diff options
| author | Jeremy Sowden <jeremy@azazel.net> | 2023-04-11 21:45:34 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-06-01 21:43:16 +0200 |
| commit | 6ab0fd6c67dbccedb49209b94eb7f740dd32fd2a (patch) | |
| tree | 8f376a718fd3c1bc28577a6fb00ec5c3ccdf9133 /tests | |
| parent | 19245dd1e0c8e1e007a3b98527e379337d57b49a (diff) | |
exthdr: add boolean DCCP option matching
Iptables supports the matching of DCCP packets based on the presence
or absence of DCCP options. Extend exthdr expressions to add this
functionality to nftables.
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=930
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/py/inet/dccp.t | 5 | ||||
| -rw-r--r-- | tests/py/inet/dccp.t.json | 44 | ||||
| -rw-r--r-- | tests/py/inet/dccp.t.payload | 14 |
3 files changed, 63 insertions, 0 deletions
diff --git a/tests/py/inet/dccp.t b/tests/py/inet/dccp.t index 90142f53..99cddbe7 100644 --- a/tests/py/inet/dccp.t +++ b/tests/py/inet/dccp.t @@ -23,3 +23,8 @@ dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, dccp type != {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok dccp type request;ok dccp type != request;ok + +dccp option 0 exists;ok +dccp option 43 missing;ok +dccp option 255 exists;ok +dccp option 256 exists;fail diff --git a/tests/py/inet/dccp.t.json b/tests/py/inet/dccp.t.json index 806ef5ee..9f47e97b 100644 --- a/tests/py/inet/dccp.t.json +++ b/tests/py/inet/dccp.t.json @@ -230,3 +230,47 @@ } ] +# dccp option 0 exists +[ + { + "match": { + "left": { + "dccp option": { + "type": 0 + } + }, + "op": "==", + "right": true + } + } +] + +# dccp option 43 missing +[ + { + "match": { + "left": { + "dccp option": { + "type": 43 + } + }, + "op": "==", + "right": false + } + } +] + +# dccp option 255 exists +[ + { + "match": { + "left": { + "dccp option": { + "type": 255 + } + }, + "op": "==", + "right": true + } + } +] diff --git a/tests/py/inet/dccp.t.payload b/tests/py/inet/dccp.t.payload index fbe9dc5b..c0b87be1 100644 --- a/tests/py/inet/dccp.t.payload +++ b/tests/py/inet/dccp.t.payload @@ -99,3 +99,17 @@ inet test-inet input [ bitwise reg 1 = ( reg 1 & 0x0000001e ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] +# dccp option 0 exists +ip test-inet input + [ exthdr load 1b @ 0 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# dccp option 43 missing +ip test-inet input + [ exthdr load 1b @ 43 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# dccp option 255 exists +ip test-inet input + [ exthdr load 1b @ 255 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] |