + "iif" + ], + "result": "type" + } + }, + "right": { + "set": [ + [ + "blackhole", + { + "drop": null + } + ], + [ + "prohibit", + { + "drop": null + } + ], + [ + "unicast", + { + "accept": null + } + ] + ] + } + } + } +] + +# fib daddr oif exists +[ + { + "match": { + "left": { + "fib": { + "flags": [ + "daddr" + ], + "result": "oif" + } + }, + "right": true + } + } +] + +# fib daddr oif missing +[ + { + "match": { + "left": { + "fib": { + "flags": [ + "daddr" + ], + "result": "oif" + } + }, + "right": false + } + } +] + diff --git a/tests/py/inet/fib.t.json.output b/tests/py/inet/fib.t.json.output new file mode 100644 index 00000000..c473b2af --- /dev/null +++ b/tests/py/inet/fib.t.json.output @@ -0,0 +1,39 @@ +# fib daddr . iif type vmap { blackhole : drop, prohibit : drop, unicast : accept } +[ + { + "map": { + "left": { + "fib": { + "flags": [ + "daddr", + "iif" + ], + "result": "type" + } + }, + "right": { + "set": [ + [ + "unicast", + { + "accept": null + } + ], + [ + "blackhole", + { + "drop": null + } + ], + [ + "prohibit", + { + "drop": null + } + ] + ] + } + } + } +] + diff --git a/tests/py/inet/icmpX.t.json b/tests/py/inet/icmpX.t.json new file mode 100644 index 00000000..006419e3 --- /dev/null +++ b/tests/py/inet/icmpX.t.json @@ -0,0 +1,116 @@ +# ip protocol icmp icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "icmp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# ip6 nexthdr icmpv6 icmpv6 type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": "icmpv6" + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "echo-request" + } + } +] + +# icmpv6 type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "echo-request" + } + } +] + +# ip protocol ipv6-icmp meta l4proto ipv6-icmp icmpv6 type 1 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "ipv6-icmp" + } + }, + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": "ipv6-icmp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": 1 + } + } +] + diff --git a/tests/py/inet/icmpX.t.json.output b/tests/py/inet/icmpX.t.json.output new file mode 100644 index 00000000..94034388 --- /dev/null +++ b/tests/py/inet/icmpX.t.json.output @@ -0,0 +1,86 @@ +# ip protocol icmp icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# ip6 nexthdr icmpv6 icmpv6 type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": 58 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "echo-request" + } + } +] + +# ip protocol ipv6-icmp meta l4proto ipv6-icmp icmpv6 type 1 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 58 + } + }, + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": 58 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "destination-unreachable" + } + } +] + diff --git a/tests/py/inet/ip.t.json b/tests/py/inet/ip.t.json new file mode 100644 index 00000000..b2327377 --- /dev/null +++ b/tests/py/inet/ip.t.json @@ -0,0 +1,41 @@ +# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + { + "payload": { + "field": "saddr", + "name": "ether" + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "1.1.1.1", + "2.2.2.2", + "ca:fe:ca:fe:ca:fe" + ] + } + ] + } + } + } +] + diff --git a/tests/py/inet/ip_tcp.t.json b/tests/py/inet/ip_tcp.t.json new file mode 100644 index 00000000..f9c8b5c6 --- /dev/null +++ b/tests/py/inet/ip_tcp.t.json @@ -0,0 +1,158 @@ +# ip protocol tcp tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "tcp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# ip protocol tcp ip saddr 1.2.3.4 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "tcp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# ip protocol tcp counter ip saddr 1.2.3.4 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "tcp" + } + }, + { + "counter": null + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# ip protocol tcp counter tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "tcp" + } + }, + { + "counter": null + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# ether type ip tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "ether" + } + }, + "right": "ip" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + diff --git a/tests/py/inet/ip_tcp.t.json.output b/tests/py/inet/ip_tcp.t.json.output new file mode 100644 index 00000000..1581f30e --- /dev/null +++ b/tests/py/inet/ip_tcp.t.json.output @@ -0,0 +1,121 @@ +# ip protocol tcp tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 6 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# ip protocol tcp ip saddr 1.2.3.4 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# ip protocol tcp counter ip saddr 1.2.3.4 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 6 + } + }, + { + "counter": null + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# ip protocol tcp counter tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 6 + } + }, + { + "counter": null + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + diff --git a/tests/py/inet/map.t.json b/tests/py/inet/map.t.json new file mode 100644 index 00000000..b7bb10a9 --- /dev/null +++ b/tests/py/inet/map.t.json @@ -0,0 +1,66 @@ +# mark set ip saddr map { 10.2.3.2 : 0x0000002a, 10.2.3.1 : 0x00000017} +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "set": [ + [ + "10.2.3.2", + "0x0000002a" + ], + [ + "10.2.3.1", + "0x00000017" + ] + ] + } + } + } + } + } +] + +# mark set ip hdrlength map { 5 : 0x00000017, 4 : 0x00000001} +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { + "map": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ip" + } + }, + "right": { + "set": [ + [ + 5, + "0x00000017" + ], + [ + 4, + "0x00000001" + ] + ] + } + } + } + } + } +] + diff --git a/tests/py/inet/map.t.json.output b/tests/py/inet/map.t.json.output new file mode 100644 index 00000000..5a410b3b --- /dev/null +++ b/tests/py/inet/map.t.json.output @@ -0,0 +1,66 @@ +# mark set ip saddr map { 10.2.3.2 : 0x0000002a, 10.2.3.1 : 0x00000017} +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "set": [ + [ + "10.2.3.1", + 23 + ], + [ + "10.2.3.2", + 42 + ] + ] + } + } + } + } + } +] + +# mark set ip hdrlength map { 5 : 0x00000017, 4 : 0x00000001} +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { + "map": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ip" + } + }, + "right": { + "set": [ + [ + 4, + 1 + ], + [ + 5, + 23 + ] + ] + } + } + } + } + } +] + diff --git a/tests/py/inet/meta.t.json b/tests/py/inet/meta.t.json new file mode 100644 index 00000000..2687f69e --- /dev/null +++ b/tests/py/inet/meta.t.json @@ -0,0 +1,198 @@ +# meta nfproto ipv4 +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + } +] + +# meta nfproto ipv6 +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv6" + } + } +] + +# meta nfproto {ipv4, ipv6} +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": { + "set": [ + "ipv4", + "ipv6" + ] + } + } + } +] + +# meta nfproto != {ipv4, ipv6} +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "op": "!=", + "right": { + "set": [ + "ipv4", + "ipv6" + ] + } + } + } +] + +# meta nfproto ipv6 tcp dport 22 +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv6" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# meta nfproto ipv4 tcp dport 22 +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# meta nfproto ipv4 ip saddr 1.2.3.4 +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + } +] + +# meta nfproto ipv6 meta l4proto tcp +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv6" + } + }, + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": "tcp" + } + } +] + +# meta nfproto ipv4 counter ip saddr 1.2.3.4 +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "counter": null + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + } +] + +# meta secpath exists +[ + { + "match": { + "left": { + "meta": "secpath" + }, + "right": true + } + } +] + +# meta secpath missing +[ + { + "match": { + "left": { + "meta": "secpath" + }, + "right": false + } + } +] + diff --git a/tests/py/inet/meta.t.json.output b/tests/py/inet/meta.t.json.output new file mode 100644 index 00000000..19b2d262 --- /dev/null +++ b/tests/py/inet/meta.t.json.output @@ -0,0 +1,35 @@ +# meta nfproto ipv4 ip saddr 1.2.3.4 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + } +] + +# meta nfproto ipv6 meta l4proto tcp +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv6" + } + }, + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": 6 + } + } +] + diff --git a/tests/py/inet/reject.t.json b/tests/py/inet/reject.t.json new file mode 100644 index 00000000..0939f445 --- /dev/null +++ b/tests/py/inet/reject.t.json @@ -0,0 +1,240 @@ +# reject with icmp type host-unreachable +[ + { + "reject": { + "expr": "host-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type net-unreachable +[ + { + "reject": { + "expr": "net-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type prot-unreachable +[ + { + "reject": { + "expr": "prot-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type net-prohibited +[ + { + "reject": { + "expr": "net-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp type host-prohibited +[ + { + "reject": { + "expr": "host-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp type admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmp" + } + } +] + +# reject with icmpv6 type no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type addr-unreachable +[ + { + "reject": { + "expr": "addr-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpv6" + } + } +] + +# mark 12345 reject with tcp reset +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": 12345 + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + +# reject +[ + { + "reject": null + } +] + +# meta nfproto ipv4 reject +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "reject": null + } +] + +# meta nfproto ipv6 reject +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv6" + } + }, + { + "reject": null + } +] + +# reject with icmpx type host-unreachable +[ + { + "reject": { + "expr": "host-unreachable", + "type": "icmpx" + } + } +] + +# reject with icmpx type no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpx" + } + } +] + +# reject with icmpx type admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + +# reject with icmpx type port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpx" + } + } +] + +# meta nfproto ipv4 reject with icmp type host-unreachable +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "reject": { + "expr": "host-unreachable", + "type": "icmp" + } + } +] + +# meta nfproto ipv6 reject with icmpv6 type no-route +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv6" + } + }, + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + diff --git a/tests/py/inet/reject.t.json.output b/tests/py/inet/reject.t.json.output new file mode 100644 index 00000000..b1e77990 --- /dev/null +++ b/tests/py/inet/reject.t.json.output @@ -0,0 +1,224 @@ +# reject with icmp type host-unreachable +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "reject": { + "expr": "host-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type net-unreachable +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "reject": { + "expr": "net-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type prot-unreachable +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "reject": { + "expr": "prot-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type port-unreachable +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "reject": null + } +] + +# reject with icmp type net-prohibited +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "reject": { + "expr": "net-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp type host-prohibited +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "reject": { + "expr": "host-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp type admin-prohibited +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmp" + } + } +] + +# reject with icmpv6 type no-route +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv6" + } + }, + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type admin-prohibited +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv6" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type addr-unreachable +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv6" + } + }, + { + "reject": { + "expr": "addr-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type port-unreachable +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv6" + } + }, + { + "reject": null + } +] + +# mark 12345 reject with tcp reset +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": 6 + } + }, + { + "match": { + "left": { + "meta": "mark" + }, + "right": 12345 + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + +# reject with icmpx type port-unreachable +[ + { + "reject": null + } +] + diff --git a/tests/py/inet/rt.t.json b/tests/py/inet/rt.t.json new file mode 100644 index 00000000..32e1d437 --- /dev/null +++ b/tests/py/inet/rt.t.json @@ -0,0 +1,56 @@ +# meta nfproto ipv4 rt nexthop 192.168.0.1 +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "match": { + "left": { + "rt": { + "key": "nexthop" + } + }, + "right": "192.168.0.1" + } + } +] + +# rt ip6 nexthop fd00::1 +[ + { + "match": { + "left": { + "rt": { + "family": "ip6", + "key": "nexthop" + } + }, + "right": "fd00::1" + } + } +] + +# tcp option maxseg size set rt mtu +[ + { + "mangle": { + "left": { + "tcp option": { + "field": "size", + "name": "maxseg" + } + }, + "right": { + "rt": { + "key": "mtu" + } + } + } + } +] + diff --git a/tests/py/inet/rt.t.json.output b/tests/py/inet/rt.t.json.output new file mode 100644 index 00000000..1d3ecac1 --- /dev/null +++ b/tests/py/inet/rt.t.json.output @@ -0,0 +1,23 @@ +# meta nfproto ipv4 rt nexthop 192.168.0.1 +[ + { + "match": { + "left": { + "meta": "nfproto" + }, + "right": "ipv4" + } + }, + { + "match": { + "left": { + "rt": { + "family": "ip", + "key": "nexthop" + } + }, + "right": "192.168.0.1" + } + } +] + diff --git a/tests/py/inet/sctp.t.json b/tests/py/inet/sctp.t.json new file mode 100644 index 00000000..86193080 --- /dev/null +++ b/tests/py/inet/sctp.t.json @@ -0,0 +1,594 @@ +# sctp sport 23 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "sctp" + } + }, + "right": 23 + } + } +] + +# sctp sport != 23 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "sctp" + } + }, + "op": "!=", + "right": 23 + } + } +] + +# sctp sport 23-44 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "sctp" + } + }, + "right": { + "range": [ 23, 44 ] + } + } + } +] + +# sctp sport != 23-44 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "range": [ 23, 44 ] + } + } + } +] + +# sctp sport { 23, 24, 25} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "sctp" + } + }, + "right": { + "set": [ + 23, + 24, + 25 + ] + } + } + } +] + +# sctp sport != { 23, 24, 25} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "set": [ + 23, + 24, + 25 + ] + } + } + } +] + +# sctp sport { 23-44} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "sctp" + } + }, + "right": { + "set": [ + { "range": [ 23, 44 ] } + ] + } + } + } +] + +# sctp sport != { 23-44} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 23, 44 ] } + ] + } + } + } +] + +# sctp dport 23 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "sctp" + } + }, + "right": 23 + } + } +] + +# sctp dport != 23 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "sctp" + } + }, + "op": "!=", + "right": 23 + } + } +] + +# sctp dport 23-44 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "sctp" + } + }, + "right": { + "range": [ 23, 44 ] + } + } + } +] + +# sctp dport != 23-44 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "range": [ 23, 44 ] + } + } + } +] + +# sctp dport { 23, 24, 25} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "sctp" + } + }, + "right": { + "set": [ + 23, + 24, + 25 + ] + } + } + } +] + +# sctp dport != { 23, 24, 25} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "set": [ + 23, + 24, + 25 + ] + } + } + } +] + +# sctp dport { 23-44} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "sctp" + } + }, + "right": { + "set": [ + { "range": [ 23, 44 ] } + ] + } + } + } +] + +# sctp dport != { 23-44} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 23, 44 ] } + ] + } + } + } +] + +# sctp checksum 1111 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "sctp" + } + }, + "right": 1111 + } + } +] + +# sctp checksum != 11 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "sctp" + } + }, + "op": "!=", + "right": 11 + } + } +] + +# sctp checksum 21-333 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "sctp" + } + }, + "right": { + "range": [ 21, 333 ] + } + } + } +] + +# sctp checksum != 32-111 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "range": [ 32, 111 ] + } + } + } +] + +# sctp checksum { 22, 33, 44} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "sctp" + } + }, + "right": { + "set": [ + 22, + 33, + 44 + ] + } + } + } +] + +# sctp checksum != { 22, 33, 44} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "set": [ + 22, + 33, + 44 + ] + } + } + } +] + +# sctp checksum { 22-44} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "sctp" + } + }, + "right": { + "set": [ + { "range": [ 22, 44 ] } + ] + } + } + } +] + +# sctp checksum != { 22-44} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 22, 44 ] } + ] + } + } + } +] + +# sctp vtag 22 +[ + { + "match": { + "left": { + "payload": { + "field": "vtag", + "name": "sctp" + } + }, + "right": 22 + } + } +] + +# sctp vtag != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "vtag", + "name": "sctp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# sctp vtag 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "vtag", + "name": "sctp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# sctp vtag != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "vtag", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# sctp vtag {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "vtag", + "name": "sctp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# sctp vtag != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "vtag", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# sctp vtag { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "vtag", + "name": "sctp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# sctp vtag != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "vtag", + "name": "sctp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json new file mode 100644 index 00000000..559206df --- /dev/null +++ b/tests/py/inet/tcp.t.json @@ -0,0 +1,1552 @@ +# tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# tcp dport != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# tcp dport 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp dport != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp dport { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp dport != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp dport { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp dport != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp dport {telnet, http, https} accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + "telnet", + "http", + "https" + ] + } + } + }, + { + "accept": null + } +] + +# tcp dport vmap { 22 : accept, 23 : drop } +[ + { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 22, + { + "accept": null + } + ], + [ + 23, + { + "drop": null + } + ] + ] + } + } + } +] + +# tcp dport vmap { 25:accept, 28:drop } +[ + { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 25, + { + "accept": null + } + ], + [ + 28, + { + "drop": null + } + ] + ] + } + } + } +] + +# tcp dport { 22, 53, 80, 110 } +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 22, + 53, + 80, + 110 + ] + } + } + } +] + +# tcp dport != { 22, 53, 80, 110 } +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 22, + 53, + 80, + 110 + ] + } + } + } +] + +# tcp sport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# tcp sport != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# tcp sport 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp sport != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp sport { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp sport != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp sport { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp sport != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp sport vmap { 25:accept, 28:drop } +[ + { + "map": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 25, + { + "accept": null + } + ], + [ + 28, + { + "drop": null + } + ] + ] + } + } + } +] + +# tcp sport 8080 drop +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": 8080 + } + }, + { + "drop": null + } +] + +# tcp sport 1024 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": 1024 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": 1024 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "right": 0 + } + } +] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "right": 0 + } + }, + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": 1024 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "right": 0 + } + }, + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": { + "set": [ + 1024, + 1022 + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# tcp sequence 22 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# tcp sequence != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# tcp sequence 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp sequence != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp sequence { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp sequence != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp sequence { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp sequence != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp ackseq 42949672 drop +[ + { + "match": { + "left": { + "payload": { + "field": "ackseq", + "name": "tcp" + } + }, + "right": 42949672 + } + }, + { + "drop": null + } +] + +# tcp ackseq 22 +[ + { + "match": { + "left": { + "payload": { + "field": "ackseq", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# tcp ackseq != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "ackseq", + "name": "tcp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# tcp ackseq 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "ackseq", + "name": "tcp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp ackseq != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "ackseq", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp ackseq { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "ackseq", + "name": "tcp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp ackseq != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "ackseq", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp ackseq { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "ackseq", + "name": "tcp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp ackseq != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "ackseq", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "tcp" + } + }, + "right": { + "set": [ + "fin", + "syn", + "rst", + "psh", + "ack", + "urg", + "ecn", + "cwr" + ] + } + } + }, + { + "drop": null + } +] + +# tcp flags != { fin, urg, ecn, cwr} drop +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + "fin", + "urg", + "ecn", + "cwr" + ] + } + } + }, + { + "drop": null + } +] + +# tcp flags cwr +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "tcp" + } + }, + "right": "cwr" + } + } +] + +# tcp flags != cwr +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "name": "tcp" + } + }, + "op": "!=", + "right": "cwr" + } + } +] + +# tcp flags & (syn|fin) == (syn|fin) +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "name": "tcp" + } + }, + { + "|": [ + "syn", + "fin" + ] + } + ] + }, + "op": "==", + "right": { + "|": [ + "syn", + "fin" + ] + } + } + } +] + +# tcp window 22222 +[ + { + "match": { + "left": { + "payload": { + "field": "window", + "name": "tcp" + } + }, + "right": 22222 + } + } +] + +# tcp window 22 +[ + { + "match": { + "left": { + "payload": { + "field": "window", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# tcp window != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "window", + "name": "tcp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# tcp window 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "window", + "name": "tcp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp window != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "window", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp window { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "window", + "name": "tcp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp window != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "window", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp window { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "window", + "name": "tcp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp window != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "window", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp checksum 22 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# tcp checksum != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "tcp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# tcp checksum 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "tcp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp checksum != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp checksum { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "tcp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp checksum != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp checksum { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "tcp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp checksum != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp urgptr 1234 accept +[ + { + "match": { + "left": { + "payload": { + "field": "urgptr", + "name": "tcp" + } + }, + "right": 1234 + } + }, + { + "accept": null + } +] + +# tcp urgptr 22 +[ + { + "match": { + "left": { + "payload": { + "field": "urgptr", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# tcp urgptr != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "urgptr", + "name": "tcp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# tcp urgptr 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "urgptr", + "name": "tcp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp urgptr != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "urgptr", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# tcp urgptr { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "urgptr", + "name": "tcp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp urgptr != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "urgptr", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# tcp urgptr { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "urgptr", + "name": "tcp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp urgptr != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "urgptr", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# tcp doff 8 +[ + { + "match": { + "left": { + "payload": { + "field": "doff", + "name": "tcp" + } + }, + "right": 8 + } + } +] + diff --git a/tests/py/inet/tcp.t.json.output b/tests/py/inet/tcp.t.json.output new file mode 100644 index 00000000..d099d6fe --- /dev/null +++ b/tests/py/inet/tcp.t.json.output @@ -0,0 +1,134 @@ +# tcp dport {telnet, http, https} accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 23, + 80, + 443 + ] + } + } + }, + { + "accept": null + } +] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": 1024 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "right": 0 + } + } +] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "tcp" + } + }, + "right": { + "set": [ + 1022, + 1024 + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "tcp" + } + }, + "right": 0 + } + } +] + +# tcp flags & (syn|fin) == (syn|fin) +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "name": "tcp" + } + }, + { + "|": [ + "fin", + "syn" + ] + } + ] + }, + "op": "==", + "right": { + "|": [ + "fin", + "syn" + ] + } + } + } +] + diff --git a/tests/py/inet/tcpopt.t.json b/tests/py/inet/tcpopt.t.json new file mode 100644 index 00000000..d4632187 --- /dev/null +++ b/tests/py/inet/tcpopt.t.json @@ -0,0 +1,418 @@ +# tcp option eol kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "eol" + } + }, + "right": 1 + } + } +] + +# tcp option noop kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "noop" + } + }, + "right": 1 + } + } +] + +# tcp option maxseg kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "maxseg" + } + }, + "right": 1 + } + } +] + +# tcp option maxseg length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "maxseg" + } + }, + "right": 1 + } + } +] + +# tcp option maxseg size 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "size", + "name": "maxseg" + } + }, + "right": 1 + } + } +] + +# tcp option window kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "window" + } + }, + "right": 1 + } + } +] + +# tcp option window length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "window" + } + }, + "right": 1 + } + } +] + +# tcp option window count 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "count", + "name": "window" + } + }, + "right": 1 + } + } +] + +# tcp option sack-permitted kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "sack-permitted" + } + }, + "right": 1 + } + } +] + +# tcp option sack-permitted length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "sack-permitted" + } + }, + "right": 1 + } + } +] + +# tcp option sack kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack0 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack0" + } + }, + "right": 1 + } + } +] + +# tcp option sack1 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack1" + } + }, + "right": 1 + } + } +] + +# tcp option sack2 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack2" + } + }, + "right": 1 + } + } +] + +# tcp option sack3 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack3" + } + }, + "right": 1 + } + } +] + +# tcp option sack0 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack0" + } + }, + "right": 1 + } + } +] + +# tcp option sack1 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack1" + } + }, + "right": 1 + } + } +] + +# tcp option sack2 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack2" + } + }, + "right": 1 + } + } +] + +# tcp option sack3 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack3" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp tsval 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "tsval", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp tsecr 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "tsecr", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + +# tcp option window exists +[ + { + "match": { + "left": { + "tcp option": { + "name": "window" + } + }, + "right": true + } + } +] + +# tcp option window missing +[ + { + "match": { + "left": { + "tcp option": { + "name": "window" + } + }, + "right": false + } + } +] + +# tcp option maxseg size set 1360 +[ + { + "mangle": { + "left": { + "tcp option": { + "field": "size", + "name": "maxseg" + } + }, + "right": 1360 + } + } +] + diff --git a/tests/py/inet/tcpopt.t.json.output b/tests/py/inet/tcpopt.t.json.output new file mode 100644 index 00000000..302108c2 --- /dev/null +++ b/tests/py/inet/tcpopt.t.json.output @@ -0,0 +1,30 @@ +# tcp option sack0 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack0 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack" + } + }, + "right": 1 + } + } +] + diff --git a/tests/py/inet/udp.t.json b/tests/py/inet/udp.t.json new file mode 100644 index 00000000..d760fb75 --- /dev/null +++ b/tests/py/inet/udp.t.json @@ -0,0 +1,730 @@ +# udp sport 80 accept +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udp" + } + }, + "right": 80 + } + }, + { + "accept": null + } +] + +# udp sport != 60 accept +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udp" + } + }, + "op": "!=", + "right": 60 + } + }, + { + "accept": null + } +] + +# udp sport 50-70 accept +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udp" + } + }, + "right": { + "range": [ 50, 70 ] + } + } + }, + { + "accept": null + } +] + +# udp sport != 50-60 accept +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udp" + } + }, + "op": "!=", + "right": { + "range": [ 50, 60 ] + } + } + }, + { + "accept": null + } +] + +# udp sport { 49, 50} drop +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udp" + } + }, + "right": { + "set": [ + 49, + 50 + ] + } + } + }, + { + "drop": null + } +] + +# udp sport != { 50, 60} accept +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udp" + } + }, + "op": "!=", + "right": { + "set": [ + 50, + 60 + ] + } + } + }, + { + "accept": null + } +] + +# udp sport { 12-40} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udp" + } + }, + "right": { + "set": [ + { "range": [ 12, 40 ] } + ] + } + } + } +] + +# udp sport != { 13-24} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 13, 24 ] } + ] + } + } + } +] + +# udp dport 80 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 80 + } + }, + { + "accept": null + } +] + +# udp dport != 60 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "op": "!=", + "right": 60 + } + }, + { + "accept": null + } +] + +# udp dport 70-75 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": { + "range": [ 70, 75 ] + } + } + }, + { + "accept": null + } +] + +# udp dport != 50-60 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "op": "!=", + "right": { + "range": [ 50, 60 ] + } + } + }, + { + "accept": null + } +] + +# udp dport { 49, 50} drop +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": { + "set": [ + 49, + 50 + ] + } + } + }, + { + "drop": null + } +] + +# udp dport != { 50, 60} accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "op": "!=", + "right": { + "set": [ + 50, + 60 + ] + } + } + }, + { + "accept": null + } +] + +# udp dport { 70-75} accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": { + "set": [ + { "range": [ 70, 75 ] } + ] + } + } + }, + { + "accept": null + } +] + +# udp dport != { 50-60} accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 50, 60 ] } + ] + } + } + }, + { + "accept": null + } +] + +# udp length 6666 +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "udp" + } + }, + "right": 6666 + } + } +] + +# udp length != 6666 +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "udp" + } + }, + "op": "!=", + "right": 6666 + } + } +] + +# udp length 50-65 accept +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "udp" + } + }, + "right": { + "range": [ 50, 65 ] + } + } + }, + { + "accept": null + } +] + +# udp length != 50-65 accept +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "udp" + } + }, + "op": "!=", + "right": { + "range": [ 50, 65 ] + } + } + }, + { + "accept": null + } +] + +# udp length { 50, 65} accept +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "udp" + } + }, + "right": { + "set": [ + 50, + 65 + ] + } + } + }, + { + "accept": null + } +] + +# udp length != { 50, 65} accept +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "udp" + } + }, + "op": "!=", + "right": { + "set": [ + 50, + 65 + ] + } + } + }, + { + "accept": null + } +] + +# udp length { 35-50} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "udp" + } + }, + "right": { + "set": [ + { "range": [ 35, 50 ] } + ] + } + } + } +] + +# udp length != { 35-50} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "udp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 35, 50 ] } + ] + } + } + } +] + +# udp checksum 6666 drop +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "right": 6666 + } + }, + { + "drop": null + } +] + +# udp checksum != { 444, 555} accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "op": "!=", + "right": { + "set": [ + 444, + 555 + ] + } + } + }, + { + "accept": null + } +] + +# udp checksum 22 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "right": 22 + } + } +] + +# udp checksum != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# udp checksum 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# udp checksum != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# udp checksum { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# udp checksum != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# udp checksum { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# udp checksum != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# iif "lo" udp checksum set 0 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "checksum", + "name": "udp" + } + }, + "right": 0 + } + } +] + +# iif "lo" udp dport set 65535 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 65535 + } + } +] + diff --git a/tests/py/inet/udplite.t.json b/tests/py/inet/udplite.t.json new file mode 100644 index 00000000..5173a68c --- /dev/null +++ b/tests/py/inet/udplite.t.json @@ -0,0 +1,526 @@ +# udplite sport 80 accept +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udplite" + } + }, + "right": 80 + } + }, + { + "accept": null + } +] + +# udplite sport != 60 accept +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udplite" + } + }, + "op": "!=", + "right": 60 + } + }, + { + "accept": null + } +] + +# udplite sport 50-70 accept +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udplite" + } + }, + "right": { + "range": [ 50, 70 ] + } + } + }, + { + "accept": null + } +] + +# udplite sport != 50-60 accept +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udplite" + } + }, + "op": "!=", + "right": { + "range": [ 50, 60 ] + } + } + }, + { + "accept": null + } +] + +# udplite sport { 49, 50} drop +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udplite" + } + }, + "right": { + "set": [ + 49, + 50 + ] + } + } + }, + { + "drop": null + } +] + +# udplite sport != { 49, 50} accept +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udplite" + } + }, + "op": "!=", + "right": { + "set": [ + 49, + 50 + ] + } + } + }, + { + "accept": null + } +] + +# udplite sport { 12-40} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udplite" + } + }, + "right": { + "set": [ + { "range": [ 12, 40 ] } + ] + } + } + } +] + +# udplite sport != { 12-40} +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "name": "udplite" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 12, 40 ] } + ] + } + } + } +] + +# udplite dport 80 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udplite" + } + }, + "right": 80 + } + }, + { + "accept": null + } +] + +# udplite dport != 60 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udplite" + } + }, + "op": "!=", + "right": 60 + } + }, + { + "accept": null + } +] + +# udplite dport 70-75 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udplite" + } + }, + "right": { + "range": [ 70, 75 ] + } + } + }, + { + "accept": null + } +] + +# udplite dport != 50-60 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udplite" + } + }, + "op": "!=", + "right": { + "range": [ 50, 60 ] + } + } + }, + { + "accept": null + } +] + +# udplite dport { 49, 50} drop +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udplite" + } + }, + "right": { + "set": [ + 49, + 50 + ] + } + } + }, + { + "drop": null + } +] + +# udplite dport != { 49, 50} accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udplite" + } + }, + "op": "!=", + "right": { + "set": [ + 49, + 50 + ] + } + } + }, + { + "accept": null + } +] + +# udplite dport { 70-75} accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udplite" + } + }, + "right": { + "set": [ + { "range": [ 70, 75 ] } + ] + } + } + }, + { + "accept": null + } +] + +# udplite dport != { 70-75} accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udplite" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 70, 75 ] } + ] + } + } + }, + { + "accept": null + } +] + +# udplite checksum 6666 drop +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udplite" + } + }, + "right": 6666 + } + }, + { + "drop": null + } +] + +# udplite checksum != { 444, 555} accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udplite" + } + }, + "op": "!=", + "right": { + "set": [ + 444, + 555 + ] + } + } + }, + { + "accept": null + } +] + +# udplite checksum 22 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udplite" + } + }, + "right": 22 + } + } +] + +# udplite checksum != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udplite" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# udplite checksum 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udplite" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# udplite checksum != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udplite" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# udplite checksum { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udplite" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# udplite checksum != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udplite" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# udplite checksum { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udplite" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# udplite checksum != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "udplite" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + diff --git a/tests/py/ip/ct.t.json b/tests/py/ip/ct.t.json new file mode 100644 index 00000000..6314d5b2 --- /dev/null +++ b/tests/py/ip/ct.t.json @@ -0,0 +1,213 @@ +# ct original ip saddr 192.168.0.1 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "family": "ip", + "key": "saddr" + } + }, + "right": "192.168.0.1" + } + } +] + +# ct reply ip saddr 192.168.0.1 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "family": "ip", + "key": "saddr" + } + }, + "right": "192.168.0.1" + } + } +] + +# ct original ip daddr 192.168.0.1 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "family": "ip", + "key": "daddr" + } + }, + "right": "192.168.0.1" + } + } +] + +# ct reply ip daddr 192.168.0.1 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "family": "ip", + "key": "daddr" + } + }, + "right": "192.168.0.1" + } + } +] + +# ct original ip saddr 192.168.1.0/24 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "family": "ip", + "key": "saddr" + } + }, + "right": { + "prefix": { + "addr": "192.168.1.0", + "len": 24 + } + } + } + } +] + +# ct reply ip saddr 192.168.1.0/24 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "family": "ip", + "key": "saddr" + } + }, + "right": { + "prefix": { + "addr": "192.168.1.0", + "len": 24 + } + } + } + } +] + +# ct original ip daddr 192.168.1.0/24 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "family": "ip", + "key": "daddr" + } + }, + "right": { + "prefix": { + "addr": "192.168.1.0", + "len": 24 + } + } + } + } +] + +# ct reply ip daddr 192.168.1.0/24 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "family": "ip", + "key": "daddr" + } + }, + "right": { + "prefix": { + "addr": "192.168.1.0", + "len": 24 + } + } + } + } +] + +# ct l3proto ipv4 +[ + { + "match": { + "left": { + "ct": { + "key": "l3proto" + } + }, + "right": "ipv4" + } + } +] + +# ct protocol 6 ct original proto-dst 22 +[ + { + "match": { + "left": { + "ct": { + "key": "protocol" + } + }, + "right": 6 + } + }, + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "proto-dst" + } + }, + "right": 22 + } + } +] + +# ct original protocol 17 ct reply proto-src 53 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "protocol" + } + }, + "right": 17 + } + }, + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "proto-src" + } + }, + "right": 53 + } + } +] + diff --git a/tests/py/ip/ct.t.json.output b/tests/py/ip/ct.t.json.output new file mode 100644 index 00000000..2429ec69 --- /dev/null +++ b/tests/py/ip/ct.t.json.output @@ -0,0 +1,25 @@ +# ct original protocol 17 ct reply proto-src 53 +[ + { + "match": { + "left": { + "ct": { + "key": "protocol" + } + }, + "right": 17 + } + }, + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "proto-src" + } + }, + "right": 53 + } + } +] + diff --git a/tests/py/ip/dnat.t.json b/tests/py/ip/dnat.t.json new file mode 100644 index 00000000..56f8272f --- /dev/null +++ b/tests/py/ip/dnat.t.json @@ -0,0 +1,255 @@ +# iifname "eth0" tcp dport 80-90 dnat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "dnat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport != 80-90 dnat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "dnat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 23, + 80, + 90 + ] + } + } + }, + { + "dnat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 23, + 80, + 90 + ] + } + } + }, + { + "dnat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 23, 34 ] + } + } + }, + { + "dnat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 81 + } + }, + { + "dnat": { + "addr": "192.168.3.2", + "port": 8080 + } + } +] + +# dnat to ct mark map { 0x00000014 : 1.2.3.4} +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "set": [ + [ + "0x00000014", + "1.2.3.4" + ] + ] + } + } + } + } + } +] + +# dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "concat": [ + { + "ct": { + "key": "mark" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + } + ] + }, + "right": { + "set": [ + [ + { + "concat": [ + "0x00000014", + "1.1.1.1" + ] + }, + "1.2.3.4" + ] + ] + } + } + } + } + } +] + diff --git a/tests/py/ip/dnat.t.json.output b/tests/py/ip/dnat.t.json.output new file mode 100644 index 00000000..73b6b204 --- /dev/null +++ b/tests/py/ip/dnat.t.json.output @@ -0,0 +1,65 @@ +# dnat to ct mark map { 0x00000014 : 1.2.3.4} +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "set": [ + [ + 20, + "1.2.3.4" + ] + ] + } + } + } + } + } +] + +# dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "concat": [ + { + "ct": { + "key": "mark" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + } + ] + }, + "right": { + "set": [ + [ + { + "concat": [ + 20, + "1.1.1.1" + ] + }, + "1.2.3.4" + ] + ] + } + } + } + } + } +] + diff --git a/tests/py/ip/dup.t.json b/tests/py/ip/dup.t.json new file mode 100644 index 00000000..abc5be47 --- /dev/null +++ b/tests/py/ip/dup.t.json @@ -0,0 +1,46 @@ +# dup to 192.168.2.1 +[ + { + "dup": { + "addr": "192.168.2.1" + } + } +] + +# dup to 192.168.2.1 device "lo" +[ + { + "dup": { + "addr": "192.168.2.1", + "dev": "lo" + } + } +] + +# dup to ip saddr map { 192.168.2.120 : 192.168.2.1 } device "lo" +[ + { + "dup": { + "addr": { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "set": [ + [ + "192.168.2.120", + "192.168.2.1" + ] + ] + } + } + }, + "dev": "lo" + } + } +] + diff --git a/tests/py/ip/ether.t.json b/tests/py/ip/ether.t.json new file mode 100644 index 00000000..022ae0b5 --- /dev/null +++ b/tests/py/ip/ether.t.json @@ -0,0 +1,151 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "meta": "iiftype" + }, + "right": "ether" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + } +] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + } +] + +# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "accept": null + } +] + diff --git a/tests/py/ip/ether.t.json.output b/tests/py/ip/ether.t.json.output new file mode 100644 index 00000000..d3127161 --- /dev/null +++ b/tests/py/ip/ether.t.json.output @@ -0,0 +1,40 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + diff --git a/tests/py/ip/flowtable.t.json b/tests/py/ip/flowtable.t.json new file mode 100644 index 00000000..e6fc09f4 --- /dev/null +++ b/tests/py/ip/flowtable.t.json @@ -0,0 +1,23 @@ +# meter xyz { ip saddr timeout 30s counter} +[ + { + "meter": { + "key": { + "elem": { + "elem_timeout": 30, + "val": { + "payload": { + "field": "saddr", + "name": "ip" + } + } + } + }, + "name": "xyz", + "stmt": { + "counter": null + } + } + } +] + diff --git a/tests/py/ip/hash.t.json b/tests/py/ip/hash.t.json new file mode 100644 index 00000000..a463f94d --- /dev/null +++ b/tests/py/ip/hash.t.json @@ -0,0 +1,230 @@ +# ct mark set jhash ip saddr . ip daddr mod 2 seed 0xdeadbeef +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "jhash": { + "expr": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + } + ] + }, + "mod": 2, + "seed": 3735928559 + } + } + } + } +] + +# ct mark set jhash ip saddr . ip daddr mod 2 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "jhash": { + "expr": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + } + ] + }, + "mod": 2 + } + } + } + } +] + +# ct mark set jhash ip saddr . ip daddr mod 2 seed 0x0 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "jhash": { + "expr": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + } + ] + }, + "mod": 2, + "seed": 0 + } + } + } + } +] + +# ct mark set jhash ip saddr . ip daddr mod 2 seed 0xdeadbeef offset 100 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "jhash": { + "expr": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + } + ] + }, + "mod": 2, + "offset": 100, + "seed": 3735928559 + } + } + } + } +] + +# ct mark set jhash ip saddr . ip daddr mod 2 offset 100 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "jhash": { + "expr": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + } + ] + }, + "mod": 2, + "offset": 100 + } + } + } + } +] + +# dnat to jhash ip saddr mod 2 seed 0xdeadbeef map { 0 : 192.168.20.100, 1 : 192.168.30.100 } +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "jhash": { + "expr": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "mod": 2, + "seed": 3735928559 + } + }, + "right": { + "set": [ + [ + 0, + "192.168.20.100" + ], + [ + 1, + "192.168.30.100" + ] + ] + } + } + } + } + } +] + +# ct mark set symhash mod 2 offset 100 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "symhash": { + "mod": 2, + "offset": 100 + } + } + } + } +] + diff --git a/tests/py/ip/icmp.t.json b/tests/py/ip/icmp.t.json new file mode 100644 index 00000000..4d51ad2f --- /dev/null +++ b/tests/py/ip/icmp.t.json @@ -0,0 +1,1382 @@ +# icmp type echo-reply accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-reply" + } + }, + { + "accept": null + } +] + +# icmp type destination-unreachable accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "destination-unreachable" + } + }, + { + "accept": null + } +] + +# icmp type source-quench accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "source-quench" + } + }, + { + "accept": null + } +] + +# icmp type redirect accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "redirect" + } + }, + { + "accept": null + } +] + +# icmp type echo-request accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + }, + { + "accept": null + } +] + +# icmp type time-exceeded accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "time-exceeded" + } + }, + { + "accept": null + } +] + +# icmp type parameter-problem accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "parameter-problem" + } + }, + { + "accept": null + } +] + +# icmp type timestamp-request accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "timestamp-request" + } + }, + { + "accept": null + } +] + +# icmp type timestamp-reply accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "timestamp-reply" + } + }, + { + "accept": null + } +] + +# icmp type info-request accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "info-request" + } + }, + { + "accept": null + } +] + +# icmp type info-reply accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "info-reply" + } + }, + { + "accept": null + } +] + +# icmp type address-mask-request accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "address-mask-request" + } + }, + { + "accept": null + } +] + +# icmp type address-mask-reply accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "address-mask-reply" + } + }, + { + "accept": null + } +] + +# icmp type router-advertisement accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "router-advertisement" + } + }, + { + "accept": null + } +] + +# icmp type router-solicitation accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "router-solicitation" + } + }, + { + "accept": null + } +] + +# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply, router-advertisement, router-solicitation} accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": { + "set": [ + "echo-reply", + "destination-unreachable", + "source-quench", + "redirect", + "echo-request", + "time-exceeded", + "parameter-problem", + "timestamp-request", + "timestamp-reply", + "info-request", + "info-reply", + "address-mask-request", + "address-mask-reply", + "router-advertisement", + "router-solicitation" + ] + } + } + }, + { + "accept": null + } +] + +# icmp type != {echo-reply, destination-unreachable, source-quench} +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + "echo-reply", + "destination-unreachable", + "source-quench" + ] + } + } + } +] + +# icmp code 111 accept +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmp" + } + }, + "right": 111 + } + }, + { + "accept": null + } +] + +# icmp code != 111 accept +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmp" + } + }, + "op": "!=", + "right": 111 + } + }, + { + "accept": null + } +] + +# icmp code 33-55 +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmp" + } + }, + "right": { + "range": [ 33, 55 ] + } + } + } +] + +# icmp code != 33-55 +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 55 ] + } + } + } +] + +# icmp code { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp code != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp code { 2, 4, 54, 33, 56} +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmp" + } + }, + "right": { + "set": [ + 2, + 4, + 33, + 54, + 56 + ] + } + } + } +] + +# icmp code != { 2, 4, 54, 33, 56} +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + 2, + 4, + 33, + 54, + 56 + ] + } + } + } +] + +# icmp checksum 12343 accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmp" + } + }, + "right": 12343 + } + }, + { + "accept": null + } +] + +# icmp checksum != 12343 accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmp" + } + }, + "op": "!=", + "right": 12343 + } + }, + { + "accept": null + } +] + +# icmp checksum 11-343 accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmp" + } + }, + "right": { + "range": [ 11, 343 ] + } + } + }, + { + "accept": null + } +] + +# icmp checksum != 11-343 accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "range": [ 11, 343 ] + } + } + }, + { + "accept": null + } +] + +# icmp checksum { 11-343} accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmp" + } + }, + "right": { + "set": [ + { "range": [ 11, 343 ] } + ] + } + } + }, + { + "accept": null + } +] + +# icmp checksum != { 11-343} accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 11, 343 ] } + ] + } + } + }, + { + "accept": null + } +] + +# icmp checksum { 1111, 222, 343} accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmp" + } + }, + "right": { + "set": [ + 1111, + 222, + 343 + ] + } + } + }, + { + "accept": null + } +] + +# icmp checksum != { 1111, 222, 343} accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + 1111, + 222, + 343 + ] + } + } + }, + { + "accept": null + } +] + +# icmp id 1245 log +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmp" + } + }, + "right": 1245 + } + }, + { + "log": null + } +] + +# icmp id 22 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmp" + } + }, + "right": 22 + } + } +] + +# icmp id != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# icmp id 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmp id != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmp id { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp id != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp id { 22, 34, 333} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmp" + } + }, + "right": { + "set": [ + 22, + 34, + 333 + ] + } + } + } +] + +# icmp id != { 22, 34, 333} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + 22, + 34, + 333 + ] + } + } + } +] + +# icmp sequence 22 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmp" + } + }, + "right": 22 + } + } +] + +# icmp sequence != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# icmp sequence 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmp sequence != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmp sequence { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmp sequence != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmp sequence { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp sequence != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp mtu 33 +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "right": 33 + } + } +] + +# icmp mtu 22-33 +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "right": { + "range": [ 22, 33 ] + } + } + } +] + +# icmp mtu { 22-33} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "right": { + "set": [ + { "range": [ 22, 33 ] } + ] + } + } + } +] + +# icmp mtu != { 22-33} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 22, 33 ] } + ] + } + } + } +] + +# icmp mtu 22 +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "right": 22 + } + } +] + +# icmp mtu != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# icmp mtu 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmp mtu != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmp mtu { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmp mtu != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmp mtu { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp mtu != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp gateway 22 +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "name": "icmp" + } + }, + "right": 22 + } + } +] + +# icmp gateway != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "name": "icmp" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# icmp gateway 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "name": "icmp" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmp gateway != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmp gateway { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "name": "icmp" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmp gateway != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmp gateway { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "name": "icmp" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp gateway != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp gateway != 34 +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "name": "icmp" + } + }, + "op": "!=", + "right": 34 + } + } +] + +# icmp gateway != { 333, 334} +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + 333, + 334 + ] + } + } + } +] + diff --git a/tests/py/ip/icmp.t.json.output b/tests/py/ip/icmp.t.json.output new file mode 100644 index 00000000..488048f7 --- /dev/null +++ b/tests/py/ip/icmp.t.json.output @@ -0,0 +1,85 @@ +# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply, router-advertisement, router-solicitation} accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": { + "set": [ + "echo-reply", + "destination-unreachable", + "source-quench", + "redirect", + "echo-request", + "router-advertisement", + "router-solicitation", + "time-exceeded", + "parameter-problem", + "timestamp-request", + "timestamp-reply", + "info-request", + "info-reply", + "address-mask-request", + "address-mask-reply" + ] + } + } + }, + { + "accept": null + } +] + +# icmp checksum { 1111, 222, 343} accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmp" + } + }, + "right": { + "set": [ + 222, + 343, + 1111 + ] + } + } + }, + { + "accept": null + } +] + +# icmp checksum != { 1111, 222, 343} accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + 222, + 343, + 1111 + ] + } + } + }, + { + "accept": null + } +] + diff --git a/tests/py/ip/ip.t.json b/tests/py/ip/ip.t.json new file mode 100644 index 00000000..abd45ce7 --- /dev/null +++ b/tests/py/ip/ip.t.json @@ -0,0 +1,1781 @@ +# ip dscp cs1 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "right": "cs1" + } + } +] + +# ip dscp != cs1 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "op": "!=", + "right": "cs1" + } + } +] + +# ip dscp 0x38 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "right": "0x38" + } + } +] + +# ip dscp != 0x20 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "op": "!=", + "right": "0x20" + } + } +] + +# ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "right": { + "set": [ + "cs0", + "cs1", + "cs2", + "cs3", + "cs4", + "cs5", + "cs6", + "cs7", + "af11", + "af12", + "af13", + "af21", + "af22", + "af23", + "af31", + "af32", + "af33", + "af41", + "af42", + "af43", + "ef" + ] + } + } + } +] + +# ip dscp != {cs0, cs3} +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + "cs0", + "cs3" + ] + } + } + } +] + +# ip dscp vmap { cs1 : continue , cs4 : accept } counter +[ + { + "map": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "right": { + "set": [ + [ + "cs1", + { + "continue": null + } + ], + [ + "cs4", + { + "accept": null + } + ] + ] + } + } + }, + { + "counter": null + } +] + +# ip length 232 +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip" + } + }, + "right": 232 + } + } +] + +# ip length != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# ip length 333-435 +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip" + } + }, + "right": { + "range": [ 333, 435 ] + } + } + } +] + +# ip length != 333-453 +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip" + } + }, + "op": "!=", + "right": { + "range": [ 333, 453 ] + } + } + } +] + +# ip length { 333, 553, 673, 838} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip" + } + }, + "right": { + "set": [ + 333, + 553, + 673, + 838 + ] + } + } + } +] + +# ip length != { 333, 553, 673, 838} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + 333, + 553, + 673, + 838 + ] + } + } + } +] + +# ip length { 333-535} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip" + } + }, + "right": { + "set": [ + { "range": [ 333, 535 ] } + ] + } + } + } +] + +# ip length != { 333-535} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 333, 535 ] } + ] + } + } + } +] + +# ip id 22 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "ip" + } + }, + "right": 22 + } + } +] + +# ip id != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "ip" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# ip id 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "ip" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ip id != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "ip" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ip id { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "ip" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip id != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip id { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "ip" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip id != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip frag-off 222 accept +[ + { + "match": { + "left": { + "payload": { + "field": "frag-off", + "name": "ip" + } + }, + "right": 222 + } + }, + { + "accept": null + } +] + +# ip frag-off != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "frag-off", + "name": "ip" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# ip frag-off 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "frag-off", + "name": "ip" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ip frag-off != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "frag-off", + "name": "ip" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ip frag-off { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "frag-off", + "name": "ip" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip frag-off != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "frag-off", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip frag-off { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "frag-off", + "name": "ip" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip frag-off != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "frag-off", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip ttl 0 drop +[ + { + "match": { + "left": { + "payload": { + "field": "ttl", + "name": "ip" + } + }, + "right": 0 + } + }, + { + "drop": null + } +] + +# ip ttl 233 +[ + { + "match": { + "left": { + "payload": { + "field": "ttl", + "name": "ip" + } + }, + "right": 233 + } + } +] + +# ip ttl 33-55 +[ + { + "match": { + "left": { + "payload": { + "field": "ttl", + "name": "ip" + } + }, + "right": { + "range": [ 33, 55 ] + } + } + } +] + +# ip ttl != 45-50 +[ + { + "match": { + "left": { + "payload": { + "field": "ttl", + "name": "ip" + } + }, + "op": "!=", + "right": { + "range": [ 45, 50 ] + } + } + } +] + +# ip ttl {43, 53, 45 } +[ + { + "match": { + "left": { + "payload": { + "field": "ttl", + "name": "ip" + } + }, + "right": { + "set": [ + 43, + 45, + 53 + ] + } + } + } +] + +# ip ttl != {43, 53, 45 } +[ + { + "match": { + "left": { + "payload": { + "field": "ttl", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + 43, + 45, + 53 + ] + } + } + } +] + +# ip ttl { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "ttl", + "name": "ip" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip ttl != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "ttl", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip protocol tcp +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "tcp" + } + } +] + +# ip protocol != tcp +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "op": "!=", + "right": "tcp" + } + } +] + +# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": { + "set": [ + "icmp", + "esp", + "ah", + "comp", + "udp", + "udplite", + "tcp", + "dccp", + "sctp" + ] + } + } + }, + { + "accept": null + } +] + +# ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + "icmp", + "esp", + "ah", + "comp", + "udp", + "udplite", + "tcp", + "dccp", + "sctp" + ] + } + } + }, + { + "accept": null + } +] + +# ip protocol 255 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 255 + } + } +] + +# ip checksum 13172 drop +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "ip" + } + }, + "right": 13172 + } + }, + { + "drop": null + } +] + +# ip checksum 22 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "ip" + } + }, + "right": 22 + } + } +] + +# ip checksum != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "ip" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# ip checksum 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "ip" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ip checksum != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "ip" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ip checksum { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "ip" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip checksum != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip checksum { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "ip" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip checksum != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip saddr 192.168.2.0/24 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "prefix": { + "addr": "192.168.2.0", + "len": 24 + } + } + } + } +] + +# ip saddr != 192.168.2.0/24 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "op": "!=", + "right": { + "prefix": { + "addr": "192.168.2.0", + "len": 24 + } + } + } + } +] + +# ip saddr 192.168.3.1 ip daddr 192.168.3.100 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "192.168.3.1" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "192.168.3.100" + } + } +] + +# ip saddr != 1.1.1.1 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "op": "!=", + "right": "1.1.1.1" + } + } +] + +# ip saddr 1.1.1.1 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "1.1.1.1" + } + } +] + +# ip daddr 192.168.0.1-192.168.0.250 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": { + "range": [ "192.168.0.1", "192.168.0.250" ] + } + } + } +] + +# ip daddr 10.0.0.0-10.255.255.255 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": { + "range": [ "10.0.0.0", "10.255.255.255" ] + } + } + } +] + +# ip daddr 172.16.0.0-172.31.255.255 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": { + "range": [ "172.16.0.0", "172.31.255.255" ] + } + } + } +] + +# ip daddr 192.168.3.1-192.168.4.250 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": { + "range": [ "192.168.3.1", "192.168.4.250" ] + } + } + } +] + +# ip daddr != 192.168.0.1-192.168.0.250 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "op": "!=", + "right": { + "range": [ "192.168.0.1", "192.168.0.250" ] + } + } + } +] + +# ip daddr { 192.168.0.1-192.168.0.250} +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": { + "set": [ + { "range": [ "192.168.0.1", "192.168.0.250" ] } + ] + } + } + } +] + +# ip daddr != { 192.168.0.1-192.168.0.250} +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ "192.168.0.1", "192.168.0.250" ] } + ] + } + } + } +] + +# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": { + "set": [ + "192.168.5.1", + "192.168.5.2", + "192.168.5.3" + ] + } + } + }, + { + "accept": null + } +] + +# ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + "192.168.5.1", + "192.168.5.2", + "192.168.5.3" + ] + } + } + }, + { + "accept": null + } +] + +# ip daddr 192.168.1.2-192.168.1.55 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": { + "range": [ "192.168.1.2", "192.168.1.55" ] + } + } + } +] + +# ip daddr != 192.168.1.2-192.168.1.55 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "op": "!=", + "right": { + "range": [ "192.168.1.2", "192.168.1.55" ] + } + } + } +] + +# ip saddr 192.168.1.3-192.168.33.55 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "range": [ "192.168.1.3", "192.168.33.55" ] + } + } + } +] + +# ip saddr != 192.168.1.3-192.168.33.55 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "op": "!=", + "right": { + "range": [ "192.168.1.3", "192.168.33.55" ] + } + } + } +] + +# ip daddr 192.168.0.1 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "192.168.0.1" + } + } +] + +# ip daddr 192.168.0.1 drop +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "192.168.0.1" + } + }, + { + "drop": null + } +] + +# ip daddr 192.168.0.2 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "192.168.0.2" + } + } +] + +# ip saddr & 0xff == 1 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "0xff" + ] + }, + "op": "==", + "right": 1 + } + } +] + +# ip saddr & 0.0.0.255 < 0.0.0.127 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "0.0.0.255" + ] + }, + "op": "<", + "right": "0.0.0.127" + } + } +] + +# ip saddr & 0xffff0000 == 0xffff0000 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "0xffff0000" + ] + }, + "right": "0xffff0000" + } + } +] + +# ip version 4 ip hdrlength 5 +[ + { + "match": { + "left": { + "payload": { + "field": "version", + "name": "ip" + } + }, + "right": 4 + } + }, + { + "match": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ip" + } + }, + "right": 5 + } + } +] + +# ip hdrlength 0 +[ + { + "match": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ip" + } + }, + "right": 0 + } + } +] + +# ip hdrlength 15 +[ + { + "match": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ip" + } + }, + "right": 15 + } + } +] + +# ip hdrlength vmap { 0-4 : drop, 5 : accept, 6 : continue } counter +[ + { + "map": { + "left": { + "payload": { + "field": "hdrlength", + "name": "ip" + } + }, + "right": { + "set": [ + [ + { "range": [ 0, 4 ] }, + { "drop": null } + ], + [ + 5, + { "accept": null } + ], + [ + 6, + { "continue": null } + ] + ] + } + } + }, + { + "counter": null + } +] + +# iif "lo" ip daddr set 127.0.0.1 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "127.0.0.1" + } + } +] + +# iif "lo" ip checksum set 0 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "checksum", + "name": "ip" + } + }, + "right": 0 + } + } +] + +# iif "lo" ip id set 0 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "id", + "name": "ip" + } + }, + "right": 0 + } + } +] + +# iif "lo" ip ecn set 1 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "ecn", + "name": "ip" + } + }, + "right": 1 + } + } +] + +# iif "lo" ip ecn set ce +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "ecn", + "name": "ip" + } + }, + "right": "ce" + } + } +] + +# iif "lo" ip ttl set 23 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "ttl", + "name": "ip" + } + }, + "right": 23 + } + } +] + +# iif "lo" ip protocol set 1 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 1 + } + } +] + +# iif "lo" ip dscp set af23 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "right": "af23" + } + } +] + +# iif "lo" ip dscp set cs0 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "right": "cs0" + } + } +] + diff --git a/tests/py/ip/ip.t.json.output b/tests/py/ip/ip.t.json.output new file mode 100644 index 00000000..21143089 --- /dev/null +++ b/tests/py/ip/ip.t.json.output @@ -0,0 +1,226 @@ +# ip dscp 0x38 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "right": "cs7" + } + } +] + +# ip dscp != 0x20 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "op": "!=", + "right": "cs4" + } + } +] + +# ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip" + } + }, + "right": { + "set": [ + "cs0", + "cs1", + "af11", + "af12", + "af13", + "cs2", + "af21", + "af22", + "af23", + "cs3", + "af31", + "af32", + "af33", + "cs4", + "af41", + "af42", + "af43", + "cs5", + "ef", + "cs6", + "cs7" + ] + } + } + } +] + +# ip protocol tcp +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 6 + } + } +] + +# ip protocol != tcp +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "op": "!=", + "right": 6 + } + } +] + +# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": { + "set": [ + 1, + 6, + 17, + 33, + 50, + 51, + 108, + 132, + 136 + ] + } + } + }, + { + "accept": null + } +] + +# ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + 1, + 6, + 17, + 33, + 50, + 51, + 108, + 132, + 136 + ] + } + } + }, + { + "accept": null + } +] + +# ip saddr & 0xff == 1 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "0.0.0.255" + ] + }, + "op": "==", + "right": "0.0.0.1" + } + } +] + +# ip saddr & 0xffff0000 == 0xffff0000 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "prefix": { + "addr": "255.255.0.0", + "len": 16 + } + } + } + } +] + +# iif "lo" ip ecn set 1 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "ecn", + "name": "ip" + } + }, + "right": "ect1" + } + } +] + diff --git a/tests/py/ip/ip_tcp.t.json b/tests/py/ip/ip_tcp.t.json new file mode 100644 index 00000000..82b7cdcc --- /dev/null +++ b/tests/py/ip/ip_tcp.t.json @@ -0,0 +1,60 @@ +# ip protocol tcp tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "tcp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# ip protocol tcp meta mark set 1 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "tcp" + } + }, + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + diff --git a/tests/py/ip/ip_tcp.t.json.output b/tests/py/ip/ip_tcp.t.json.output new file mode 100644 index 00000000..bbc318a7 --- /dev/null +++ b/tests/py/ip/ip_tcp.t.json.output @@ -0,0 +1,49 @@ +# ip protocol tcp tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + +# ip protocol tcp meta mark set 1 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 6 + } + }, + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + } +] + diff --git a/tests/py/ip/masquerade.t.json b/tests/py/ip/masquerade.t.json new file mode 100644 index 00000000..44f371ad --- /dev/null +++ b/tests/py/ip/masquerade.t.json @@ -0,0 +1,411 @@ +# udp dport 53 masquerade +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": null + } +] + +# udp dport 53 masquerade random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": "random" + } + } +] + +# udp dport 53 masquerade random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade random,persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "persistent", + "fully-random" + ] + } + } +] + +# udp dport 53 masquerade random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random" + ] + } + } +] + +# udp dport 53 masquerade random,fully-random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": "persistent" + } + } +] + +# udp dport 53 masquerade persistent,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "random" + ] + } + } +] + +# udp dport 53 masquerade persistent,random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "random", + "fully-random" + ] + } + } +] + +# udp dport 53 masquerade persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "fully-random" + ] + } + } +] + +# udp dport 53 masquerade persistent,fully-random,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "fully-random", + "random" + ] + } + } +] + +# ip protocol 6 masquerade to :1024 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 6 + } + }, + { + "masquerade": { + "port": 1024 + } + } +] + +# ip protocol 6 masquerade to :1024-2048 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 6 + } + }, + { + "masquerade": { + "port": { + "range": [ 1024, 2048 ] + } + } + } +] + +# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 101, + 202, + 303, + 1001, + 2002, + 3003 + ] + } + } + }, + { + "masquerade": null + } +] + +# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter masquerade +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": { + "range": [ "10.0.0.0", "10.2.3.4" ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "counter": null + }, + { + "masquerade": null + } +] + +# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": [ + "established", + "new" + ] + } + }, + { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 22, + { + "drop": null + } + ], + [ + 222, + { + "drop": null + } + ] + ] + } + } + }, + { + "masquerade": null + } +] + diff --git a/tests/py/ip/masquerade.t.json.output b/tests/py/ip/masquerade.t.json.output new file mode 100644 index 00000000..c6e6ef04 --- /dev/null +++ b/tests/py/ip/masquerade.t.json.output @@ -0,0 +1,118 @@ +# udp dport 53 masquerade random,persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade persistent,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade persistent,random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade persistent,fully-random,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + diff --git a/tests/py/ip/meta.t.json b/tests/py/ip/meta.t.json new file mode 100644 index 00000000..e538b748 --- /dev/null +++ b/tests/py/ip/meta.t.json @@ -0,0 +1,99 @@ +# icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# meta l4proto icmp icmp type echo-request +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": "icmp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# meta l4proto ipv6-icmp icmpv6 type nd-router-advert +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": "ipv6-icmp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-router-advert" + } + } +] + +# meta l4proto 58 icmpv6 type nd-router-advert +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": 58 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-router-advert" + } + } +] + +# icmpv6 type nd-router-advert +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-router-advert" + } + } +] + diff --git a/tests/py/ip/meta.t.json.output b/tests/py/ip/meta.t.json.output new file mode 100644 index 00000000..5908ca6b --- /dev/null +++ b/tests/py/ip/meta.t.json.output @@ -0,0 +1,45 @@ +# meta l4proto icmp icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# meta l4proto ipv6-icmp icmpv6 type nd-router-advert +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-router-advert" + } + } +] + +# meta l4proto 58 icmpv6 type nd-router-advert +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-router-advert" + } + } +] + diff --git a/tests/py/ip/numgen.t.json b/tests/py/ip/numgen.t.json new file mode 100644 index 00000000..70514abb --- /dev/null +++ b/tests/py/ip/numgen.t.json @@ -0,0 +1,99 @@ +# ct mark set numgen inc mod 2 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "numgen": { + "mod": 2, + "mode": "inc" + } + } + } + } +] + +# ct mark set numgen inc mod 2 offset 100 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "numgen": { + "mod": 2, + "mode": "inc", + "offset": 100 + } + } + } + } +] + +# dnat to numgen inc mod 2 map { 0 : 192.168.10.100, 1 : 192.168.20.200 } +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "numgen": { + "mod": 2, + "mode": "inc" + } + }, + "right": { + "set": [ + [ + 0, + "192.168.10.100" + ], + [ + 1, + "192.168.20.200" + ] + ] + } + } + } + } + } +] + +# dnat to numgen inc mod 10 map { 0-5 : 192.168.10.100, 6-9 : 192.168.20.200} +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "numgen": { + "mod": 10, + "mode": "inc" + } + }, + "right": { + "set": [ + [ + { "range": [ 0, 5 ] }, + "192.168.10.100" + ], + [ + { "range": [ 6, 9 ] }, + "192.168.20.200" + ] + ] + } + } + } + } + } +] + diff --git a/tests/py/ip/numgen.t.json.output b/tests/py/ip/numgen.t.json.output new file mode 100644 index 00000000..7a989551 --- /dev/null +++ b/tests/py/ip/numgen.t.json.output @@ -0,0 +1,82 @@ +# ct mark set numgen inc mod 2 +[ + { + "mangle": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "numgen": { + "mod": 2, + "mode": "inc", + "offset": 0 + } + } + } + } +] + +# dnat to numgen inc mod 2 map { 0 : 192.168.10.100, 1 : 192.168.20.200 } +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "numgen": { + "mod": 2, + "mode": "inc", + "offset": 0 + } + }, + "right": { + "set": [ + [ + 0, + "192.168.10.100" + ], + [ + 1, + "192.168.20.200" + ] + ] + } + } + } + } + } +] + +# dnat to numgen inc mod 10 map { 0-5 : 192.168.10.100, 6-9 : 192.168.20.200} +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "numgen": { + "mod": 10, + "mode": "inc", + "offset": 0 + } + }, + "right": { + "set": [ + [ + { "range": [ 0, 5 ] }, + "192.168.10.100" + ], + [ + { "range": [ 6, 9 ] }, + "192.168.20.200" + ] + ] + } + } + } + } + } +] + diff --git a/tests/py/ip/objects.t.json b/tests/py/ip/objects.t.json new file mode 100644 index 00000000..c83cc6a4 --- /dev/null +++ b/tests/py/ip/objects.t.json @@ -0,0 +1,185 @@ +# ip saddr 192.168.1.3 counter name "cnt2" +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "192.168.1.3" + } + }, + { + "counter": "cnt2" + } +] + +# counter name tcp dport map {443 : "cnt1", 80 : "cnt2", 22 : "cnt1"} +[ + { + "counter": { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 443, + "cnt1" + ], + [ + 80, + "cnt2" + ], + [ + 22, + "cnt1" + ] + ] + } + } + } + } +] + +# ip saddr 192.168.1.3 quota name "qt1" +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "192.168.1.3" + } + }, + { + "quota": "qt1" + } +] + +# quota name tcp dport map {443 : "qt1", 80 : "qt2", 22 : "qt1"} +[ + { + "quota": { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 443, + "qt1" + ], + [ + 80, + "qt2" + ], + [ + 22, + "qt1" + ] + ] + } + } + } + } +] + +# ct helper set "cthelp1" +[ + { + "cthelper": "cthelp1" + } +] + +# ct helper set tcp dport map {21 : "cthelp1", 2121 : "cthelp1" } +[ + { + "cthelper": { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 21, + "cthelp1" + ], + [ + 2121, + "cthelp1" + ] + ] + } + } + } + } +] + +# ip saddr 192.168.1.3 limit name "lim1" +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "192.168.1.3" + } + }, + { + "limit": "lim1" + } +] + +# limit name tcp dport map {443 : "lim1", 80 : "lim2", 22 : "lim1"} +[ + { + "limit": { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 22, + "lim1" + ], + [ + 80, + "lim2" + ], + [ + 443, + "lim1" + ] + ] + } + } + } + } +] + diff --git a/tests/py/ip/objects.t.json.output b/tests/py/ip/objects.t.json.output new file mode 100644 index 00000000..ea0e991e --- /dev/null +++ b/tests/py/ip/objects.t.json.output @@ -0,0 +1,64 @@ +# counter name tcp dport map {443 : "cnt1", 80 : "cnt2", 22 : "cnt1"} +[ + { + "counter": { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 22, + "cnt1" + ], + [ + 80, + "cnt2" + ], + [ + 443, + "cnt1" + ] + ] + } + } + } + } +] + +# quota name tcp dport map {443 : "qt1", 80 : "qt2", 22 : "qt1"} +[ + { + "quota": { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 22, + "qt1" + ], + [ + 80, + "qt2" + ], + [ + 443, + "qt1" + ] + ] + } + } + } + } +] + diff --git a/tests/py/ip/redirect.t.json b/tests/py/ip/redirect.t.json new file mode 100644 index 00000000..b22a327d --- /dev/null +++ b/tests/py/ip/redirect.t.json @@ -0,0 +1,610 @@ +# udp dport 53 redirect +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": null + } +] + +# udp dport 53 redirect random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": "random" + } + } +] + +# udp dport 53 redirect random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect random,persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "persistent", + "fully-random" + ] + } + } +] + +# udp dport 53 redirect random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "fully-random" + ] + } + } +] + +# udp dport 53 redirect random,fully-random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": "persistent" + } + } +] + +# udp dport 53 redirect persistent,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "persistent", + "random" + ] + } + } +] + +# udp dport 53 redirect persistent,random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "persistent", + "random", + "fully-random" + ] + } + } +] + +# udp dport 53 redirect persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "persistent", + "fully-random" + ] + } + } +] + +# udp dport 53 redirect persistent,fully-random,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "persistent", + "fully-random", + "random" + ] + } + } +] + +# tcp dport 22 redirect to :22 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "redirect": { + "port": 22 + } + } +] + +# udp dport 1234 redirect to :4321 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 1234 + } + }, + { + "redirect": { + "port": 4321 + } + } +] + +# ip daddr 172.16.0.1 udp dport 9998 redirect to :6515 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": "172.16.0.1" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 9998 + } + }, + { + "redirect": { + "port": 6515 + } + } +] + +# tcp dport 39128 redirect to :993 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 39128 + } + }, + { + "redirect": { + "port": 993 + } + } +] + +# ip protocol tcp redirect to :100-200 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "tcp" + } + }, + { + "redirect": { + "port": { + "range": [ 100, 200 ] + } + } + } +] + +# tcp dport 9128 redirect to :993 random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 9128 + } + }, + { + "redirect": { + "flags": "random", + "port": 993 + } + } +] + +# tcp dport 9128 redirect to :993 fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 9128 + } + }, + { + "redirect": { + "flags": "fully-random", + "port": 993 + } + } +] + +# tcp dport 9128 redirect to :123 persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 9128 + } + }, + { + "redirect": { + "flags": "persistent", + "port": 123 + } + } +] + +# tcp dport 9128 redirect to :123 random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 9128 + } + }, + { + "redirect": { + "flags": [ + "random", + "persistent" + ], + "port": 123 + } + } +] + +# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 101, + 202, + 303, + 1001, + 2002, + 3003 + ] + } + } + }, + { + "redirect": null + } +] + +# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter redirect +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip" + } + }, + "right": { + "range": [ "10.0.0.0", "10.2.3.4" ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "counter": null + }, + { + "redirect": null + } +] + +# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": [ + "established", + "new" + ] + } + }, + { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 22, + { + "drop": null + } + ], + [ + 222, + { + "drop": null + } + ] + ] + } + } + }, + { + "redirect": null + } +] + +# ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080} +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 6 + } + }, + { + "redirect": { + "port": { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 22, + 8000 + ], + [ + 80, + 8080 + ] + ] + } + } + } + } + } +] + diff --git a/tests/py/ip/redirect.t.json.output b/tests/py/ip/redirect.t.json.output new file mode 100644 index 00000000..3db03be2 --- /dev/null +++ b/tests/py/ip/redirect.t.json.output @@ -0,0 +1,140 @@ +# udp dport 53 redirect random,persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect persistent,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect persistent,random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect persistent,fully-random,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# ip protocol tcp redirect to :100-200 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": 6 + } + }, + { + "redirect": { + "port": { + "range": [ 100, 200 ] + } + } + } +] + diff --git a/tests/py/ip/reject.t.json b/tests/py/ip/reject.t.json new file mode 100644 index 00000000..e0b8e2b2 --- /dev/null +++ b/tests/py/ip/reject.t.json @@ -0,0 +1,94 @@ +# reject +[ + { + "reject": null + } +] + +# reject with icmp type host-unreachable +[ + { + "reject": { + "expr": "host-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type net-unreachable +[ + { + "reject": { + "expr": "net-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type prot-unreachable +[ + { + "reject": { + "expr": "prot-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp type net-prohibited +[ + { + "reject": { + "expr": "net-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp type host-prohibited +[ + { + "reject": { + "expr": "host-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp type admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmp" + } + } +] + +# mark 0x80000000 reject with tcp reset +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": "0x80000000" + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + diff --git a/tests/py/ip/reject.t.json.output b/tests/py/ip/reject.t.json.output new file mode 100644 index 00000000..099320c6 --- /dev/null +++ b/tests/py/ip/reject.t.json.output @@ -0,0 +1,24 @@ +# reject with icmp type port-unreachable +[ + { + "reject": null + } +] + +# mark 0x80000000 reject with tcp reset +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": 2147483648 + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + diff --git a/tests/py/ip/rt.t.json b/tests/py/ip/rt.t.json new file mode 100644 index 00000000..565427cf --- /dev/null +++ b/tests/py/ip/rt.t.json @@ -0,0 +1,15 @@ +# rt nexthop 192.168.0.1 +[ + { + "match": { + "left": { + "rt": { + "family": "ip", + "key": "nexthop" + } + }, + "right": "192.168.0.1" + } + } +] + diff --git a/tests/py/ip/sets.t.json b/tests/py/ip/sets.t.json new file mode 100644 index 00000000..dd6abed8 --- /dev/null +++ b/tests/py/ip/sets.t.json @@ -0,0 +1,185 @@ +# ip saddr @set1 drop +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "@set1" + } + }, + { + "drop": null + } +] + +# ip saddr != @set1 drop +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "op": "!