diff options
Diffstat (limited to 'tests/py/any')
41 files changed, 1488 insertions, 1204 deletions
diff --git a/tests/py/any/counter.t b/tests/py/any/counter.t new file mode 100644 index 00000000..1c72742c --- /dev/null +++ b/tests/py/any/counter.t @@ -0,0 +1,14 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 + +*ip;test-ip4;input +*ip6;test-ip6;input +*inet;test-inet;input +*arp;test-arp;input +*bridge;test-bridge;input +*netdev;test-netdev;ingress + +counter;ok +counter packets 0 bytes 0;ok;counter +counter packets 2 bytes 1;ok;counter +counter bytes 1024 packets 1;ok;counter diff --git a/tests/py/any/counter.t.json b/tests/py/any/counter.t.json new file mode 100644 index 00000000..2d1eaa99 --- /dev/null +++ b/tests/py/any/counter.t.json @@ -0,0 +1,39 @@ +# counter +[ + { + "counter": { + "bytes": 0, + "packets": 0 + } + } +] + +# counter packets 0 bytes 0 +[ + { + "counter": { + "bytes": 0, + "packets": 0 + } + } +] + +# counter packets 2 bytes 1 +[ + { + "counter": { + "bytes": 1, + "packets": 2 + } + } +] + +# counter bytes 1024 packets 1 +[ + { + "counter": { + "bytes": 1024, + "packets": 1 + } + } +] diff --git a/tests/py/any/counter.t.json.output b/tests/py/any/counter.t.json.output new file mode 100644 index 00000000..6a62ffb0 --- /dev/null +++ b/tests/py/any/counter.t.json.output @@ -0,0 +1,28 @@ +# counter +[ + { + "counter": null + } +] + +# counter packets 0 bytes 0 +[ + { + "counter": null + } +] + +# counter packets 2 bytes 1 +[ + { + "counter": null + } +] + +# counter bytes 1024 packets 1 +[ + { + "counter": null + } +] + diff --git a/tests/py/any/counter.t.payload b/tests/py/any/counter.t.payload new file mode 100644 index 00000000..23e96bae --- /dev/null +++ b/tests/py/any/counter.t.payload @@ -0,0 +1,15 @@ +# counter +ip + [ counter pkts 0 bytes 0 ] + +# counter packets 0 bytes 0 +ip + [ counter pkts 0 bytes 0 ] + +# counter packets 2 bytes 1 +ip + [ counter pkts 2 bytes 1 ] + +# counter bytes 1024 packets 1 +ip + [ counter pkts 1 bytes 1024 ] diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t index cc09aebc..f73fa4e7 100644 --- a/tests/py/any/ct.t +++ b/tests/py/any/ct.t @@ -26,9 +26,11 @@ ct status != expected;ok ct status seen-reply;ok ct status != seen-reply;ok ct status {expected, seen-reply, assured, confirmed, dying};ok +ct status != {expected, seen-reply, assured, confirmed, dying};ok ct status expected,seen-reply,assured,confirmed,snat,dnat,dying;ok ct status snat;ok ct status dnat;ok +ct status ! dnat;ok ct status xxx;fail ct mark 0;ok;ct mark 0x00000000 @@ -67,7 +69,7 @@ ct event set {new, related, destroy, label};fail ct expiration 30s;ok ct expiration 30000ms;ok;ct expiration 30s -ct expiration 1m-1h;ok +ct expiration 1m-1h;ok;ct expiration 60s-3600s ct expiration 1d-1h;fail ct expiration > 4d23h59m59s;ok ct expiration != 233;ok;ct expiration != 3m53s @@ -75,8 +77,8 @@ ct expiration 33-45;ok;ct expiration 33s-45s ct expiration != 33-45;ok;ct expiration != 33s-45s ct expiration {33, 55, 67, 88};ok;ct expiration { 1m7s, 33s, 55s, 1m28s} ct expiration != {33, 55, 67, 88};ok;ct expiration != { 1m7s, 33s, 55s, 1m28s} -ct expiration {33-55, 66-88};ok;ct expiration { 33s-55s, 1m6s-1m28s} -ct expiration != {33-55, 66-88};ok;ct expiration != { 33s-55s, 1m6s-1m28s} +ct expiration {33-55, 66-88};ok;ct expiration { 33s-55s, 66s-88s} +ct expiration != {33-55, 66-88};ok;ct expiration != { 33s-55s, 66s-88s} ct helper "ftp";ok ct helper "12345678901234567";fail @@ -142,3 +144,6 @@ ct set invalid original 42;fail ct set invalid 42;fail notrack;ok + +ct count 3;ok +ct count over 3;ok diff --git a/tests/py/any/ct.t.json b/tests/py/any/ct.t.json index 59ac27c3..a2a06025 100644 --- a/tests/py/any/ct.t.json +++ b/tests/py/any/ct.t.json @@ -311,6 +311,29 @@ } ] +# ct status != {expected, seen-reply, assured, confirmed, dying} +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "!=", + "right": { + "set": [ + "expected", + "seen-reply", + "assured", + "confirmed", + "dying" + ] + } + } + } +] + # ct status expected,seen-reply,assured,confirmed,snat,dnat,dying [ { @@ -364,6 +387,21 @@ } ] +# ct status ! dnat +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "!", + "right": "dnat" + } + } +] + # ct mark 0 [ { @@ -989,39 +1027,6 @@ } ] -# ct state . ct mark { new . 0x12345678} -[ - { - "match": { - "left": { - "concat": [ - { - "ct": { - "key": "state" - } - }, - { - "ct": { - "key": "mark" - } - } - ] - }, - "op": "==", - "right": { - "set": [ - { - "concat": [ - "new", - "0x12345678" - ] - } - ] - } - } - } -] - # ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634} [ { @@ -1449,6 +1454,21 @@ } ] +# ct id 12345 +[ + { + "match": { + "left": { + "ct": { + "key": "id" + } + }, + "op": "==", + "right": 12345 + } + } +] + # ct zone set mark map { 1 : 1, 2 : 2 } [ { @@ -1482,3 +1502,22 @@ } ] +# ct count 3 +[ + { + "ct count": { + "val": 3 + } + } +] + +# ct count over 3 +[ + { + "ct count": { + "inv": true, + "val": 3 + } + } +] + diff --git a/tests/py/any/ct.t.json.output b/tests/py/any/ct.t.json.output index aced3817..70ade7e3 100644 --- a/tests/py/any/ct.t.json.output +++ b/tests/py/any/ct.t.json.output @@ -527,14 +527,14 @@ "set": [ { "concat": [ - "established", - 309876276 + "new", + 305419896 ] }, { "concat": [ - "new", - 305419896 + "established", + 309876276 ] }, { @@ -611,23 +611,23 @@ [ { "concat": [ - "established", - 2271560481 + "new", + 305419896 ] }, { - "accept": null + "drop": null } ], [ { "concat": [ - "new", - 305419896 + "established", + 2271560481 ] }, { - "drop": null + "accept": null } ] ] diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload index ccbddc89..ed868e53 