diff options
author | Florian Westphal <fw@strlen.de> | 2015-07-10 11:56:31 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2015-07-20 17:26:37 +0200 |
commit | 0abfb2b7e01ca07efe1be16a1a5bd8925340dc41 (patch) | |
tree | 0b4b3f892c990e66f4a01a5d5ba15d3a9c720d47 /tests/regression/inet/tcp.t.payload.ip | |
parent | efd09355038d53fdd3841ab5ccae1543c4967daf (diff) |
tests: validate generated netlink instructions
compare netlink instructions generated by given nft command line
with recorded version.
Example: udp dport 80 accept in ip family should look like
ip test-ip4 input
[ payload load 1b @ network header + 9 => reg 1 ]
[ cmp eq reg 1 0x00000011 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ cmp eq reg 1 0x00005000 ]
[ immediate reg 0 accept ]
This is stored in udp.t.payload.ip
Other suffixes:
.payload.ip6
.payload.inet
.payload ('any')
The test script first looks for 'testname.t.payload.$family', if that
doesn't exist 'testname.t.payload' is used.
This allows for family independent test (e.g. meta), where we don't
expect/have any family specific expressions.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/regression/inet/tcp.t.payload.ip')
-rw-r--r-- | tests/regression/inet/tcp.t.payload.ip | 500 |
1 files changed, 500 insertions, 0 deletions
diff --git a/tests/regression/inet/tcp.t.payload.ip b/tests/regression/inet/tcp.t.payload.ip new file mode 100644 index 00000000..c21cca1b --- /dev/null +++ b/tests/regression/inet/tcp.t.payload.ip @@ -0,0 +1,500 @@ +# tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp dport != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp dport 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp dport != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp dport { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport {telnet, http, https} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# tcp dport vmap { 22 : accept, 23 : drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001600 : 0 [end] element 00001700 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport vmap { 25:accept, 28:drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport { 22, 53, 80, 110 } +set%d test-ip4 3 +set%d test-ip4 0 + element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp sport 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp sport != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp sport { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport vmap { 25:accept, 28:drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp sport 8080 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000901f ] + [ immediate reg 0 drop ] + +# tcp sport 1024 tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 ] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +set%d test-ip4 3 +set%d test-ip4 0 + element 00000004 : 0 [end] element 0000fe03 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ payload load 6b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 0x00000000 ] + +# tcp sequence 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp sequence != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp sequence 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp sequence != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp sequence { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sequence { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq 42949672 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x285c8f02 ] + [ immediate reg 0 drop ] + +# tcp ackseq 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp ackseq != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp ackseq 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp ackseq != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp ackseq { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# tcp flags cwr +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags != cwr +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ cmp neq reg 1 0x00000080 ] + +# tcp window 22222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x0000ce56 ] + +# tcp window 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp window != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp window 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp window != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp window { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp window { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum 23456 log drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x0000a05b ] + [ log prefix (null) ] + [ immediate reg 0 drop ] + +# tcp checksum 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp checksum != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp checksum 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp checksum != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr 1234 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 0 accept ] + +# tcp urgptr 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp urgptr != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp urgptr 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp urgptr != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp urgptr { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + |