diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-16 23:30:18 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-18 03:14:58 +0200 |
commit | 6f2eb8548e0d18078989adec069b438b2f154767 (patch) | |
tree | 6e2e838e8a6c20f24a8ce2d8fea65e0fa3966f26 /tests | |
parent | 860979abdbe3081c310a5acd9250abdfcb741ce4 (diff) |
src: meta priority support using tc classid
This patch adds the missing bits to scan and parse the meta priority
handle as expressed by tc classid major:minor syntax.
The :minor syntax is not support for two reason: major is always >= 1
and this clashes with port syntax in nat.
Here below, several example on how to match the packet priority field:
nft add rule filter forward meta priority abcd:0
nft add rule filter forward meta priority abcd:1234
and to set it, you have to:
nft add rule filter forward meta priority set abcd:1234
The priority expression in flex looks ahead to restrict the pattern to
avoid problems with mappings:
{classid}/[ \t\n:\-},]
So the following doesn't break:
... vmap { 25:accept }
^^^^^
The lookahead expression requires a slight change to extend the input
string in one byte.
This patch is conservative as you always have to explicity indicate
major and minor numbers even if zero.
We could consider supporting this shortcut in the future:
abcd:
However, with regards to this:
:abcd
We don't need to support it since major number is assumed to be >= 1.
However, if we ever decide to support this, we'll have problems since
this clashes with our port representation in redirect and mangle.
So let's keep this simple and start with this approach.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/py/any/meta.t | 22 | ||||
-rw-r--r-- | tests/py/any/meta.t.payload | 73 |
2 files changed, 86 insertions, 9 deletions
diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t index 9015a219..ceeac485 100644 --- a/tests/py/any/meta.t +++ b/tests/py/any/meta.t @@ -38,15 +38,19 @@ meta l4proto { 33, 55, 67, 88};ok;meta l4proto { 33, 55, 67, 88} meta l4proto { 33-55};ok - meta l4proto != { 33-55};ok -- meta priority :aabb;ok -- meta priority bcad:dadc;ok -- meta priority aabb:;ok -- meta priority != :aabb;ok -- meta priority != bcad:dadc;ok -- meta priority != aabb:;ok -- meta priority bcad:dada-bcad:dadc;ok -- meta priority != bcad:dada-bcad:dadc;ok -- meta priority {bcad:dada, bcad:dadc, aaaa:bbbb};ok +meta priority root;ok +meta priority none;ok +meta priority 0x87654321;ok;meta priority 8765:4321 +meta priority 2271560481;ok;meta priority 8765:4321 +meta priority 1:1234;ok +meta priority bcad:dadc;ok +meta priority aabb:0;ok +meta priority != bcad:dadc;ok +meta priority != aabb:0;ok +meta priority bcad:dada-bcad:dadc;ok +meta priority != bcad:dada-bcad:dadc;ok +meta priority {bcad:dada, bcad:dadc, aaaa:bbbb};ok +meta priority set cafe:beef;ok - meta priority != {bcad:dada, bcad:dadc, aaaa:bbbb};ok meta mark 0x4;ok;mark 0x00000004 diff --git a/tests/py/any/meta.t.payload b/tests/py/any/meta.t.payload index 0affd925..19bb17c0 100644 --- a/tests/py/any/meta.t.payload +++ b/tests/py/any/meta.t.payload @@ -790,3 +790,76 @@ ip test-ip4 input ip test-ip4 input [ meta load prandom => reg 1 ] [ cmp gt reg 1 0x40420f00 ] + +# meta priority root +ip test-ip4 input + [ meta load priority => reg 1 ] + [ cmp eq reg 1 0xffffffff ] + +# meta priority none +netdev test-netdev ingress + [ meta load priority => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta priority 1:1234 +ip test-ip4 input + [ meta load priority => reg 1 ] + [ cmp eq reg 1 0x00011234 ] + +# meta priority bcad:dadc +ip test-ip4 input + [ meta load priority => reg 1 ] + [ cmp eq reg 1 0xbcaddadc ] + +# meta priority aabb:0 +ip test-ip4 input + [ meta load priority => reg 1 ] + [ cmp eq reg 1 0xaabb0000 ] + +# meta priority != bcad:dadc +ip test-ip4 input + [ meta load priority => reg 1 ] + [ cmp neq reg 1 0xbcaddadc ] + +# meta priority != aabb:0 +ip test-ip4 input + [ meta load priority => reg 1 ] + [ cmp neq reg 1 0xaabb0000 ] + +# meta priority bcad:dada-bcad:dadc +ip test-ip4 input + [ meta load priority => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0xdadaadbc ] + [ cmp lte reg 1 0xdcdaadbc ] + +# meta priority != bcad:dada-bcad:dadc +ip test-ip4 input + [ meta load priority => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0xdadaadbc ] + [ cmp gt reg 1 0xdcdaadbc ] + +# meta priority {bcad:dada, bcad:dadc, aaaa:bbbb} +__set%d test-ip4 3 +__set%d test-ip4 0 + element bcaddada : 0 [end] element bcaddadc : 0 [end] element aaaabbbb : 0 [end] +ip test-ip4 input + [ meta load priority => reg 1 ] + [ lookup reg 1 set __set%d ] + +# meta priority set cafe:beef +ip test-ip4 input + [ immediate reg 1 0xcafebeef ] + [ meta set priority with reg 1 ] + +# meta priority 0x87654321 +ip test-ip4 input + [ meta load priority => reg 1 ] + [ cmp eq reg 1 0x87654321 ] + +# meta priority 2271560481 +ip test-ip4 input + [ meta load priority => reg 1 ] + [ cmp eq reg 1 0x87654321 ] + |