100644 --- a/tests/py/any/ct.t.payload +++ b/tests/py/any/ct.t.payload @@ -1,7 +1,7 @@ # ct state new,established, related, untracked ip test-ip4 output [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000004e ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000004e ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct state != related @@ -28,21 +28,21 @@ ip test-ip4 output # ct state invalid drop ip test-ip4 output [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ immediate reg 0 drop ] # ct state established accept ip test-ip4 output [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ immediate reg 0 accept ] # ct state 8 ip test-ip4 output [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000008 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000008 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct direction original @@ -84,7 +84,7 @@ ip test-ip4 output # ct status expected ip test-ip4 output [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct status != expected @@ -95,7 +95,7 @@ ip test-ip4 output # ct status seen-reply ip test-ip4 output [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct status != seen-reply @@ -127,25 +127,25 @@ ip test-ip4 output # ct mark or 0x23 == 0x11 ip test-ip4 output [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffdc ) ^ 0x00000023 ] + [ bitwise reg 1 = ( reg 1 & 0xffffffdc ) ^ 0x00000023 ] [ cmp eq reg 1 0x00000011 ] # ct mark or 0x3 != 0x1 ip test-ip4 output [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffc ) ^ 0x00000003 ] [ cmp neq reg 1 0x00000001 ] # ct mark and 0x23 == 0x11 ip test-ip4 output [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000023 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000023 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000011 ] # ct mark and 0x3 != 0x1 ip test-ip4 output [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000001 ] # ct mark xor 0x23 == 0x11 @@ -306,15 +306,6 @@ ip test-ip4 output [ ct load helper => reg 1 ] [ cmp eq reg 1 0x00707466 0x00000000 0x00000000 0x00000000 ] -# ct state . ct mark { new . 0x12345678} -__set%d test 3 -__set%d test 0 - element 00000008 12345678 : 0 [end] -ip test-ip4 output - [ ct load state => reg 1 ] - [ ct load mark => reg 9 ] - [ lookup reg 1 set __set%d ] - # ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634} __set%d test-ip4 3 __set%d test-ip4 0 @@ -330,23 +321,9 @@ ip test-ip4 output [ ct set mark with reg 1 ] # ct mark set (meta mark | 0x10) << 8 -ip test-ip4 output - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffef ) ^ 0x00000010 ] - [ bitwise reg 1 = ( reg 1 << 0x00000008 ) ] - [ ct set mark with reg 1 ] - -# ct mark set (meta mark | 0x10) << 8 -ip6 test-ip6 output - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffef ) ^ 0x00000010 ] - [ bitwise reg 1 = ( reg 1 << 0x00000008 ) ] - [ ct set mark with reg 1 ] - -# ct mark set (meta mark | 0x10) << 8 inet test-inet output [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffef ) ^ 0x00000010 ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] [ bitwise reg 1 = ( reg 1 << 0x00000008 ) ] [ ct set mark with reg 1 ] @@ -392,19 +369,19 @@ ip test-ip4 output # ct status expected,seen-reply,assured,confirmed,snat,dnat,dying ip test-ip4 output [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000023f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000023f ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct status snat ip test-ip4 output [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct status dnat ip test-ip4 output [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000020 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct event set new @@ -440,7 +417,7 @@ ip test-ip4 output # ct label 127 ip test-ip4 output [ ct load label => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000000 0x00000000 0x00000000 0x80000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000000 0x00000000 0x00000000 0x80000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] [ cmp neq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] # ct label set 127 @@ -508,7 +485,7 @@ ip test-ip4 output # ct state . ct mark vmap { new . 0x12345678 : drop, established . 0x87654321 : accept} __map%d test-ip4 b size 2 __map%d test-ip4 0 - element 00000008 12345678 : 0 [end] element 00000002 87654321 : 0 [end] + element 00000008 12345678 : drop 0 [end] element 00000002 87654321 : accept 0 [end] ip test-ip4 output [ ct load state => reg 1 ] [ ct load mark => reg 9 ] @@ -517,7 +494,7 @@ ip test-ip4 output # ct mark set ct mark or 0x00000001 ip test-ip4 output [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffe ) ^ 0x00000001 ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffe ) ^ 0x00000001 ] [ ct set mark with reg 1 ] # ct id 12345 @@ -525,3 +502,17 @@ ip test-ip4 output [ ct load unknown => reg 1 ] [ cmp eq reg 1 0x39300000 ] +# ct status ! dnat +ip6 + [ ct load status => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# ct count 3 +ip test-ip4 output + [ connlimit count 3 flags 0 ] + +# ct count over 3 +ip test-ip4 output + [ connlimit count 3 flags 1 ] + diff --git a/tests/py/any/dup.t b/tests/py/any/dup.t deleted file mode 100644 index 181b4195..00000000 --- a/tests/py/any/dup.t +++ /dev/null @@ -1,7 +0,0 @@ -:ingress;type filter hook ingress device lo priority 0 - -*netdev;test-netdev;ingress - -dup to "lo";ok -dup to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"};ok - diff --git a/tests/py/any/dup.t.json b/tests/py/any/dup.t.json deleted file mode 100644 index dc56f649..00000000 --- a/tests/py/any/dup.t.json +++ /dev/null @@ -1,30 +0,0 @@ -# dup to "lo" -[ - { - "dup": { - "addr": "lo" - } - } -] - -# dup to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"} -[ - { - "dup": { - "addr": { - "map": { - "key": { - "meta": { "key": "mark" } - }, - "data": { - "set": [ - [ 1, "lo" ], - [ 2, "lo" ] - ] - } - } - } - } - } -] - diff --git a/tests/py/any/dup.t.payload b/tests/py/any/dup.t.payload deleted file mode 100644 index 51ff782c..00000000 --- a/tests/py/any/dup.t.payload +++ /dev/null @@ -1,14 +0,0 @@ -# dup to "lo" -netdev test-netdev ingress - [ immediate reg 1 0x00000001 ] - [ dup sreg_dev 1 ] - -# dup to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"} -__map%d test-netdev b -__map%d test-netdev 0 - element 00000001 : 00000001 0 [end] element 00000002 : 00000001 0 [end] -netdev test-netdev ingress - [ meta load mark => reg 1 ] - [ lookup reg 1 set __map%d dreg 1 ] - [ dup sreg_dev 1 ] - diff --git a/tests/py/any/fwd.t b/tests/py/any/fwd.t deleted file mode 100644 index 2e34d55a..00000000 --- a/tests/py/any/fwd.t +++ /dev/null @@ -1,8 +0,0 @@ -:ingress;type filter hook ingress device lo priority 0 - -*netdev;test-netdev;ingress - -fwd to "lo";ok -fwd to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"};ok - -fwd ip to 192.168.2.200 device "lo";ok diff --git a/tests/py/any/fwd.t.json b/tests/py/any/fwd.t.json deleted file mode 100644 index 583606c0..00000000 --- a/tests/py/any/fwd.t.json +++ /dev/null @@ -1,47 +0,0 @@ -# fwd to "lo" -[ - { - "fwd": { - "dev": "lo" - } - } -] - -# fwd to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"} -[ - { - "fwd": { - "dev": { - "map": { - "key": { - "meta": { "key": "mark" } - }, - "data": { - "set": [ - [ - "0x00000001", - "lo" - ], - [ - "0x00000002", - "lo" - ] - ] - } - } - } - } - } -] - -# fwd ip to 192.168.2.200 device "lo" -[ - { - "fwd": { - "addr": "192.168.2.200", - "dev": "lo", - "family": "ip" - } - } -] - diff --git a/tests/py/any/fwd.t.json.output b/tests/py/any/fwd.t.json.output deleted file mode 100644 index 8433e492..00000000 --- a/tests/py/any/fwd.t.json.output +++ /dev/null @@ -1,27 +0,0 @@ -# fwd to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"} -[ - { - "fwd": { - "dev": { - "map": { - "key": { - "meta": { "key": "mark" } - }, - "data": { - "set": [ - [ - 1, - "lo" - ], - [ - 2, - "lo" - ] - ] - } - } - } - } - } -] - diff --git a/tests/py/any/fwd.t.payload b/tests/py/any/fwd.t.payload deleted file mode 100644 index f03077a6..00000000 --- a/tests/py/any/fwd.t.payload +++ /dev/null @@ -1,20 +0,0 @@ -# fwd to "lo" -netdev test-netdev ingress - [ immediate reg 1 0x00000001 ] - [ fwd sreg_dev 1 ] - -# fwd to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"} -__map%d test-netdev b -__map%d test-netdev 0 - element 00000001 : 00000001 0 [end] element 00000002 : 00000001 0 [end] -netdev test-netdev ingress - [ meta load mark => reg 1 ] - [ lookup reg 1 set __map%d dreg 1 ] - [ fwd sreg_dev 1 ] - -# fwd ip to 192.168.2.200 device "lo" -netdev test-netdev ingress - [ immediate reg 1 0x00000001 ] - [ immediate reg 2 0xc802a8c0 ] - [ fwd sreg_dev 1 sreg_addr 2 nfproto 2 ] - diff --git a/tests/py/any/icmpX.t.netdev b/tests/py/any/icmpX.t.netdev index a327ce6a..cf402428 100644 --- a/tests/py/any/icmpX.t.netdev +++ b/tests/py/any/icmpX.t.netdev @@ -1,6 +1,7 @@ :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress ip protocol icmp icmp type echo-request;ok;icmp type echo-request icmp type echo-request;ok diff --git a/tests/py/any/last.t b/tests/py/any/last.t new file mode 100644 index 00000000..5c530461 --- /dev/null +++ b/tests/py/any/last.t @@ -0,0 +1,13 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 + +*ip;test-ip4;input +*ip6;test-ip6;input +*inet;test-inet;input +*arp;test-arp;input +*bridge;test-bridge;input +*netdev;test-netdev;ingress + +last;ok +last used 300s;ok;last +last used foo;fail diff --git a/tests/py/any/last.t.json b/tests/py/any/last.t.json new file mode 100644 index 00000000..2a2b9e72 --- /dev/null +++ b/tests/py/any/last.t.json @@ -0,0 +1,16 @@ +# last +[ + { + "last": null + } +] + +# last used 300s +[ + { + "last": { + "used": 300000 + } + } +] + diff --git a/tests/py/any/last.t.json.output b/tests/py/any/last.t.json.output new file mode 100644 index 00000000..e8ec4f47 --- /dev/null +++ b/tests/py/any/last.t.json.output @@ -0,0 +1,7 @@ +# last used 300s +[ + { + "last": null + } +] + diff --git a/tests/py/any/last.t.payload b/tests/py/any/last.t.payload new file mode 100644 index 00000000..ed47d0f3 --- /dev/null +++ b/tests/py/any/last.t.payload @@ -0,0 +1,8 @@ +# last +ip + [ last never ] + +# last used 300s +ip + [ last 300000 ] + diff --git a/tests/py/any/limit.t b/tests/py/any/limit.t index ef7f9313..2a84e3f5 100644 --- a/tests/py/any/limit.t +++ b/tests/py/any/limit.t @@ -1,18 +1,19 @@ :output;type filter hook output priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;output *ip6;test-ip6;output *inet;test-inet;output *arp;test-arp;output *bridge;test-bridge;output -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress -limit rate 400/minute;ok -limit rate 20/second;ok -limit rate 400/hour;ok -limit rate 40/day;ok -limit rate 400/week;ok +limit rate 400/minute;ok;limit rate 400/minute burst 5 packets +limit rate 20/second;ok;limit rate 20/second burst 5 packets +limit rate 400/hour;ok;limit rate 400/hour burst 5 packets +limit rate 40/day;ok;limit rate 40/day burst 5 packets +limit rate 400/week;ok;limit rate 400/week burst 5 packets limit rate 1023/second burst 10 packets;ok limit rate 1023/second burst 10 bytes;fail @@ -21,19 +22,22 @@ limit rate 2 kbytes/second;ok limit rate 1025 kbytes/second;ok limit rate 1023 