=", + "right": "@set1" + } + }, + { + "drop": null + } +] + +# ip saddr @set2 drop +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": "@set2" + } + }, + { + "drop": null + } +] + +# ip saddr != @set2 drop +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "op": "!=", + "right": "@set2" + } + }, + { + "drop": null + } +] + +# ip saddr . ip daddr @set5 drop +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + } + ] + }, + "right": "@set5" + } + }, + { + "drop": null + } +] + +# add @set5 { ip saddr . ip daddr } +[ + { + "set": { + "elem": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + } + ] + }, + "op": "add", + "set": "@set5" + } + } +] + +# ip saddr { { 1.1.1.0, 3.3.3.0 }, 2.2.2.0 } +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "set": [ + "1.1.1.0", + "2.2.2.0", + "3.3.3.0" + ] + } + } + } +] + +# ip saddr { { 1.1.1.0/24, 3.3.3.0/24 }, 2.2.2.0/24 } +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip" + } + }, + "right": { + "set": [ + { + "prefix": { + "addr": "1.1.1.0", + "len": 24 + } + }, + { + "prefix": { + "addr": "2.2.2.0", + "len": 24 + } + }, + { + "prefix": { + "addr": "3.3.3.0", + "len": 24 + } + } + ] + } + } + } +] + diff --git a/tests/py/ip/snat.t.json b/tests/py/ip/snat.t.json new file mode 100644 index 00000000..b925b6c7 --- /dev/null +++ b/tests/py/ip/snat.t.json @@ -0,0 +1,161 @@ +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "snat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport != 80-90 snat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "snat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 80, + 90, + 23 + ] + } + } + }, + { + "snat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 80, + 90, + 23 + ] + } + } + }, + { + "snat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 23, 34 ] + } + } + }, + { + "snat": { + "addr": "192.168.3.2" + } + } +] + diff --git a/tests/py/ip/snat.t.json.output b/tests/py/ip/snat.t.json.output new file mode 100644 index 00000000..4446ae66 --- /dev/null +++ b/tests/py/ip/snat.t.json.output @@ -0,0 +1,69 @@ +# iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 23, + 80, + 90 + ] + } + } + }, + { + "snat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 23, + 80, + 90 + ] + } + } + }, + { + "snat": { + "addr": "192.168.3.2" + } + } +] + diff --git a/tests/py/ip/tcp.t.json b/tests/py/ip/tcp.t.json new file mode 100644 index 00000000..e04cc1e2 --- /dev/null +++ b/tests/py/ip/tcp.t.json @@ -0,0 +1,59 @@ +# ip protocol tcp tcp dport ssh accept +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "right": "tcp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": "ssh" + } + }, + { + "accept": null + } +] + +# ip protocol ne tcp udp dport ssh accept +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "op": "!=", + "right": "tcp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": "ssh" + } + }, + { + "accept": null + } +] + diff --git a/tests/py/ip/tcp.t.json.output b/tests/py/ip/tcp.t.json.output new file mode 100644 index 00000000..eb5f53f7 --- /dev/null +++ b/tests/py/ip/tcp.t.json.output @@ -0,0 +1,48 @@ +# ip protocol tcp tcp dport ssh accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "accept": null + } +] + +# ip protocol ne tcp udp dport ssh accept +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "name": "ip" + } + }, + "op": "!=", + "right": 6 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 22 + } + }, + { + "accept": null + } +] + diff --git a/tests/py/ip/tcpopt.t.json b/tests/py/ip/tcpopt.t.json new file mode 100644 index 00000000..8bb79917 --- /dev/null +++ b/tests/py/ip/tcpopt.t.json @@ -0,0 +1,390 @@ +# tcp option eol kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "eol" + } + }, + "right": 1 + } + } +] + +# tcp option noop kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "noop" + } + }, + "right": 1 + } + } +] + +# tcp option maxseg kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "maxseg" + } + }, + "right": 1 + } + } +] + +# tcp option maxseg length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "maxseg" + } + }, + "right": 1 + } + } +] + +# tcp option maxseg size 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "size", + "name": "maxseg" + } + }, + "right": 1 + } + } +] + +# tcp option window kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "window" + } + }, + "right": 1 + } + } +] + +# tcp option window length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "window" + } + }, + "right": 1 + } + } +] + +# tcp option window count 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "count", + "name": "window" + } + }, + "right": 1 + } + } +] + +# tcp option sack-permitted kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "sack-permitted" + } + }, + "right": 1 + } + } +] + +# tcp option sack-permitted length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "sack-permitted" + } + }, + "right": 1 + } + } +] + +# tcp option sack kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack0 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack1 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack1" + } + }, + "right": 1 + } + } +] + +# tcp option sack2 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack2" + } + }, + "right": 1 + } + } +] + +# tcp option sack3 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack3" + } + }, + "right": 1 + } + } +] + +# tcp option sack right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack0 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack0" + } + }, + "right": 1 + } + } +] + +# tcp option sack1 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack1" + } + }, + "right": 1 + } + } +] + +# tcp option sack2 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack2" + } + }, + "right": 1 + } + } +] + +# tcp option sack3 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack3" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp tsval 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "tsval", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp tsecr 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "tsecr", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + diff --git a/tests/py/ip/tcpopt.t.json.output b/tests/py/ip/tcpopt.t.json.output new file mode 100644 index 00000000..ca6714b7 --- /dev/null +++ b/tests/py/ip/tcpopt.t.json.output @@ -0,0 +1,15 @@ +# tcp option sack0 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack" + } + }, + "right": 1 + } + } +] + diff --git a/tests/py/ip6/dnat.t.json b/tests/py/ip6/dnat.t.json new file mode 100644 index 00000000..ba16aa24 --- /dev/null +++ b/tests/py/ip6/dnat.t.json @@ -0,0 +1,75 @@ +# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "dnat": { + "addr": { + "range": [ "2001:838:35f:1::", "2001:838:35f:2::" ] + }, + "port": { + "range": [ 80, 100 ] + } + } + } +] + +# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "dnat": { + "addr": { + "range": [ "2001:838:35f:1::", "2001:838:35f:2::" ] + }, + "port": 100 + } + } +] + +# tcp dport 80-90 dnat to [2001:838:35f:1::]:80 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "dnat": { + "addr": "2001:838:35f:1::", + "port": 80 + } + } +] + diff --git a/tests/py/ip6/dst.t.json b/tests/py/ip6/dst.t.json new file mode 100644 index 00000000..aba15b23 --- /dev/null +++ b/tests/py/ip6/dst.t.json @@ -0,0 +1,386 @@ +# dst nexthdr 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "right": 22 + } + } +] + +# dst nexthdr != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# dst nexthdr 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# dst nexthdr != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# dst nexthdr { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# dst nexthdr != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# dst nexthdr { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# dst nexthdr != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "right": { + "set": [ + "udplite", + "ipcomp", + "udp", + "ah", + "sctp", + "esp", + "dccp", + "tcp", + "ipv6-icmp" + ] + } + } + } +] + +# dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "op": "!=", + "right": { + "set": [ + "udplite", + "ipcomp", + "udp", + "ah", + "sctp", + "esp", + "dccp", + "tcp", + "ipv6-icmp" + ] + } + } + } +] + +# dst nexthdr icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "right": "icmp" + } + } +] + +# dst nexthdr != icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "op": "!=", + "right": "icmp" + } + } +] + +# dst hdrlength 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "dst" + } + }, + "right": 22 + } + } +] + +# dst hdrlength != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "dst" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# dst hdrlength 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "dst" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# dst hdrlength != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "dst" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# dst hdrlength { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "dst" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# dst hdrlength != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "dst" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# dst hdrlength { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "dst" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# dst hdrlength != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "dst" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + diff --git a/tests/py/ip6/dst.t.json.output b/tests/py/ip6/dst.t.json.output new file mode 100644 index 00000000..c856ec9a --- /dev/null +++ b/tests/py/ip6/dst.t.json.output @@ -0,0 +1,86 @@ +# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "right": { + "set": [ + 6, + 17, + 33, + 50, + 51, + 58, + 108, + 132, + 136 + ] + } + } + } +] + +# dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "op": "!=", + "right": { + "set": [ + 6, + 17, + 33, + 50, + 51, + 58, + 108, + 132, + 136 + ] + } + } + } +] + +# dst nexthdr icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "right": 1 + } + } +] + +# dst nexthdr != icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "dst" + } + }, + "op": "!=", + "right": 1 + } + } +] + diff --git a/tests/py/ip6/dup.t.json b/tests/py/ip6/dup.t.json new file mode 100644 index 00000000..48d6ea3d --- /dev/null +++ b/tests/py/ip6/dup.t.json @@ -0,0 +1,46 @@ +# dup to abcd::1 +[ + { + "dup": { + "addr": "abcd::1" + } + } +] + +# dup to abcd::1 device "lo" +[ + { + "dup": { + "addr": "abcd::1", + "dev": "lo" + } + } +] + +# dup to ip6 saddr map { abcd::1 : cafe::cafe } device "lo" +[ + { + "dup": { + "addr": { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "abcd::1", + "cafe::cafe" + ] + ] + } + } + }, + "dev": "lo" + } + } +] + diff --git a/tests/py/ip6/ether.t.json b/tests/py/ip6/ether.t.json new file mode 100644 index 00000000..f2d2f6d0 --- /dev/null +++ b/tests/py/ip6/ether.t.json @@ -0,0 +1,151 @@ +# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "meta": "iiftype" + }, + "right": "ether" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "right": "1::2" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + +# tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "right": "1::2" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + } +] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "right": "1::2" + } + } +] + +# ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "right": "1::2" + } + }, + { + "accept": null + } +] + diff --git a/tests/py/ip6/ether.t.json.output b/tests/py/ip6/ether.t.json.output new file mode 100644 index 00000000..add1359e --- /dev/null +++ b/tests/py/ip6/ether.t.json.output @@ -0,0 +1,40 @@ +# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "right": "1::2" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ether" + } + }, + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + diff --git a/tests/py/ip6/exthdr.t.json b/tests/py/ip6/exthdr.t.json new file mode 100644 index 00000000..8289a39e --- /dev/null +++ b/tests/py/ip6/exthdr.t.json @@ -0,0 +1,172 @@ +# exthdr hbh exists +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "right": true + } + } +] + +# exthdr rt exists +[ + { + "match": { + "left": { + "exthdr": { + "name": "rt" + } + }, + "right": true + } + } +] + +# exthdr frag exists +[ + { + "match": { + "left": { + "exthdr": { + "name": "frag" + } + }, + "right": true + } + } +] + +# exthdr dst exists +[ + { + "match": { + "left": { + "exthdr": { + "name": "dst" + } + }, + "right": true + } + } +] + +# exthdr mh exists +[ + { + "match": { + "left": { + "exthdr": { + "name": "mh" + } + }, + "right": true + } + } +] + +# exthdr hbh missing +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "right": false + } + } +] + +# exthdr hbh == exists +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "op": "==", + "right": true + } + } +] + +# exthdr hbh == missing +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "op": "==", + "right": false + } + } +] + +# exthdr hbh != exists +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "op": "!=", + "right": true + } + } +] + +# exthdr hbh != missing +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "op": "!=", + "right": false + } + } +] + +# exthdr hbh 1 +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "right": 1 + } + } +] + +# exthdr hbh 0 +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "right": 0 + } + } +] + diff --git a/tests/py/ip6/exthdr.t.json.output b/tests/py/ip6/exthdr.t.json.output new file mode 100644 index 00000000..6bdbae2f --- /dev/null +++ b/tests/py/ip6/exthdr.t.json.output @@ -0,0 +1,56 @@ +# exthdr hbh == exists +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "right": true + } + } +] + +# exthdr hbh == missing +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "right": false + } + } +] + +# exthdr hbh 1 +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "right": true + } + } +] + +# exthdr hbh 0 +[ + { + "match": { + "left": { + "exthdr": { + "name": "hbh" + } + }, + "right": false + } + } +] + diff --git a/tests/py/ip6/flowtable.t.json b/tests/py/ip6/flowtable.t.json new file mode 100644 index 00000000..f707ae9a --- /dev/null +++ b/tests/py/ip6/flowtable.t.json @@ -0,0 +1,60 @@ +# meter acct_out { meta iif . ip6 saddr timeout 600s counter } +[ + { + "meter": { + "key": { + "elem": { + "elem_timeout": 600, + "val": { + "concat": [ + { + "meta": "iif" + }, + { + "payload": { + "field": "saddr", + "name": "ip6" + } + } + ] + } + } + }, + "name": "acct_out", + "stmt": { + "counter": null + } + } + } +] + +# meter acct_out { ip6 saddr . meta iif timeout 600s counter } +[ + { + "meter": { + "key": { + "elem": { + "elem_timeout": 600, + "val": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + { + "meta": "iif" + } + ] + } + } + }, + "name": "acct_out", + "stmt": { + "counter": null + } + } + } +] + diff --git a/tests/py/ip6/frag.t.json b/tests/py/ip6/frag.t.json new file mode 100644 index 00000000..abea39dd --- /dev/null +++ b/tests/py/ip6/frag.t.json @@ -0,0 +1,624 @@ +# frag nexthdr tcp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "right": "tcp" + } + } +] + +# frag nexthdr != icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "op": "!=", + "right": "icmp" + } + } +] + +# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "right": { + "set": [ + "esp", + "ah", + "comp", + "udp", + "udplite", + "tcp", + "dccp", + "sctp" + ] + } + } + } +] + +# frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "op": "!=", + "right": { + "set": [ + "esp", + "ah", + "comp", + "udp", + "udplite", + "tcp", + "dccp", + "sctp" + ] + } + } + } +] + +# frag nexthdr esp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "right": "esp" + } + } +] + +# frag nexthdr ah +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "right": "ah" + } + } +] + +# frag reserved 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "frag" + } + }, + "right": 22 + } + } +] + +# frag reserved != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "frag" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# frag reserved 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "frag" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# frag reserved != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "frag" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# frag reserved { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "frag" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# frag reserved != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "frag" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# frag reserved { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "frag" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# frag reserved != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "frag" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# frag frag-off 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "frag-off", + "name": "frag" + } + }, + "right": 22 + } + } +] + +# frag frag-off != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "frag-off", + "name": "frag" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# frag frag-off 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "frag-off", + "name": "frag" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# frag frag-off != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "frag-off", + "name": "frag" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# frag frag-off { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "frag-off", + "name": "frag" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# frag frag-off != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "frag-off", + "name": "frag" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# frag frag-off { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "frag-off", + "name": "frag" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# frag frag-off != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "frag-off", + "name": "frag" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# frag reserved2 1 +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved2", + "name": "frag" + } + }, + "right": 1 + } + } +] + +# frag more-fragments 0 +[ + { + "match": { + "left": { + "exthdr": { + "field": "more-fragments", + "name": "frag" + } + }, + "right": 0 + } + } +] + +# frag more-fragments 1 +[ + { + "match": { + "left": { + "exthdr": { + "field": "more-fragments", + "name": "frag" + } + }, + "right": 1 + } + } +] + +# frag id 1 +[ + { + "match": { + "left": { + "exthdr": { + "field": "id", + "name": "frag" + } + }, + "right": 1 + } + } +] + +# frag id 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "id", + "name": "frag" + } + }, + "right": 22 + } + } +] + +# frag id != 33 +[ + { + "match": { + "left": { + "exthdr": { + "field": "id", + "name": "frag" + } + }, + "op": "!=", + "right": 33 + } + } +] + +# frag id 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "id", + "name": "frag" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# frag id != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "id", + "name": "frag" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# frag id { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "id", + "name": "frag" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# frag id != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "id", + "name": "frag" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# frag id { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "id", + "name": "frag" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# frag id != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "id", + "name": "frag" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + diff --git a/tests/py/ip6/frag.t.json.output b/tests/py/ip6/frag.t.json.output new file mode 100644 index 00000000..12579de5 --- /dev/null +++ b/tests/py/ip6/frag.t.json.output @@ -0,0 +1,114 @@ +# frag nexthdr tcp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "right": 6 + } + } +] + +# frag nexthdr != icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "op": "!=", + "right": 1 + } + } +] + +# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "right": { + "set": [ + 6, + 17, + 33, + 50, + 51, + 108, + 132, + 136 + ] + } + } + } +] + +# frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "op": "!=", + "right": { + "set": [ + 6, + 17, + 33, + 50, + 51, + 108, + 132, + 136 + ] + } + } + } +] + +# frag nexthdr esp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "right": 50 + } + } +] + +# frag nexthdr ah +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "frag" + } + }, + "right": 51 + } + } +] + diff --git a/tests/py/ip6/hbh.t.json b/tests/py/ip6/hbh.t.json new file mode 100644 index 00000000..e8116061 --- /dev/null +++ b/tests/py/ip6/hbh.t.json @@ -0,0 +1,386 @@ +# hbh hdrlength 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "hbh" + } + }, + "right": 22 + } + } +] + +# hbh hdrlength != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "hbh" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# hbh hdrlength 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "hbh" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# hbh hdrlength != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "hbh" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# hbh hdrlength {33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "hbh" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# hbh hdrlength != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "hbh" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# hbh hdrlength { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "hbh" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# hbh hdrlength != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "hbh" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "right": { + "set": [ + "esp", + "ah", + "comp", + "udp", + "udplite", + "tcp", + "dccp", + "sctp", + "icmpv6" + ] + } + } + } +] + +# hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "op": "!