mbytes/second;ok limit rate 10230 mbytes/second;ok -limit rate 1023000 mbytes/second;ok limit rate 512 kbytes/second burst 5 packets;fail +limit rate 1 bytes / second;ok;limit rate 1 bytes/second +limit rate 1 kbytes / second;ok;limit rate 1 kbytes/second +limit rate 1 mbytes / second;ok;limit rate 1 mbytes/second +limit rate 1 gbytes / second;fail + limit rate 1025 bytes/second burst 512 bytes;ok limit rate 1025 kbytes/second burst 1023 kbytes;ok limit rate 1025 mbytes/second burst 1025 kbytes;ok -limit rate 1025000 mbytes/second burst 1023 mbytes;ok -limit rate over 400/minute;ok -limit rate over 20/second;ok -limit rate over 400/hour;ok -limit rate over 40/day;ok -limit rate over 400/week;ok +limit rate over 400/minute;ok;limit rate over 400/minute burst 5 packets +limit rate over 20/second;ok;limit rate over 20/second burst 5 packets +limit rate over 400/hour;ok;limit rate over 400/hour burst 5 packets +limit rate over 40/day;ok;limit rate over 40/day burst 5 packets +limit rate over 400/week;ok;limit rate over 400/week burst 5 packets limit rate over 1023/second burst 10 packets;ok limit rate over 1 kbytes/second;ok @@ -41,9 +45,7 @@ limit rate over 2 kbytes/second;ok limit rate over 1025 kbytes/second;ok limit rate over 1023 mbytes/second;ok limit rate over 10230 mbytes/second;ok -limit rate over 1023000 mbytes/second;ok limit rate over 1025 bytes/second burst 512 bytes;ok limit rate over 1025 kbytes/second burst 1023 kbytes;ok limit rate over 1025 mbytes/second burst 1025 kbytes;ok -limit rate over 1025000 mbytes/second burst 1023 mbytes;ok diff --git a/tests/py/any/limit.t.json b/tests/py/any/limit.t.json index 8bab7e3d..73160b27 100644 --- a/tests/py/any/limit.t.json +++ b/tests/py/any/limit.t.json @@ -114,12 +114,40 @@ } ] -# limit rate 1023000 mbytes/second +# limit rate 1 bytes / second [ { "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 1, + "rate_unit": "bytes" + } + } +] + +# limit rate 1 kbytes / second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 1, + "rate_unit": "kbytes" + } + } +] + +# limit rate 1 mbytes / second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", "per": "second", - "rate": 1023000, + "rate": 1, "rate_unit": "mbytes" } } @@ -164,19 +192,6 @@ } ] -# limit rate 1025000 mbytes/second burst 1023 mbytes -[ - { - "limit": { - "burst": 1023, - "burst_unit": "mbytes", - "per": "second", - "rate": 1025000, - "rate_unit": "mbytes" - } - } -] - # limit rate over 400/minute [ { @@ -304,18 +319,6 @@ } ] -# limit rate over 1023000 mbytes/second -[ - { - "limit": { - "inv": true, - "per": "second", - "rate": 1023000, - "rate_unit": "mbytes" - } - } -] - # limit rate over 1025 bytes/second burst 512 bytes [ { @@ -357,18 +360,3 @@ } } ] - -# limit rate over 1025000 mbytes/second burst 1023 mbytes -[ - { - "limit": { - "burst": 1023, - "burst_unit": "mbytes", - "inv": true, - "per": "second", - "rate": 1025000, - "rate_unit": "mbytes" - } - } -] - diff --git a/tests/py/any/limit.t.json.output b/tests/py/any/limit.t.json.output new file mode 100644 index 00000000..2c94d2de --- /dev/null +++ b/tests/py/any/limit.t.json.output @@ -0,0 +1,249 @@ +# limit rate 400/minute +[ + { + "limit": { + "burst": 5, + "per": "minute", + "rate": 400 + } + } +] + +# limit rate 20/second +[ + { + "limit": { + "burst": 5, + "per": "second", + "rate": 20 + } + } +] + +# limit rate 400/hour +[ + { + "limit": { + "burst": 5, + "per": "hour", + "rate": 400 + } + } +] + +# limit rate 40/day +[ + { + "limit": { + "burst": 5, + "per": "day", + "rate": 40 + } + } +] + +# limit rate 400/week +[ + { + "limit": { + "burst": 5, + "per": "week", + "rate": 400 + } + } +] + +# limit rate 1 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 1, + "rate_unit": "kbytes" + } + } +] + +# limit rate 2 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 2, + "rate_unit": "kbytes" + } + } +] + +# limit rate 1025 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 1025, + "rate_unit": "kbytes" + } + } +] + +# limit rate 1023 mbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 1023, + "rate_unit": "mbytes" + } + } +] + +# limit rate 10230 mbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 10230, + "rate_unit": "mbytes" + } + } +] + +# limit rate over 400/minute +[ + { + "limit": { + "burst": 5, + "inv": true, + "per": "minute", + "rate": 400 + } + } +] + +# limit rate over 20/second +[ + { + "limit": { + "burst": 5, + "inv": true, + "per": "second", + "rate": 20 + } + } +] + +# limit rate over 400/hour +[ + { + "limit": { + "burst": 5, + "inv": true, + "per": "hour", + "rate": 400 + } + } +] + +# limit rate over 40/day +[ + { + "limit": { + "burst": 5, + "inv": true, + "per": "day", + "rate": 40 + } + } +] + +# limit rate over 400/week +[ + { + "limit": { + "burst": 5, + "inv": true, + "per": "week", + "rate": 400 + } + } +] + +# limit rate over 1 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 1, + "rate_unit": "kbytes" + } + } +] + +# limit rate over 2 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 2, + "rate_unit": "kbytes" + } + } +] + +# limit rate over 1025 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 1025, + "rate_unit": "kbytes" + } + } +] + +# limit rate over 1023 mbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 1023, + "rate_unit": "mbytes" + } + } +] + +# limit rate over 10230 mbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 10230, + "rate_unit": "mbytes" + } + } +] diff --git a/tests/py/any/limit.t.payload b/tests/py/any/limit.t.payload index b0cc84b4..dc6701b3 100644 --- a/tests/py/any/limit.t.payload +++ b/tests/py/any/limit.t.payload @@ -1,22 +1,22 @@ # limit rate 400/minute