=", + "right": { + "set": [ + "esp", + "ah", + "comp", + "udp", + "udplite", + "tcp", + "dccp", + "sctp", + "icmpv6" + ] + } + } + } +] + +# hbh nexthdr 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "right": 22 + } + } +] + +# hbh nexthdr != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# hbh nexthdr 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# hbh nexthdr != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# hbh nexthdr {33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# hbh nexthdr != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# hbh nexthdr { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# hbh nexthdr != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# hbh nexthdr ip +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "right": "ip" + } + } +] + +# hbh nexthdr != ip +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "op": "!=", + "right": "ip" + } + } +] + diff --git a/tests/py/ip6/hbh.t.json.output b/tests/py/ip6/hbh.t.json.output new file mode 100644 index 00000000..933efbd6 --- /dev/null +++ b/tests/py/ip6/hbh.t.json.output @@ -0,0 +1,66 @@ +# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "right": { + "set": [ 6, 17, 33, 50, 51, 58, 108, 132, 136 ] + } + } + } +] + +# hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "op": "!=", + "right": { + "set": [ 6, 17, 33, 50, 51, 58, 108, 132, 136 ] + } + } + } +] + +# hbh nexthdr ip +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "right": 0 + } + } +] + +# hbh nexthdr != ip +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "hbh" + } + }, + "op": "!=", + "right": 0 + } + } +] + diff --git a/tests/py/ip6/icmpv6.t.json b/tests/py/ip6/icmpv6.t.json new file mode 100644 index 00000000..47907c74 --- /dev/null +++ b/tests/py/ip6/icmpv6.t.json @@ -0,0 +1,1257 @@ +# icmpv6 type destination-unreachable accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "destination-unreachable" + } + }, + { + "accept": null + } +] + +# icmpv6 type packet-too-big accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "packet-too-big" + } + }, + { + "accept": null + } +] + +# icmpv6 type time-exceeded accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "time-exceeded" + } + }, + { + "accept": null + } +] + +# icmpv6 type echo-request accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "echo-request" + } + }, + { + "accept": null + } +] + +# icmpv6 type echo-reply accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "echo-reply" + } + }, + { + "accept": null + } +] + +# icmpv6 type mld-listener-query accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "mld-listener-query" + } + }, + { + "accept": null + } +] + +# icmpv6 type mld-listener-report accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "mld-listener-report" + } + }, + { + "accept": null + } +] + +# icmpv6 type mld-listener-done accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "mld-listener-done" + } + }, + { + "accept": null + } +] + +# icmpv6 type mld-listener-reduction accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "mld-listener-reduction" + } + }, + { + "accept": null + } +] + +# icmpv6 type nd-router-solicit accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-router-solicit" + } + }, + { + "accept": null + } +] + +# icmpv6 type nd-router-advert accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-router-advert" + } + }, + { + "accept": null + } +] + +# icmpv6 type nd-neighbor-solicit accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-neighbor-solicit" + } + }, + { + "accept": null + } +] + +# icmpv6 type nd-neighbor-advert accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-neighbor-advert" + } + }, + { + "accept": null + } +] + +# icmpv6 type nd-redirect accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-redirect" + } + }, + { + "accept": null + } +] + +# icmpv6 type parameter-problem accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "parameter-problem" + } + }, + { + "accept": null + } +] + +# icmpv6 type router-renumbering accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "router-renumbering" + } + }, + { + "accept": null + } +] + +# icmpv6 type ind-neighbor-solicit accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "ind-neighbor-solicit" + } + }, + { + "accept": null + } +] + +# icmpv6 type ind-neighbor-advert accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "ind-neighbor-advert" + } + }, + { + "accept": null + } +] + +# icmpv6 type mld2-listener-report accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "mld2-listener-report" + } + }, + { + "accept": null + } +] + +# icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": { + "set": [ + "destination-unreachable", + "time-exceeded", + "nd-router-solicit" + ] + } + } + }, + { + "accept": null + } +] + +# icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": { + "set": [ + "router-renumbering", + "mld-listener-done", + "time-exceeded", + "nd-router-solicit" + ] + } + } + }, + { + "accept": null + } +] + +# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": { + "set": [ + "mld-listener-query", + "time-exceeded", + "nd-router-advert" + ] + } + } + }, + { + "accept": null + } +] + +# icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + "mld-listener-query", + "time-exceeded", + "nd-router-advert" + ] + } + } + }, + { + "accept": null + } +] + +# icmpv6 code 4 +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmpv6" + } + }, + "right": 4 + } + } +] + +# icmpv6 code 3-66 +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmpv6" + } + }, + "right": { + "range": [ 3, 66 ] + } + } + } +] + +# icmpv6 code {5, 6, 7} accept +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmpv6" + } + }, + "right": { + "set": [ + 5, + 6, + 7 + ] + } + } + }, + { + "accept": null + } +] + +# icmpv6 code != {5, 6, 7} accept +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + 5, + 6, + 7 + ] + } + } + }, + { + "accept": null + } +] + +# icmpv6 code { 3-66} +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmpv6" + } + }, + "right": { + "set": [ + { "range": [ 3, 66 ] } + ] + } + } + } +] + +# icmpv6 code != { 3-66} +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 3, 66 ] } + ] + } + } + } +] + +# icmpv6 checksum 2222 log +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmpv6" + } + }, + "right": 2222 + } + }, + { + "log": null + } +] + +# icmpv6 checksum != 2222 log +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmpv6" + } + }, + "op": "!=", + "right": 2222 + } + }, + { + "log": null + } +] + +# icmpv6 checksum 222-226 +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmpv6" + } + }, + "right": { + "range": [ 222, 226 ] + } + } + } +] + +# icmpv6 checksum != 2222 log +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmpv6" + } + }, + "op": "!=", + "right": 2222 + } + }, + { + "log": null + } +] + +# icmpv6 checksum { 222, 226} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmpv6" + } + }, + "right": { + "set": [ + 222, + 226 + ] + } + } + } +] + +# icmpv6 checksum != { 222, 226} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + 222, + 226 + ] + } + } + } +] + +# icmpv6 checksum { 222-226} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmpv6" + } + }, + "right": { + "set": [ + { "range": [ 222, 226 ] } + ] + } + } + } +] + +# icmpv6 checksum != { 222-226} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 222, 226 ] } + ] + } + } + } +] + +# icmpv6 mtu 22 +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmpv6" + } + }, + "right": 22 + } + } +] + +# icmpv6 mtu != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmpv6" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# icmpv6 mtu 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmpv6" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmpv6 mtu != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmpv6 mtu {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmpv6" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmpv6 mtu != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmpv6 mtu {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmpv6" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmpv6 mtu != {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmpv6 id 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmpv6" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmpv6 id != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmpv6 id {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmpv6" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmpv6 id != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmpv6 id {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmpv6" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmpv6 id != {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmpv6 sequence 2 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmpv6" + } + }, + "right": 2 + } + } +] + +# icmpv6 sequence {3, 4, 5, 6, 7} accept +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmpv6" + } + }, + "right": { + "set": [ + 3, + 4, + 5, + 6, + 7 + ] + } + } + }, + { + "accept": null + } +] + +# icmpv6 sequence {2, 4} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmpv6" + } + }, + "right": { + "set": [ + 2, + 4 + ] + } + } + } +] + +# icmpv6 sequence != {2, 4} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + 2, + 4 + ] + } + } + } +] + +# icmpv6 sequence 2-4 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmpv6" + } + }, + "right": { + "range": [ 2, 4 ] + } + } + } +] + +# icmpv6 sequence != 2-4 +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "range": [ 2, 4 ] + } + } + } +] + +# icmpv6 sequence { 2-4} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmpv6" + } + }, + "right": { + "set": [ + { "range": [ 2, 4 ] } + ] + } + } + } +] + +# icmpv6 sequence != { 2-4} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 2, 4 ] } + ] + } + } + } +] + +# icmpv6 max-delay 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "max-delay", + "name": "icmpv6" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmpv6 max-delay != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "max-delay", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# icmpv6 max-delay {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "max-delay", + "name": "icmpv6" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmpv6 max-delay != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "max-delay", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmpv6 max-delay {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "max-delay", + "name": "icmpv6" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmpv6 max-delay != {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "max-delay", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + diff --git a/tests/py/ip6/icmpv6.t.json.output b/tests/py/ip6/icmpv6.t.json.output new file mode 100644 index 00000000..17d8d95b --- /dev/null +++ b/tests/py/ip6/icmpv6.t.json.output @@ -0,0 +1,92 @@ +# icmpv6 type mld-listener-reduction accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "mld-listener-done" + } + }, + { + "accept": null + } +] + +# icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": { + "set": [ + "time-exceeded", + "mld-listener-done", + "nd-router-solicit", + "router-renumbering" + ] + } + } + }, + { + "accept": null + } +] + +# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": { + "set": [ + "time-exceeded", + "mld-listener-query", + "nd-router-advert" + ] + } + } + }, + { + "accept": null + } +] + +# icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + "time-exceeded", + "mld-listener-query", + "nd-router-advert" + ] + } + } + }, + { + "accept": null + } +] + diff --git a/tests/py/ip6/ip6.t.json b/tests/py/ip6/ip6.t.json new file mode 100644 index 00000000..8e217bb1 --- /dev/null +++ b/tests/py/ip6/ip6.t.json @@ -0,0 +1,1613 @@ +# ip6 dscp cs1 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "right": "cs1" + } + } +] + +# ip6 dscp != cs1 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "op": "!=", + "right": "cs1" + } + } +] + +# ip6 dscp 0x38 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "right": "0x38" + } + } +] + +# ip6 dscp != 0x20 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "op": "!=", + "right": "0x20" + } + } +] + +# ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "right": { + "set": [ + "cs0", + "cs1", + "cs2", + "cs3", + "cs4", + "cs5", + "cs6", + "cs7", + "af11", + "af12", + "af13", + "af21", + "af22", + "af23", + "af31", + "af32", + "af33", + "af41", + "af42", + "af43", + "ef" + ] + } + } + } +] + +# ip6 dscp vmap { 0x04 : accept, 0x3f : continue } counter +[ + { + "map": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "0x04", + { + "accept": null + } + ], + [ + "0x3f", + { + "continue": null + } + ] + ] + } + } + }, + { + "counter": null + } +] + +# ip6 flowlabel 22 +[ + { + "match": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "right": 22 + } + } +] + +# ip6 flowlabel != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# ip6 flowlabel { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip6 flowlabel != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip6 flowlabel { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip6 flowlabel != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip6 flowlabel vmap { 0 : accept, 2 : continue } +[ + { + "map": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + 0, + { + "accept": null + } + ], + [ + 2, + { + "continue": null + } + ] + ] + } + } + } +] + +# ip6 length 22 +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip6" + } + }, + "right": 22 + } + } +] + +# ip6 length != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip6" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# ip6 length 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip6" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ip6 length != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ip6 length { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip6" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip6 length != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip6 length { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip6" + } + }, + "right": { + "set": [ + { + "range": [ 33, 55 ] + } + ] + } + } + } +] + +# ip6 length != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": { + "set": [ + "udp", + "ah", + "comp", + "udplite", + "tcp", + "dccp", + "sctp" + ] + } + } + } +] + +# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": { + "set": [ + "esp", + "ah", + "comp", + "udp", + "udplite", + "tcp", + "dccp", + "sctp", + "icmpv6" + ] + } + } + } +] + +# ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ + "esp", + "ah", + "comp", + "udp", + "udplite", + "tcp", + "dccp", + "sctp", + "icmpv6" + ] + } + } + } +] + +# ip6 nexthdr esp +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": "esp" + } + } +] + +# ip6 nexthdr != esp +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "op": "!=", + "right": "esp" + } + } +] + +# ip6 nexthdr { 33-44} +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": { + "set": [ + { "range": [ 33, 44 ] } + ] + } + } + } +] + +# ip6 nexthdr != { 33-44} +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 44 ] } + ] + } + } + } +] + +# ip6 nexthdr 33-44 +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": { + "range": [ 33, 44 ] + } + } + } +] + +# ip6 nexthdr != 33-44 +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "range": [ 33, 44 ] + } + } + } +] + +# ip6 hoplimit 1 +[ + { + "match": { + "left": { + "payload": { + "field": "hoplimit", + "name": "ip6" + } + }, + "right": 1 + } + } +] + +# ip6 hoplimit != 233 +[ + { + "match": { + "left": { + "payload": { + "field": "hoplimit", + "name": "ip6" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# ip6 hoplimit 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "hoplimit", + "name": "ip6" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ip6 hoplimit != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "hoplimit", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ip6 hoplimit {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "hoplimit", + "name": "ip6" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip6 hoplimit != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "hoplimit", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ip6 hoplimit {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "hoplimit", + "name": "ip6" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip6 hoplimit != {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "hoplimit", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "::1234:1234:1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234::1234:1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234::1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:0:1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234::1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234:0:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234:1234::1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234:1234:1234:0:1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234:1234:1234:1234::" + } + } +] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "::1234:1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234::1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234::1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234::1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234::1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234::1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234::1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234::1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234::1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234:1234::1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234:1234::1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:: +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234:1234:1234::" + } + } +] + +# ip6 saddr ::1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "::1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234::1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234::1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234::1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234::1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234::1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234::1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234::1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234::1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234:1234:: +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234:1234::" + } + } +] + +# ip6 saddr ::1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "::1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234::1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234::1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234::1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234::1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234::1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234::1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234:: +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234::" + } + } +] + +# ip6 saddr ::1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "::1234:1234:1234" + } + } +] + +# ip6 saddr 1234::1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234::1234:1234" + } + } +] + +# ip6 saddr 1234:1234::1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234::1234" + } + } +] + +# ip6 saddr 1234:1234:1234:: +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234::" + } + } +] + +# ip6 saddr ::1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "::1234:1234" + } + } +] + +# ip6 saddr 1234::1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234::1234" + } + } +] + +# ip6 saddr 1234:1234:: +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234::" + } + } +] + +# ip6 saddr ::1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "::1234" + } + } +] + +# ip6 saddr 1234:: +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234::" + } + } +] + +# ip6 saddr ::/64 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "prefix": { + "addr": "::", + "len": 64 + } + } + } + } +] + +# ip6 saddr ::1 ip6 daddr ::2 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "::1" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "right": "::2" + } + } +] + +# ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 } +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ + "::1234:1234:1234:1234:1234:1234:1234", + "1234:1234::1234:1234:1234:1234:1234" + ] + } + } + } +] + +# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "range": [ "::1234:1234:1234:1234:1234:1234:1234", "1234:1234::1234:1234:1234:1234:1234" ] + } + } + } +] + +# iif "lo" ip6 daddr set ::1 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "right": "::1" + } + } +] + +# iif "lo" ip6 hoplimit set 1 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "hoplimit", + "name": "ip6" + } + }, + "right": 1 + } + } +] + +# iif "lo" ip6 dscp set af42 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "right": "af42" + } + } +] + +# iif "lo" ip6 dscp set 63 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "right": 63 + } + } +] + +# iif "lo" ip6 ecn set ect0 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "ecn", + "name": "ip6" + } + }, + "right": "ect0" + } + } +] + +# iif "lo" ip6 ecn set ce +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "ecn", + "name": "ip6" + } + }, + "right": "ce" + } + } +] + +# iif "lo" ip6 flowlabel set 0 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "right": 0 + } + } +] + +# iif "lo" ip6 flowlabel set 12345 +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "right": 12345 + } + } +] + +# iif "lo" ip6 flowlabel set 0xfffff +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "right": "0xfffff" + } + } +] + diff --git a/tests/py/ip6/ip6.t.json.output b/tests/py/ip6/ip6.t.json.output new file mode 100644 index 00000000..ea7cf777 --- /dev/null +++ b/tests/py/ip6/ip6.t.json.output @@ -0,0 +1,361 @@ +# ip6 dscp 0x38 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "right": "cs7" + } + } +] + +# ip6 dscp != 0x20 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "op": "!