ip test-ip4 output - [ limit rate 400/minute burst 0 type packets flags 0x0 ] + [ limit rate 400/minute burst 5 type packets flags 0x0 ] # limit rate 20/second ip test-ip4 output - [ limit rate 20/second burst 0 type packets flags 0x0 ] + [ limit rate 20/second burst 5 type packets flags 0x0 ] # limit rate 400/hour ip test-ip4 output - [ limit rate 400/hour burst 0 type packets flags 0x0 ] + [ limit rate 400/hour burst 5 type packets flags 0x0 ] # limit rate 400/week ip test-ip4 output - [ limit rate 400/week burst 0 type packets flags 0x0 ] + [ limit rate 400/week burst 5 type packets flags 0x0 ] # limit rate 40/day ip test-ip4 output - [ limit rate 40/day burst 0 type packets flags 0x0 ] + [ limit rate 40/day burst 5 type packets flags 0x0 ] # limit rate 1023/second burst 10 packets ip test-ip4 output @@ -42,9 +42,18 @@ ip test-ip4 output ip test-ip4 output [ limit rate 10726932480/second burst 0 type bytes flags 0x0 ] -# limit rate 1023000 mbytes/second -ip test-ip4 output - [ limit rate 1072693248000/second burst 0 type bytes flags 0x0 ] +# limit rate 1 bytes / second +ip + [ limit rate 1/second burst 0 type bytes flags 0x0 ] + +# limit rate 1 kbytes / second +ip + [ limit rate 1024/second burst 0 type bytes flags 0x0 ] + +# limit rate 1 mbytes / second +ip + [ limit rate 1048576/second burst 0 type bytes flags 0x0 ] + # limit rate 1025 bytes/second burst 512 bytes ip test-ip4 output @@ -58,29 +67,25 @@ ip test-ip4 output ip test-ip4 output [ limit rate 1074790400/second burst 1049600 type bytes flags 0x0 ] -# limit rate 1025000 mbytes/second burst 1023 mbytes -ip test-ip4 output - [ limit rate 1074790400000/second burst 1072693248 type bytes flags 0x0 ] - # limit rate over 400/minute ip test-ip4 output - [ limit rate 400/minute burst 0 type packets flags 0x1 ] + [ limit rate 400/minute burst 5 type packets flags 0x1 ] # limit rate over 20/second ip test-ip4 output - [ limit rate 20/second burst 0 type packets flags 0x1 ] + [ limit rate 20/second burst 5 type packets flags 0x1 ] # limit rate over 400/hour ip test-ip4 output - [ limit rate 400/hour burst 0 type packets flags 0x1 ] + [ limit rate 400/hour burst 5 type packets flags 0x1 ] # limit rate over 400/week ip test-ip4 output - [ limit rate 400/week burst 0 type packets flags 0x1 ] + [ limit rate 400/week burst 5 type packets flags 0x1 ] # limit rate over 40/day ip test-ip4 output - [ limit rate 40/day burst 0 type packets flags 0x1 ] + [ limit rate 40/day burst 5 type packets flags 0x1 ] # limit rate over 1023/second burst 10 packets ip test-ip4 output @@ -106,10 +111,6 @@ ip test-ip4 output ip test-ip4 output [ limit rate 10726932480/second burst 0 type bytes flags 0x1 ] -# limit rate over 1023000 mbytes/second -ip test-ip4 output - [ limit rate 1072693248000/second burst 0 type bytes flags 0x1 ] - # limit rate over 1025 bytes/second burst 512 bytes ip test-ip4 output [ limit rate 1025/second burst 512 type bytes flags 0x1 ] @@ -121,8 +122,3 @@ ip test-ip4 output # limit rate over 1025 mbytes/second burst 1025 kbytes ip test-ip4 output [ limit rate 1074790400/second burst 1049600 type bytes flags 0x1 ] - -# limit rate over 1025000 mbytes/second burst 1023 mbytes -ip test-ip4 output - [ limit rate 1074790400000/second burst 1072693248 type bytes flags 0x1 ] - diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t index 327f973f..bd10c56d 100644 --- a/tests/py/any/meta.t +++ b/tests/py/any/meta.t @@ -1,12 +1,13 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input *arp;test-arp;input *bridge;test-bridge;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress meta length 1000;ok meta length 22;ok @@ -20,8 +21,8 @@ meta length != { 33, 55, 67, 88};ok meta length { 33-55, 66-88};ok meta length != { 33-55, 66-88};ok -meta protocol { ip, arp, ip6, vlan };ok;meta protocol { ip6, ip, vlan, arp} -meta protocol != {ip, arp, ip6, vlan};ok +meta protocol { ip, arp, ip6, vlan };ok;meta protocol { ip6, ip, 8021q, arp} +meta protocol != {ip, arp, ip6, 8021q};ok meta protocol ip;ok meta protocol != ip;ok @@ -29,7 +30,7 @@ meta l4proto 22;ok meta l4proto != 233;ok meta l4proto 33-45;ok meta l4proto != 33-45;ok -meta l4proto { 33, 55, 67, 88};ok;meta l4proto { 33, 55, 67, 88} +meta l4proto { 33, 55, 67, 88};ok meta l4proto != { 33, 55, 67, 88};ok meta l4proto { 33-55, 66-88};ok meta l4proto != { 33-55, 66-88};ok @@ -55,6 +56,7 @@ meta mark and 0x03 == 0x01;ok;meta mark & 0x00000003 == 0x00000001 meta mark and 0x03 != 0x01;ok;meta mark & 0x00000003 != 0x00000001 meta mark 0x10;ok;meta mark 0x00000010 meta mark != 0x10;ok;meta mark != 0x00000010 +meta mark 0xffffff00/24;ok;meta mark & 0xffffff00 == 0xffffff00 meta mark or 0x03 == 0x01;ok;meta mark | 0x00000003 == 0x00000001 meta mark or 0x03 != 0x01;ok;meta mark | 0x00000003 != 0x00000001 @@ -101,10 +103,10 @@ meta skuid != "root";ok;meta skuid != 0 meta skuid lt 3000 accept;ok;meta skuid < 3000 accept meta skuid gt 3000 accept;ok;meta skuid > 3000 accept meta skuid eq 3000 accept;ok;meta skuid 3000 accept -meta skuid 3001-3005 accept;ok;meta skuid 3001-3005 accept -meta skuid != 2001-2005 accept;ok;meta skuid != 2001-2005 accept -meta skuid { 2001-2005, 3001-3005} accept;ok;meta skuid { 2001-2005, 3001-3005} accept -meta skuid != { 2001-2005, 3001-3005} accept;ok;meta skuid != { 2001-2005, 3001-3005} accept +meta skuid 3001-3005 accept;ok +meta skuid != 2001-2005 accept;ok +meta skuid { 2001-2005, 3001-3005} accept;ok +meta skuid != { 2001-2005, 3001-3005} accept;ok meta skgid {"bin", "root", "daemon"} accept;ok;meta skgid { 0, 1, 2} accept meta skgid != {"bin", "root", "daemon"} accept;ok;meta skgid != { 1, 0, 