=", + "right": "cs4" + } + } +] + +# ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "right": { + "set": [ + "cs0", + "cs1", + "af11", + "af12", + "af13", + "cs2", + "af21", + "af22", + "af23", + "cs3", + "af31", + "af32", + "af33", + "cs4", + "af41", + "af42", + "af43", + "cs5", + "ef", + "cs6", + "cs7" + ] + } + } + } +] + +# ip6 dscp vmap { 0x04 : accept, 0x3f : continue } counter +[ + { + "map": { + "left": { + "payload": { + "field": "dscp", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + 4, + { + "accept": null + } + ], + [ + 63, + { + "continue": null + } + ] + ] + } + } + }, + { + "counter": null + } +] + +# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": { + "set": [ + 6, + 17, + 33, + 51, + 108, + 132, + 136 + ] + } + } + } +] + +# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": { + "set": [ 6, 17, 33, 50, 51, 58, 108, 132, 136 ] + } + } + } +] + +# ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ 6, 17, 33, 50, 51, 58, 108, 132, 136 ] + } + } + } +] + +# ip6 nexthdr esp +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": 50 + } + } +] + +# ip6 nexthdr != esp +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "op": "!=", + "right": 50 + } + } +] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "0:1234:1234:1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:0:1234:1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:0:1234:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:0:1234:1234:1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234:1234:0:1234:1234" + } + } +] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "1234:1234:1234:1234:1234:1234:1234:0" + } + } +] + +# ip6 saddr ::1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "::18.52.18.52" + } + } +] + +# ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 } +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "set": [ + "0:1234:1234:1234:1234:1234:1234:1234", + "1234:1234:0:1234:1234:1234:1234:1234" + ] + } + } + } +] + +# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "op": "!=", + "right": { + "range": [ "0:1234:1234:1234:1234:1234:1234:1234", "1234:1234:0:1234:1234:1234:1234:1234" ] + } + } + } +] + +# iif "lo" ip6 flowlabel set 0xfffff +[ + { + "match": { + "left": { + "meta": "iif" + }, + "right": "lo" + } + }, + { + "mangle": { + "left": { + "payload": { + "field": "flowlabel", + "name": "ip6" + } + }, + "right": 1048575 + } + } +] + diff --git a/tests/py/ip6/map.t.json b/tests/py/ip6/map.t.json new file mode 100644 index 00000000..c8c4f712 --- /dev/null +++ b/tests/py/ip6/map.t.json @@ -0,0 +1,38 @@ +# mark set ip6 saddr and ::ffff map { ::2 : 0x0000002a, ::ffff : 0x00000017} +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { + "map": { + "left": { + "&": [ + { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "::ffff" + ] + }, + "right": { + "set": [ + [ + "::2", + "0x0000002a" + ], + [ + "::ffff", + "0x00000017" + ] + ] + } + } + } + } + } +] + diff --git a/tests/py/ip6/map.t.json.output b/tests/py/ip6/map.t.json.output new file mode 100644 index 00000000..3eecf13b --- /dev/null +++ b/tests/py/ip6/map.t.json.output @@ -0,0 +1,38 @@ +# mark set ip6 saddr and ::ffff map { ::2 : 0x0000002a, ::ffff : 0x00000017} +[ + { + "mangle": { + "left": { + "meta": "mark" + }, + "right": { + "map": { + "left": { + "&": [ + { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "::ffff" + ] + }, + "right": { + "set": [ + [ + "::2", + 42 + ], + [ + "::ffff", + 23 + ] + ] + } + } + } + } + } +] + diff --git a/tests/py/ip6/masquerade.t.json b/tests/py/ip6/masquerade.t.json new file mode 100644 index 00000000..65f65ee5 --- /dev/null +++ b/tests/py/ip6/masquerade.t.json @@ -0,0 +1,405 @@ +# udp dport 53 masquerade +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": null + } +] + +# udp dport 53 masquerade random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": "random" + } + } +] + +# udp dport 53 masquerade random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade random,persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random" + ] + } + } +] + +# udp dport 53 masquerade random,fully-random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": "persistent" + } + } +] + +# udp dport 53 masquerade persistent,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "random" + ] + } + } +] + +# udp dport 53 masquerade persistent,random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "random", + "fully-random" + ] + } + } +] + +# udp dport 53 masquerade persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "fully-random" + ] + } + } +] + +# udp dport 53 masquerade persistent,fully-random,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "fully-random", + "random" + ] + } + } +] + +# meta l4proto 6 masquerade to :1024 +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": 6 + } + }, + { + "masquerade": { + "port": 1024 + } + } +] + +# meta l4proto 6 masquerade to :1024-2048 +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": 6 + } + }, + { + "masquerade": { + "port": { + "range": [ 1024, 2048 ] + } + } + } +] + +# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 101, + 202, + 303, + 1001, + 2002, + 3003 + ] + } + } + }, + { + "masquerade": null + } +] + +# ip6 daddr fe00::1-fe00::200 udp dport 53 counter masquerade +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "right": { + "range": [ "fe00::1", "fe00::200" ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "counter": null + }, + { + "masquerade": null + } +] + +# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": [ + "established", + "new" + ] + } + }, + { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 22, + { + "drop": null + } + ], + [ + 222, + { + "drop": null + } + ] + ] + } + } + }, + { + "masquerade": null + } +] + diff --git a/tests/py/ip6/masquerade.t.json.output b/tests/py/ip6/masquerade.t.json.output new file mode 100644 index 00000000..68f5ae22 --- /dev/null +++ b/tests/py/ip6/masquerade.t.json.output @@ -0,0 +1,94 @@ +# udp dport 53 masquerade persistent,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade persistent,random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade persistent,fully-random,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + diff --git a/tests/py/ip6/meta.t.json b/tests/py/ip6/meta.t.json new file mode 100644 index 00000000..cc800062 --- /dev/null +++ b/tests/py/ip6/meta.t.json @@ -0,0 +1,99 @@ +# icmpv6 type nd-router-advert +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-router-advert" + } + } +] + +# meta l4proto ipv6-icmp icmpv6 type nd-router-advert +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": "ipv6-icmp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-router-advert" + } + } +] + +# meta l4proto icmp icmp type echo-request +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": "icmp" + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# meta l4proto 1 icmp type echo-request +[ + { + "match": { + "left": { + "meta": "l4proto" + }, + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + diff --git a/tests/py/ip6/meta.t.json.output b/tests/py/ip6/meta.t.json.output new file mode 100644 index 00000000..142d056a --- /dev/null +++ b/tests/py/ip6/meta.t.json.output @@ -0,0 +1,45 @@ +# meta l4proto ipv6-icmp icmpv6 type nd-router-advert +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmpv6" + } + }, + "right": "nd-router-advert" + } + } +] + +# meta l4proto icmp icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + +# meta l4proto 1 icmp type echo-request +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "name": "icmp" + } + }, + "right": "echo-request" + } + } +] + diff --git a/tests/py/ip6/mh.t.json b/tests/py/ip6/mh.t.json new file mode 100644 index 00000000..8d60e149 --- /dev/null +++ b/tests/py/ip6/mh.t.json @@ -0,0 +1,781 @@ +# mh nexthdr 1 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "right": 1 + } + } +] + +# mh nexthdr != 1 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "op": "!=", + "right": 1 + } + } +] + +# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "right": { + "set": [ + "udplite", + "ipcomp", + "udp", + "ah", + "sctp", + "esp", + "dccp", + "tcp", + "ipv6-icmp" + ] + } + } + } +] + +# mh nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "op": "!=", + "right": { + "set": [ + "udplite", + "ipcomp", + "udp", + "ah", + "sctp", + "esp", + "dccp", + "tcp", + "ipv6-icmp" + ] + } + } + } +] + +# mh nexthdr icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "right": "icmp" + } + } +] + +# mh nexthdr != icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "op": "!=", + "right": "icmp" + } + } +] + +# mh nexthdr 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "right": 22 + } + } +] + +# mh nexthdr != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# mh nexthdr 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# mh nexthdr != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# mh nexthdr { 33, 55, 67, 88 } +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# mh nexthdr != { 33, 55, 67, 88 } +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# mh nexthdr { 33-55 } +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "right": { + "set": [ + { + "range": [ 33, 55 ] + } + ] + } + } + } +] + +# mh nexthdr != { 33-55 } +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# mh hdrlength 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "mh" + } + }, + "right": 22 + } + } +] + +# mh hdrlength != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "mh" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# mh hdrlength 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "mh" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# mh hdrlength != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "mh" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# mh hdrlength { 33, 55, 67, 88 } +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "mh" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# mh hdrlength != { 33, 55, 67, 88 } +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "mh" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# mh hdrlength { 33-55 } +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "mh" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# mh hdrlength != { 33-55 } +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "mh" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "mh" + } + }, + "right": { + "set": [ + "binding-refresh-request", + "home-test-init", + "careof-test-init", + "home-test", + "careof-test", + "binding-update", + "binding-acknowledgement", + "binding-error", + "fast-binding-update", + "fast-binding-acknowledgement", + "fast-binding-advertisement", + "experimental-mobility-header", + "home-agent-switch-message" + ] + } + } + } +] + +# mh type home-agent-switch-message +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "mh" + } + }, + "right": "home-agent-switch-message" + } + } +] + +# mh type != home-agent-switch-message +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "mh" + } + }, + "op": "!=", + "right": "home-agent-switch-message" + } + } +] + +# mh reserved 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "mh" + } + }, + "right": 22 + } + } +] + +# mh reserved != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "mh" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# mh reserved 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "mh" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# mh reserved != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "mh" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# mh reserved { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "mh" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# mh reserved != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "mh" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# mh reserved { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "mh" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# mh reserved != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "reserved", + "name": "mh" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# mh checksum 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "checksum", + "name": "mh" + } + }, + "right": 22 + } + } +] + +# mh checksum != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "checksum", + "name": "mh" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# mh checksum 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "checksum", + "name": "mh" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# mh checksum != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "checksum", + "name": "mh" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# mh checksum { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "checksum", + "name": "mh" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# mh checksum != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "checksum", + "name": "mh" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# mh checksum { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "checksum", + "name": "mh" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# mh checksum != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "checksum", + "name": "mh" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + diff --git a/tests/py/ip6/mh.t.json.output b/tests/py/ip6/mh.t.json.output new file mode 100644 index 00000000..e2edf168 --- /dev/null +++ b/tests/py/ip6/mh.t.json.output @@ -0,0 +1,86 @@ +# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "right": { + "set": [ + 6, + 17, + 33, + 50, + 51, + 58, + 108, + 132, + 136 + ] + } + } + } +] + +# mh nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "op": "!=", + "right": { + "set": [ + 6, + 17, + 33, + 50, + 51, + 58, + 108, + 132, + 136 + ] + } + } + } +] + +# mh nexthdr icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "right": 1 + } + } +] + +# mh nexthdr != icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "mh" + } + }, + "op": "!=", + "right": 1 + } + } +] + diff --git a/tests/py/ip6/redirect.t.json b/tests/py/ip6/redirect.t.json new file mode 100644 index 00000000..08d6a086 --- /dev/null +++ b/tests/py/ip6/redirect.t.json @@ -0,0 +1,576 @@ +# redirect +[ + { + "redirect": null + } +] + +# udp dport 954 redirect +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 954 + } + }, + { + "redirect": null + } +] + +# ip6 saddr fe00::cafe counter redirect +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "fe00::cafe" + } + }, + { + "counter": null + }, + { + "redirect": null + } +] + +# udp dport 53 redirect random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": "random" + } + } +] + +# udp dport 53 redirect random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect random,persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "persistent", + "fully-random" + ] + } + } +] + +# udp dport 53 redirect random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "fully-random" + ] + } + } +] + +# udp dport 53 redirect random,fully-random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": "persistent" + } + } +] + +# udp dport 53 redirect persistent,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "persistent", + "random" + ] + } + } +] + +# udp dport 53 redirect persistent,random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "persistent", + "random", + "fully-random" + ] + } + } +] + +# udp dport 53 redirect persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "persistent", + "fully-random" + ] + } + } +] + +# udp dport 53 redirect persistent,fully-random,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "persistent", + "fully-random", + "random" + ] + } + } +] + +# udp dport 1234 redirect to :1234 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 1234 + } + }, + { + "redirect": { + "port": 1234 + } + } +] + +# ip6 daddr fe00::cafe udp dport 9998 redirect to :6515 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "right": "fe00::cafe" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 9998 + } + }, + { + "redirect": { + "port": 6515 + } + } +] + +# ip6 nexthdr tcp redirect to :100-200 +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": "tcp" + } + }, + { + "redirect": { + "port": { + "range": [ 100, 200 ] + } + } + } +] + +# tcp dport 39128 redirect to :993 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 39128 + } + }, + { + "redirect": { + "port": 993 + } + } +] + +# tcp dport 9128 redirect to :993 random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 9128 + } + }, + { + "redirect": { + "flags": "random", + "port": 993 + } + } +] + +# tcp dport 9128 redirect to :993 fully-random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 9128 + } + }, + { + "redirect": { + "flags": [ + "fully-random", + "persistent" + ], + "port": 993 + } + } +] + +# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 101, + 202, + 303, + 1001, + 2002, + 3003 + ] + } + } + }, + { + "redirect": null + } +] + +# ip6 daddr fe00::1-fe00::200 udp dport 53 counter redirect +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "name": "ip6" + } + }, + "right": { + "range": [ "fe00::1", "fe00::200" ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "counter": null + }, + { + "redirect": null + } +] + +# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "right": [ + "established", + "new" + ] + } + }, + { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 22, + { + "drop": null + } + ], + [ + 222, + { + "drop": null + } + ] + ] + } + } + }, + { + "redirect": null + } +] + +# ip6 nexthdr 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080} +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": 6 + } + }, + { + "redirect": { + "port": { + "map": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + [ + 22, + 8000 + ], + [ + 80, + 8080 + ] + ] + } + } + } + } + } +] + diff --git a/tests/py/ip6/redirect.t.json.output b/tests/py/ip6/redirect.t.json.output new file mode 100644 index 00000000..ffc898ec --- /dev/null +++ b/tests/py/ip6/redirect.t.json.output @@ -0,0 +1,140 @@ +# udp dport 53 redirect random,persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect persistent,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect persistent,random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 redirect persistent,fully-random,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "udp" + } + }, + "right": 53 + } + }, + { + "redirect": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# ip6 nexthdr tcp redirect to :100-200 +[ + { + "match": { + "left": { + "payload": { + "field": "nexthdr", + "name": "ip6" + } + }, + "right": 6 + } + }, + { + "redirect": { + "port": { + "range": [ 100, 200 ] + } + } + } +] + diff --git a/tests/py/ip6/reject.t.json b/tests/py/ip6/reject.t.json new file mode 100644 index 00000000..a23ee89a --- /dev/null +++ b/tests/py/ip6/reject.t.json @@ -0,0 +1,84 @@ +# reject +[ + { + "reject": null + } +] + +# reject with icmpv6 type no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type addr-unreachable +[ + { + "reject": { + "expr": "addr-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type policy-fail +[ + { + "reject": { + "expr": "policy-fail", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 type reject-route +[ + { + "reject": { + "expr": "reject-route", + "type": "icmpv6" + } + } +] + +# mark 0x80000000 reject with tcp reset +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": "0x80000000" + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + diff --git a/tests/py/ip6/reject.t.json.output b/tests/py/ip6/reject.t.json.output new file mode 100644 index 00000000..1dc59f88 --- /dev/null +++ b/tests/py/ip6/reject.t.json.output @@ -0,0 +1,24 @@ +# reject with icmpv6 type port-unreachable +[ + { + "reject": null + } +] + +# mark 0x80000000 reject with tcp reset +[ + { + "match": { + "left": { + "meta": "mark" + }, + "right": 2147483648 + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + diff --git a/tests/py/ip6/rt.t.json b/tests/py/ip6/rt.t.json new file mode 100644 index 00000000..ebcdb842 --- /dev/null +++ b/tests/py/ip6/rt.t.json @@ -0,0 +1,717 @@ +# rt nexthdr 1 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "right": 1 + } + } +] + +# rt nexthdr != 1 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "op": "!=", + "right": 1 + } + } +] + +# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "right": { + "set": [ + "udplite", + "ipcomp", + "udp", + "ah", + "sctp", + "esp", + "dccp", + "tcp", + "ipv6-icmp" + ] + } + } + } +] + +# rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "op": "!=", + "right": { + "set": [ + "udplite", + "ipcomp", + "udp", + "ah", + "sctp", + "esp", + "dccp", + "tcp", + "ipv6-icmp" + ] + } + } + } +] + +# rt nexthdr icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "right": "icmp" + } + } +] + +# rt nexthdr != icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "op": "!=", + "right": "icmp" + } + } +] + +# rt nexthdr 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "right": 22 + } + } +] + +# rt nexthdr != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# rt nexthdr 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# rt nexthdr != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# rt nexthdr { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# rt nexthdr != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# rt nexthdr { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# rt nexthdr != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# rt hdrlength 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "rt" + } + }, + "right": 22 + } + } +] + +# rt hdrlength != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "rt" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# rt hdrlength 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "rt" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# rt hdrlength != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "rt" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# rt hdrlength { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "rt" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# rt hdrlength != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "rt" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# rt hdrlength { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "rt" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# rt hdrlength != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "hdrlength", + "name": "rt" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# rt type 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "rt" + } + }, + "right": 22 + } + } +] + +# rt type != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "rt" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# rt type 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "rt" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# rt type != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "rt" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# rt type { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "rt" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# rt type != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "rt" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# rt type { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "rt" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# rt type != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "type", + "name": "rt" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# rt seg-left 22 +[ + { + "match": { + "left": { + "exthdr": { + "field": "seg-left", + "name": "rt" + } + }, + "right": 22 + } + } +] + +# rt seg-left != 233 +[ + { + "match": { + "left": { + "exthdr": { + "field": "seg-left", + "name": "rt" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# rt seg-left 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "seg-left", + "name": "rt" + } + }, + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# rt seg-left != 33-45 +[ + { + "match": { + "left": { + "exthdr": { + "field": "seg-left", + "name": "rt" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# rt seg-left { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "seg-left", + "name": "rt" + } + }, + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# rt seg-left != { 33, 55, 67, 88} +[ + { + "match": { + "left": { + "exthdr": { + "field": "seg-left", + "name": "rt" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# rt seg-left { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "seg-left", + "name": "rt" + } + }, + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# rt seg-left != { 33-55} +[ + { + "match": { + "left": { + "exthdr": { + "field": "seg-left", + "name": "rt" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + diff --git a/tests/py/ip6/rt.t.json.output b/tests/py/ip6/rt.t.json.output new file mode 100644 index 00000000..b432a7eb --- /dev/null +++ b/tests/py/ip6/rt.t.json.output @@ -0,0 +1,86 @@ +# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "right": { + "set": [ + 6, + 17, + 33, + 50, + 51, + 58, + 108, + 132, + 136 + ] + } + } + } +] + +# rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "op": "!=", + "right": { + "set": [ + 6, + 17, + 33, + 50, + 51, + 58, + 108, + 132, + 136 + ] + } + } + } +] + +# rt nexthdr icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "right": 1 + } + } +] + +# rt nexthdr != icmp +[ + { + "match": { + "left": { + "exthdr": { + "field": "nexthdr", + "name": "rt" + } + }, + "op": "!=", + "right": 1 + } + } +] + diff --git a/tests/py/ip6/rt0.t.json b/tests/py/ip6/rt0.t.json new file mode 100644 index 00000000..33cdebc6 --- /dev/null +++ b/tests/py/ip6/rt0.t.json @@ -0,0 +1,15 @@ +# rt nexthop fd00::1 +[ + { + "match": { + "left": { + "rt": { + "family": "ip6", + "key": "nexthop" + } + }, + "right": "fd00::1" + } + } +] + diff --git a/tests/py/ip6/sets.t.json b/tests/py/ip6/sets.t.json new file mode 100644 index 00000000..7b08316e --- /dev/null +++ b/tests/py/ip6/sets.t.json @@ -0,0 +1,91 @@ +# ip6 saddr @set2 drop +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": "@set2" + } + }, + { + "drop": null + } +] + +# ip6 saddr != @set2 drop +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "op": "!=", + "right": "@set2" + } + }, + { + "drop": null + } +] + +# ip6 saddr . ip6 daddr @set5 drop +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip6" + } + } + ] + }, + "right": "@set5" + } + }, + { + "drop": null + } +] + +# add @set5 { ip6 saddr . ip6 daddr } +[ + { + "set": { + "elem": { + "concat": [ + { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip6" + } + } + ] + }, + "op": "add", + "set": "@set5" + } + } +] + diff --git a/tests/py/ip6/snat.t.json b/tests/py/ip6/snat.t.json new file mode 100644 index 00000000..7f3cf9d7 --- /dev/null +++ b/tests/py/ip6/snat.t.json @@ -0,0 +1,52 @@ +# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "snat": { + "addr": { + "range": [ "2001:838:35f:1::", "2001:838:35f:2::" ] + }, + "port": { + "range": [ 80, 100 ] + } + } + } +] + +# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "snat": { + "addr": { + "range": [ "2001:838:35f:1::", "2001:838:35f:2::" ] + }, + "port": 100 + } + } +] + diff --git a/tests/py/ip6/srh.t.json b/tests/py/ip6/srh.t.json new file mode 100644 index 00000000..920ce974 --- /dev/null +++ b/tests/py/ip6/srh.t.json @@ -0,0 +1,183 @@ +# srh last-entry 0 +[ + { + "match": { + "left": { + "exthdr": { + "field": "last-entry", + "name": "srh" + } + }, + "right": 0 + } + } +] + +# srh last-entry 127 +[ + { + "match": { + "left": { + "exthdr": { + "field": "last-entry", + "name": "srh" + } + }, + "right": 127 + } + } +] + +# srh last-entry { 0, 4-127, 255 } +[ + { + "match": { + "left": { + "exthdr": { + "field": "last-entry", + "name": "srh" + } + }, + "right": { + "set": [ + 0, + { "range": [ 4, 127 ] }, + 255 + ] + } + } + } +] + +# srh flags 0 +[ + { + "match": { + "left": { + "exthdr": { + "field": "flags", + "name": "srh" + } + }, + "right": 0 + } + } +] + +# srh flags 127 +[ + { + "match": { + "left": { + "exthdr": { + "field": "flags", + "name": "srh" + } + }, + "right": 127 + } + } +] + +# srh flags { 0, 4-127, 255 } +[ + { + "match": { + "left": { + "exthdr": { + "field": "flags", + "name": "srh" + } + }, + "right": { + "set": [ + 0, + { "range": [ 4, 127 ] }, + 255 + ] + } + } + } +] + +# srh tag 0 +[ + { + "match": { + "left": { + "exthdr": { + "field": "tag", + "name": "srh" + } + }, + "right": 0 + } + } +] + +# srh tag 127 +[ + { + "match": { + "left": { + "exthdr": { + "field": "tag", + "name": "srh" + } + }, + "right": 127 + } + } +] + +# srh tag { 0, 4-127, 0xffff } +[ + { + "match": { + "left": { + "exthdr": { + "field": "tag", + "name": "srh" + } + }, + "right": { + "set": [ + 0, + { "range": [ 4, 127 ] }, + "0xffff" + ] + } + } + } +] + +# srh sid[1] dead::beef +[ + { + "match": { + "left": { + "exthdr": { + "field": "sid[1]", + "name": "srh" + } + }, + "right": "dead::beef" + } + } +] + +# srh sid[2] dead::beef +[ + { + "match": { + "left": { + "exthdr": { + "field": "sid[2]", + "name": "srh" + } + }, + "right": "dead::beef" + } + } +] + diff --git a/tests/py/ip6/srh.t.json.output b/tests/py/ip6/srh.t.json.output new file mode 100644 index 00000000..e8646888 --- /dev/null +++ b/tests/py/ip6/srh.t.json.output @@ -0,0 +1,21 @@ +# srh tag { 0, 4-127, 0xffff } +[ + { + "match": { + "left": { + "exthdr": { + "field": "tag", + "name": "srh" + } + }, + "right": { + "set": [ + 0, + { "range": [ 4, 127 ] }, + 65535 + ] + } + } + } +] + diff --git a/tests/py/ip6/tcpopt.t.json b/tests/py/ip6/tcpopt.t.json new file mode 100644 index 00000000..8bb79917 --- /dev/null +++ b/tests/py/ip6/tcpopt.t.json @@ -0,0 +1,390 @@ +# tcp option eol kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "eol" + } + }, + "right": 1 + } + } +] + +# tcp option noop kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "noop" + } + }, + "right": 1 + } + } +] + +# tcp option maxseg kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "maxseg" + } + }, + "right": 1 + } + } +] + +# tcp option maxseg length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "maxseg" + } + }, + "right": 1 + } + } +] + +# tcp option maxseg size 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "size", + "name": "maxseg" + } + }, + "right": 1 + } + } +] + +# tcp option window kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "window" + } + }, + "right": 1 + } + } +] + +# tcp option window length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "window" + } + }, + "right": 1 + } + } +] + +# tcp option window count 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "count", + "name": "window" + } + }, + "right": 1 + } + } +] + +# tcp option sack-permitted kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "sack-permitted" + } + }, + "right": 1 + } + } +] + +# tcp option sack-permitted length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "sack-permitted" + } + }, + "right": 1 + } + } +] + +# tcp option sack kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack0 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack1 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack1" + } + }, + "right": 1 + } + } +] + +# tcp option sack2 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack2" + } + }, + "right": 1 + } + } +] + +# tcp option sack3 left 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "left", + "name": "sack3" + } + }, + "right": 1 + } + } +] + +# tcp option sack right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack" + } + }, + "right": 1 + } + } +] + +# tcp option sack0 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack0" + } + }, + "right": 1 + } + } +] + +# tcp option sack1 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack1" + } + }, + "right": 1 + } + } +] + +# tcp option sack2 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack2" + } + }, + "right": 1 + } + } +] + +# tcp option sack3 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack3" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp kind 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "kind", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp length 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "length", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp tsval 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "tsval", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + +# tcp option timestamp tsecr 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "tsecr", + "name": "timestamp" + } + }, + "right": 1 + } + } +] + diff --git a/tests/py/ip6/tcpopt.t.json.output b/tests/py/ip6/tcpopt.t.json.output new file mode 100644 index 00000000..ca6714b7 --- /dev/null +++ b/tests/py/ip6/tcpopt.t.json.output @@ -0,0 +1,15 @@ +# tcp option sack0 right 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "right", + "name": "sack" + } + }, + "right": 1 + } + } +] + diff --git a/tests/py/ip6/vmap.t.json b/tests/py/ip6/vmap.t.json new file mode 100644 index 00000000..1fbe0093 --- /dev/null +++ b/tests/py/ip6/vmap.t.json @@ -0,0 +1,1037 @@ +# ip6 saddr vmap { abcd::3 : accept } +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "abcd::3", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::1234:1234:1234:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234::1234:1234:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234::1234:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234::1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234::1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234::1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:1234::1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:1234:1234::", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::1234:1234:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234::1234:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234::1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234::1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234::1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234::1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:1234::", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::1234:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234::1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234::1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234::1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234::1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234::", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234::1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234::1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234::1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234::1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234::1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234::1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234::", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { ::1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234::1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234::1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234::1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234::1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:: : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234::", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { ::1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234::1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234::1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:: : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234::", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { ::1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:: : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234::", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { ::/64 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + { + "prefix": { + "addr": "::", + "len": 64 + } + }, + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:1234:aaaa::", + { + "accept": null + } + ], + [ + "::aaaa", + { + "drop": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:1234:aaaa::", + { + "accept": null + } + ], + [ + "::bbbb", + { + "drop": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:1234:aaaa::", + { + "accept": null + } + ], + [ + "::cccc", + { + "drop": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:1234:aaaa::", + { + "accept": null + } + ], + [ + "::dddd", + { + "drop": null + } + ] + ] + } + } + } +] + diff --git a/tests/py/ip6/vmap.t.json.output b/tests/py/ip6/vmap.t.json.output new file mode 100644 index 00000000..aba563fc --- /dev/null +++ b/tests/py/ip6/vmap.t.json.output @@ -0,0 +1,336 @@ +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "0:1234:1234:1234:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:0:1234:1234:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:0:1234:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:0:1234:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:0:1234:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:0:1234:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:1234:0:1234", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "1234:1234:1234:1234:1234:1234:1234:0", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap { ::1234:1234 : accept} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::18.52.18.52", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::aaaa", + { + "drop": null + } + ], + [ + "1234:1234:1234:1234:1234:1234:aaaa:0", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::bbbb", + { + "drop": null + } + ], + [ + "1234:1234:1234:1234:1234:1234:aaaa:0", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::cccc", + { + "drop": null + } + ], + [ + "1234:1234:1234:1234:1234:1234:aaaa:0", + { + "accept": null + } + ] + ] + } + } + } +] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} +[ + { + "map": { + "left": { + "payload": { + "field": "saddr", + "name": "ip6" + } + }, + "right": { + "set": [ + [ + "::dddd", + { + "drop": null + } + ], + [ + "1234:1234:1234:1234:1234:1234:aaaa:0", + { + "accept": null + } + ] + ] + } + } + } +] + diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py index 1e26d182..a41b95de 100755 --- a/tests/py/nft-test.py +++ b/tests/py/nft-test.py @@ -17,6 +17,7 @@ import sys import os import argparse import signal +import json TESTS_PATH = os.path.dirname(os.path.abspath(__file__)) TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6"] @@ -669,6 +670,16 @@ def payload_check(payload_buffer, file, cmd): return i > 0 +def json_dump_normalize(json_string, human_readable = False): + json_obj = json.loads(json_string) + + if human_readable: + return json.dumps(json_obj, sort_keys = True, + indent = 4, separators = (',', ': ')) + else: + return json.dumps(json_obj, sort_keys = True) + + def rule_add(rule, filename, lineno, force_all_family_option, filename_path): ''' Adds a rule @@ -688,6 +699,39 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): except: payload_expected = None + if enable_json_option: + try: + json_log = open("%s.json" % filename_path) + json_input = json_find_expected(json_log, rule[0]) + except: + json_input = None + + if not json_input: + print_error("did not find JSON equivalent for rule '%s'" + % rule[0]) + else: + try: + json_input = json_dump_normalize(json_input) + except ValueError: + reason = "Invalid JSON syntax in rule: %s" % json_input + print_error(reason) + return [-1, warning, error, unit_tests] + + try: + json_log = open("%s.json.output" % filename_path) + json_expected = json_find_expected(json_log, rule[0]) + except: + # will use json_input for comparison + json_expected = None + + if json_expected: + try: + json_expected = json_dump_normalize(json_expected) + except ValueError: + reason = "Invalid JSON syntax in expected output: %s" % json_expected + print_error(reason) + return [-1, warning, error, unit_tests] + for table in table_list: if rule[1].strip() == "ok": table_payload_expected = None @@ -708,6 +752,7 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): payload_log = os.tmpfile() + # Add rule and check return code cmd = "add rule %s %s %s" % (table, chain, rule[0]) ret = execute_cmd(cmd, filename, lineno, payload_log, debug="netlink") @@ -747,7 +792,7 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): print_warning("Wrote payload for rule %s" % rule[0], gotf.name, 1) - # Check output of nft + # Check for matching ruleset listing numeric_old = nftables.set_numeric_output("all") stateless_old = nftables.set_stateless_output(True) list_cmd = 'list table %s' % table @@ -796,11 +841,106 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): if not force_all_family_option: return [ret, warning, error, unit_tests] - return [ret, warning, error, unit_tests] + if not enable_json_option: + continue + + # Generate JSON equivalent for rule if not found + if not json_input: + json_old = nftables.set_json_output(True) + rc, json_output, err = nftables.cmd(list_cmd) + nftables.set_json_output(json_old) + + json_output = json.loads(json_output) + for item in json_output["nftables"]: + if "rule" in item: + if "handle" in item["rule"]: + del(item["rule"]["handle"]) + if "position" in item["rule"]: + del(item["rule"]["position"]) + json_output = item["rule"] + break + json_input = json.dumps(json_output["expr"], sort_keys = True) + + gotf = open("%s.json.got" % filename_path, 'a') + jdump = json_dump_normalize(json_input, True) + gotf.write("# %s\n%s\n\n" % (rule[0], jdump)) + gotf.close() + print_warning("Wrote JSON equivalent for rule %s" % rule[0], + gotf.name, 1) + table_flush(table, filename, lineno) + payload_log = os.tmpfile() -def preexec(): - os.setpgrp() # Don't forward signals. + # Add rule in JSON format + cmd = json.dumps({ "nftables": [{ "add": { "rule": { + "family": table.family, + "table": table.name, + "chain": chain.name, + "expr": json.loads(json_input), + }}}]}) + + json_old = nftables.set_json_output(True) + ret = execute_cmd(cmd, filename, lineno, payload_log, debug="netlink") + nftables.set_json_output(json_old) + + if ret != 0: + reason = "Failed to add JSON equivalent rule" + print_error(reason, filename, lineno) + continue + + # Check for matching payload + if not payload_check(table_payload_expected, payload_log, cmd): + error += 1 + gotf = open("%s.json.payload.got" % filename_path, 'a') + payload_log.seek(0, 0) + gotf.write("# %s\n" % rule[0]) + while True: + line = payload_log.readline() + if line == "": + break + gotf.write(line) + gotf.close() + print_warning("Wrote JSON payload for rule %s" % rule[0], + gotf.name, 1) + + # Check for matching ruleset listing + numeric_old = nftables.set_numeric_output("all") + stateless_old = nftables.set_stateless_output(True) + json_old = nftables.set_json_output(True) + rc, json_output, err = nftables.cmd(list_cmd) + nftables.set_json_output(json_old) + nftables.set_numeric_output(numeric_old) + nftables.set_stateless_output(stateless_old) + + json_output = json.loads(json_output) + for item in json_output["nftables"]: + if "rule" in item: + if "handle" in item["rule"]: + del(item["rule"]["handle"]) + if "position" in item["rule"]: + del(item["rule"]["position"]) + json_output = item["rule"] + break + json_output = json.dumps(json_output["expr"], sort_keys = True) + + if not json_expected and json_output != json_input: + print_differences_warning(filename, lineno, + json_input, json_output, cmd) + error += 1 + gotf = open("%s.json.output.got" % filename_path, 'a') + jdump = json_dump_normalize(json_output, True) + gotf.write("# %s\n%s\n\n" % (rule[0], jdump)) + gotf.close() + print_warning("Wrote JSON output for rule %s" % rule[0], + gotf.name, 1) + # prevent further warnings and .got file updates + json_expected = json_output + elif json_expected and json_output != json_expected: + print_differences_warning(filename, lineno, + json_expected, json_output, cmd) + error += 1 + + return [ret, warning, error, unit_tests] def cleanup_on_exit(): @@ -986,6 +1126,37 @@ def payload_find_expected(payload_log, rule): return payload_buffer +def json_find_expected(json_log, rule): + ''' + Find the corresponding JSON for given rule + + :param json_log: open file handle of the json data + :param rule: nft rule we are going to add + ''' + found = 0 + json_buffer = "" + + while True: + line = json_log.readline() + if not line: + break + + if line[0] == "#": # rule start + rule_line = line.strip()[2:] + + if rule_line == rule.strip(): + found = 1 + continue + + if found == 1: + json_buffer += line.rstrip("\n").strip() + if line.isspace(): + return json_buffer + + json_log.seek(0, 0) + return json_buffer + + def run_test_file(filename, force_all_family_option, specific_file): ''' Runs a test file @@ -1139,11 +1310,16 @@ def main(): dest='force_all_family', help='keep testing all families on error') + parser.add_argument('-j', '--enable-json', action='store_true', + dest='enable_json', + help='test JSON functionality as well') + args = parser.parse_args() - global debug_option, need_fix_option + global debug_option, need_fix_option, enable_json_option debug_option = args.debug need_fix_option = args.need_fix_line force_all_family_option = args.force_all_family + enable_json_option = args.enable_json specific_file = False signal.signal(signal.SIGINT, signal_handler) |