2} accept @@ -113,10 +115,8 @@ meta skgid != "root";ok;meta skgid != 0 meta skgid lt 3000 accept;ok;meta skgid < 3000 accept meta skgid gt 3000 accept;ok;meta skgid > 3000 accept meta skgid eq 3000 accept;ok;meta skgid 3000 accept -meta skgid 2001-2005 accept;ok;meta skgid 2001-2005 accept -meta skgid != 2001-2005 accept;ok;meta skgid != 2001-2005 accept -meta skgid { 2001-2005} accept;ok;meta skgid { 2001-2005} accept -meta skgid != { 2001-2005} accept;ok;meta skgid != { 2001-2005} accept +meta skgid 2001-2005 accept;ok +meta skgid != 2001-2005 accept;ok # BUG: meta nftrace 2 and meta nftrace 1 # $ sudo nft add rule ip test input meta nftrace 2 @@ -188,14 +188,12 @@ meta oifgroup {11-33, 44-55};ok;oifgroup {11-33, 44-55} meta oifgroup != { 11,33};ok;oifgroup != { 11,33} meta oifgroup != {11-33, 44-55};ok;oifgroup != {11-33, 44-55} -meta cgroup 1048577;ok;meta cgroup 1048577 -meta cgroup != 1048577;ok;meta cgroup != 1048577 -meta cgroup { 1048577, 1048578 };ok;meta cgroup { 1048577, 1048578} -meta cgroup != { 1048577, 1048578};ok;meta cgroup != { 1048577, 1048578} -meta cgroup 1048577-1048578;ok;meta cgroup 1048577-1048578 -meta cgroup != 1048577-1048578;ok;meta cgroup != 1048577-1048578 -meta cgroup {1048577-1048578};ok;meta cgroup { 1048577-1048578} -meta cgroup != { 1048577-1048578};ok;meta cgroup != { 1048577-1048578} +meta cgroup 1048577;ok +meta cgroup != 1048577;ok +meta cgroup { 1048577, 1048578 };ok +meta cgroup != { 1048577, 1048578};ok +meta cgroup 1048577-1048578;ok +meta cgroup != 1048577-1048578;ok meta iif . meta oif { "lo" . "lo" };ok;iif . oif { "lo" . "lo" } meta iif . meta oif . meta mark { "lo" . "lo" . 0x0000000a };ok;iif . oif . meta mark { "lo" . "lo" . 0x0000000a } @@ -210,6 +208,8 @@ meta time "2019-06-21 17:00:00" drop;ok meta time "2019-07-01 00:00:00" drop;ok meta time "2019-07-01 00:01:00" drop;ok meta time "2019-07-01 00:00:01" drop;ok +meta time < "2022-07-01 11:00:00" accept;ok +meta time > "2022-07-01 11:00:00" accept;ok meta day "Saturday" drop;ok meta day 6 drop;ok;meta day "Saturday" drop meta day "Satturday" drop;fail @@ -218,7 +218,13 @@ meta hour "17:00:00" drop;ok;meta hour "17:00" drop meta hour "17:00:01" drop;ok meta hour "00:00" drop;ok meta hour "00:01" drop;ok +time < "2022-07-01 11:00:00" accept;ok;meta time < "2022-07-01 11:00:00" accept +time > "2022-07-01 11:00:00" accept;ok;meta time > "2022-07-01 11:00:00" accept meta time "meh";fail meta hour "24:00" drop;fail meta day 7 drop;fail + +meta mark set vlan id map { 1 : 0x00000001, 4095 : 0x00004095 };ok +!map1 typeof vlan id : meta mark;ok +meta mark set vlan id map @map1;ok diff --git a/tests/py/any/meta.t.json b/tests/py/any/meta.t.json index 47dc0724..676affea 100644 --- a/tests/py/any/meta.t.json +++ b/tests/py/any/meta.t.json @@ -199,7 +199,7 @@ } ] -# meta protocol != {ip, arp, ip6, vlan} +# meta protocol != {ip, arp, ip6, 8021q} [ { "match": { @@ -212,7 +212,7 @@ "ip", "arp", "ip6", - "vlan" + "8021q" ] } } @@ -662,6 +662,26 @@ } ] +# meta mark 0xffffff00/24 +[ + { + "match": { + "left": { + "&": [ + { + "meta": { + "key": "mark" + } + }, + 4294967040 + ] + }, + "op": "==", + "right": 4294967040 + } + } +] + # meta mark or 0x03 == 0x01 [ { @@ -1476,46 +1496,6 @@ } ] -# meta skgid { 2001-2005} accept -[ - { - "match": { - "left": { - "meta": { "key": "skgid" } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 2001, 2005 ] } - ] - } - } - }, - { - "accept": null - } -] - -# meta skgid != { 2001-2005} accept -[ - { - "match": { - "left": { - "meta": { "key": "skgid" } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 2001, 2005 ] } - ] - } - } - }, - { - "accept": null - } -] - # meta mark set 0xffffffc8 xor 0x16 [ { @@ -2581,6 +2561,42 @@ } ] +# meta time < "2022-07-01 11:00:00" accept +[ + { + "match": { + "left": { + "meta": { + "key": "time" + } + }, + "op": "<", + "right": "2022-07-01 11:00:00" + } + }, + { + "accept": null + } +] + +# meta time > "2022-07-01 11:00:00" accept +[ + { + "match": { + "left": { + "meta": { + "key": "time" + } + }, + "op": ">", + "right": "2022-07-01 11:00:00" + } + }, + { + "accept": null + } +] + # meta day "Saturday" drop [ { @@ -2645,7 +2661,7 @@ } }, "op": "==", - "right": "17:00" + "right": "17:00:00" } }, { @@ -2706,3 +2722,99 @@ "drop": null } ] + +# time < "2022-07-01 11:00:00" accept +[ + { + "match": { + "left": { + "meta": { + "key": "time" + } + }, + "op": "<", + "right": "2022-07-01 11:00:00" + } + }, + { + "accept": null + } +] + +# time > "2022-07-01 11:00:00" accept +[ + { + "match": { + "left": { + "meta": { + "key": "time" + } + }, + "op": ">", + "right": "2022-07-01 11:00:00" + } + }, + { + "accept": null + } +] + +# meta mark set vlan id map { 1 : 0x00000001, 4095 : 0x00004095 } +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": { + "set": [ + [ + 1, + 1 + ], + [ + 4095, + 16533 + ] + ] + }, + "key": { + "payload": { + "field": "id", + "protocol": "vlan" + } + } + } + } + } + } +] + +# meta mark set vlan id map @map1 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": "@map1", + "key": { + "payload": { + "field": "id", + "protocol": "vlan" + } + } + } + } + } + } +] + diff --git a/tests/py/any/meta.t.json.output b/tests/py/any/meta.t.json.output index 74b934b8..d46935de 100644 --- a/tests/py/any/meta.t.json.output +++ b/tests/py/any/meta.t.json.output @@ -10,7 +10,7 @@ "set": [ "ip", "arp", - "vlan", + "8021q", "ip6" ] } @@ -18,7 +18,7 @@ } ] -# meta protocol != {ip, arp, ip6, vlan} +# meta protocol != {ip, arp, ip6, 8021q} [ { "match": { @@ -30,7 +30,7 @@ "set": [ "ip", "arp", - "vlan", + "8021q", "ip6" ] } @@ -592,24 +592,6 @@ } ] -# meta time "1970-05-23 21:07:14" drop -[ - { - "match": { - "left": { - "meta": { - "key": "time" - } - }, - "op": "==", - "right": "1970-05-23 21:07:14" - } - }, - { - "drop": null - } -] - # meta time 12341234 drop [ { @@ -628,96 +610,6 @@ } ] -# meta time "2019-06-21 17:00:00" drop -[ - { - "match": { - "left": { - "meta": { - "key": "time" - } - }, - "op": "==", - "right": "2019-06-21 17:00:00" - } - }, - { - "drop": null - } -] - -# meta time "2019-07-01 00:00:00" drop -[ - { - "match": { - "left": { - "meta": { - "key": "time" - } - }, - "op": "==", - "right": "2019-07-01 00:00:00" - } - }, - { - "drop": null - } -] - -# meta time "2019-07-01 00:01:00" drop -[ - { - "match": { - "left": { - "meta": { - "key": "time" - } - }, - "op": "==", - "right": "2019-07-01 00:01:00" - } - }, - { - "drop": null - } -] - -# meta time "2019-07-01 00:00:01" drop -[ - { - "match": { - "left": { - "meta": { - "key": "time" - } - }, - "op": "==", - "right": "2019-07-01 00:00:01" - } - }, - { - "drop": null - } -] - -# meta day "Saturday" drop -[ - { - "match": { - "left": { - "meta": { - "key": "day" - } - }, - "op": "==", - "right": "Saturday" - } - }, - { - "drop": null - } -] - # meta day 6 drop [ { @@ -736,24 +628,6 @@ } ] -# meta hour "17:00" drop -[ - { - "match": { - "left": { - "meta": { - "key": "hour" - } - }, - "op": "==", - "right": "17:00" - } - }, - { - "drop": null - } -] - # meta hour "17:00:00" drop [ { @@ -772,57 +646,3 @@ } ] -# meta hour "17:00:01" drop -[ - { - "match": { - "left": { - "meta": { - "key": "hour" - } - }, - "op": "==", - "right": "17:00:01" - } - }, - { - "drop": null - } -] - -# meta hour "00:00" drop -[ - { - "match": { - "left": { - "meta": { - "key": "hour" - } - }, - "op": "==", - "right": "00:00" - } - }, - { - "drop": null - } -] - -# meta hour "00:01" drop -[ - { - "match": { - "left": { - "meta": { - "key": "hour" - } - }, - "op": "==", - "right": "00:01" - } - }, - { - "drop": null - } -] - diff --git a/tests/py/any/meta.t.payload b/tests/py/any/meta.t.payload index 2af244a9..49dd729b 100644 --- a/tests/py/any/meta.t.payload +++ b/tests/py/any/meta.t.payload @@ -68,7 +68,7 @@ ip test-ip4 input [ meta load protocol => reg 1 ] [ lookup reg 1 set __set%d ] -# meta protocol != {ip, arp, ip6, vlan} +# meta protocol != {ip, arp, ip6, 8021q} __set%d test-ip4 3 __set%d test-ip4 0 element 00000008 : 0 [end] element 00000608 : 0 [end] element 0000dd86 : 0 [end] element 00000081 : 0 [end] @@ -136,13 +136,13 @@ ip test-ip4 input # meta mark and 0x03 == 0x01 ip test-ip4 input [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000001 ] # meta mark and 0x03 != 0x01 ip test-ip4 input [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000001 ] # meta mark 0x10 @@ -155,16 +155,22 @@ ip test-ip4 input [ meta load mark => reg 1 ] [ cmp neq reg 1 0x00000010 ] +# meta mark 0xffffff00/24 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0xffffff00 ) ^ 0x00000000 ] + [ cmp eq reg 1 0xffffff00 ] + # meta mark or 0x03 == 0x01 ip test-ip4 input [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffc ) ^ 0x00000003 ] [ cmp eq reg 1 0x00000001 ] # meta mark or 0x03 != 0x01 ip test-ip4 input [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffc ) ^ 0x00000003 ] [ cmp neq reg 1 0x00000001 ] # meta mark xor 0x03 == 0x01 @@ -631,22 +637,6 @@ ip test-ip4 input [ meta load iifgroup => reg 1 ] [ cmp neq reg 1 0x00000000 ] -# meta iifgroup {"default"} -__set%d test-ip4 3 -__set%d test-ip4 0 - element 00000000 : 0 [end] -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ lookup reg 1 set __set%d ] - -# meta iifgroup != {"default"} -__set%d test-ip4 3 -__set%d test-ip4 0 - element 00000000 : 0 [end] -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # meta iifgroup { 11,33} __set%d test-ip4 3 __set%d test-ip4 0 @@ -744,7 +734,7 @@ ip test-ip4 output # meta iif . meta oif vmap { "lo" . "lo" : drop } __map%d test-ip4 b __map%d test-ip4 0 - element 00000001 00000001 : 0 [end] + element 00000001 00000001 : drop 0 [end] ip test-ip4 output [ meta load iif => reg 1 ] [ meta load oif => reg 9 ] @@ -977,72 +967,6 @@ ip test-ip4 input [ meta load oifgroup => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# meta iif . meta oif { "lo" . "lo" , "dummy0" . "dummy0" } -__set%d test-ip4 3 size 2 -__set%d test-ip4 0 - element 00000001 00000001 : 0 [end] element 00000005 00000005 : 0 [end] -ip test-ip4 input - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ lookup reg 1 set __set%d ] - -# meta iif . meta oif . meta mark { "lo" . "lo" . 0x0000000a, "dummy0" . "dummy0" . 0x0000000b } -__set%d test-ip4 3 size 2 -__set%d test-ip4 0 - element 00000001 00000001 0000000a : 0 [end] element 00000005 00000005 0000000b : 0 [end] -ip test-ip4 input - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ meta load mark => reg 10 ] - [ lookup reg 1 set __set%d ] - -# meta iif . meta oif vmap { "lo" . "lo" : drop, "dummy0" . "dummy0" : accept } -__map%d test-ip4 b size 2 -__map%d test-ip4 0 - element 00000001 00000001 : 0 [end] element 00000005 00000005 : 0 [end] -ip test-ip4 input - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ lookup reg 1 set __map%d dreg 0 ] - -# meta skgid { 2001-2005} accept -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set __set%d ] - [ immediate reg 0 accept ] - -# meta skgid != { 2001-2005} accept -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set __set%d 0x1 ] - [ immediate reg 0 accept ] - -# meta cgroup {1048577-1048578} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 01001000 : 0 [end] element 03001000 : 1 [end] -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set __set%d ] - -# meta cgroup != { 1048577-1048578} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 01001000 : 0 [end] element 03001000 : 1 [end] -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set __set%d 0x1 ] - # meta time "1970-05-23 21:07:14" drop ip meta-test input [ meta load time => reg 1 ] @@ -1079,6 +1003,20 @@ ip meta-test input [ cmp eq reg 1 0x22eb8a00 0x15ad18e1 ] [ immediate reg 0 drop ] +# meta time < "2022-07-01 11:00:00" accept +ip test-ip4 input + [ meta load time => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 8, 8) ] + [ cmp lt reg 1 0xf3a8fd16 0x00a07719 ] + [ immediate reg 0 accept ] + +# meta time > "2022-07-01 11:00:00" accept +ip test-ip4 input + [ meta load time => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 8, 8) ] + [ cmp gt reg 1 0xf3a8fd16 0x00a07719 ] + [ immediate reg 0 accept ] + # meta day "Saturday" drop ip test-ip4 input [ meta load day => reg 1 ] @@ -1120,3 +1058,42 @@ ip meta-test input [ meta load hour => reg 1 ] [ cmp eq reg 1 0x0001359c ] [ immediate reg 0 drop ] + +# time < "2022-07-01 11:00:00" accept +ip test-ip4 input + [ meta load time => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 8, 8) ] + [ cmp lt reg 1 0xf3a8fd16 0x00a07719 ] + [ immediate reg 0 accept ] + +# time > "2022-07-01 11:00:00" accept +ip test-ip4 input + [ meta load time => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 8, 8) ] + [ cmp gt reg 1 0xf3a8fd16 0x00a07719 ] + [ immediate reg 0 accept ] + +# meta mark set vlan id map { 1 : 0x00000001, 4095 : 0x00004095 } +__map%d test-ip4 b size 2 +__map%d test-ip4 0 + element 00000100 : 00000001 0 [end] element 0000ff0f : 00004095 0 [end] +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# meta mark set vlan id map @map1 +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set map1 dreg 1 ] + [ meta set mark with reg 1 ] diff --git a/tests/py/any/meta.t.payload.bridge b/tests/py/any/meta.t.payload.bridge new file mode 100644 index 00000000..5997ccc7 --- /dev/null +++ b/tests/py/any/meta.t.payload.bridge @@ -0,0 +1,20 @@ +# meta mark set vlan id map { 1 : 0x00000001, 4095 : 0x00004095 } +__map%d test-bridge b size 2 +__map%d test-bridge 0 + element 00000100 : 00000001 0 [end] element 0000ff0f : 00004095 0 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# meta mark set vlan id map @map1 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set map1 dreg 1 ] + [ meta set mark with reg 1 ] diff --git a/tests/py/any/objects.t b/tests/py/any/objects.t index 89a9545f..7b51f918 100644 --- a/tests/py/any/objects.t +++ b/tests/py/any/objects.t @@ -1,12 +1,13 @@ :output;type filter hook output priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;output *ip6;test-ip6;output *inet;test-inet;output *arp;test-arp;output *bridge;test-bridge;output -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress %cnt1 type counter;ok %qt1 type quota 25 mbytes;ok diff --git a/tests/py/any/queue.t b/tests/py/any/queue.t index 75c071dd..2e511362 100644 --- a/tests/py/any/queue.t +++ b/tests/py/any/queue.t @@ -3,16 +3,31 @@ *ip;test-ip4;output *ip6;test-ip6;output *inet;test-inet;output -*arp;test-arp;output *bridge;test-bridge;output -queue;ok;queue num 0 -queue num 2;ok -queue num 65535;ok +queue;ok;queue to 0 +queue num 2;ok;queue to 2 +queue num 65535;ok;queue to 65535 queue num 65536;fail -queue num 2-3;ok -queue num 1-65535;ok -- queue num {3, 4, 6};ok -queue num 4-5 fanout bypass;ok;queue num 4-5 bypass,fanout -queue num 4-5 fanout;ok -queue num 4-5 bypass;ok +queue num 2-3;ok;queue to 2-3 +queue num 1-65535;ok;queue to 1-65535 +queue num 4-5 fanout bypass;ok;queue flags bypass,fanout to 4-5 +queue num 4-5 fanout;ok;queue flags fanout to 4-5 +queue num 4-5 bypass;ok;queue flags bypass to 4-5 + +queue to symhash mod 2 offset 65536;fail +queue num symhash mod 65536;fail +queue to symhash mod 65536;ok +queue flags fanout to symhash mod 65536;fail +queue flags bypass,fanout to symhash mod 65536;fail +queue flags bypass to numgen inc mod 65536;ok +queue to jhash oif . meta mark mod 32;ok +queue to 2;ok +queue to 65535;ok +queue flags bypass to 65535;ok +queue flags bypass to 1-65535;ok +queue flags bypass,fanout to 1-65535;ok +queue to 1-65535;ok +queue to oif;fail +queue num oif;fail +queue flags bypass to oifname map { "eth0" : 0, "ppp0" : 2, "eth1" : 2 };ok diff --git a/tests/py/any/queue.t.json b/tests/py/any/queue.t.json index 48e86727..5f7f9014 100644 --- a/tests/py/any/queue.t.json +++ b/tests/py/any/queue.t.json @@ -84,3 +84,168 @@ } ] +# queue to symhash mod 65536 +[ + { + "queue": { + "num": { + "symhash": { + "mod": 65536 + } + } + } + } +] + +# queue flags bypass to numgen inc mod 65536 +[ + { + "queue": { + "flags": "bypass", + "num": { + "numgen": { + "mod": 65536, + "mode": "inc", + "offset": 0 + } + } + } + } +] + +# queue to jhash oif . meta mark mod 32 +[ + { + "queue": { + "num": { + "jhash": { + "expr": { + "concat": [ + { + "meta": { + "key": "oif" + } + }, + { + "meta": { + "key": "mark" + } + } + ] + }, + "mod": 32 + } + } + } + } +] + +# queue flags bypass to oifname map { "eth0" : 0, "ppp0" : 2, "eth1" : 2 } +[ + { + "queue": { + "flags": "bypass", + "num": { + "map": { + "data": { + "set": [ + [ + "eth0", + 0 + ], + [ + "ppp0", + 2 + ], + [ + "eth1", + 2 + ] + ] + }, + "key": { + "meta": { + "key": "oifname" + } + } + } + } + } + } +] + +# queue to 2 +[ + { + "queue": { + "num": 2 + } + } +] + +# queue to 65535 +[ + { + "queue": { + "num": 65535 + } + } +] + +# queue flags bypass to 65535 +[ + { + "queue": { + "flags": "bypass", + "num": 65535 + } + } +] + +# queue flags bypass to 1-65535 +[ + { + "queue": { + "flags": "bypass", + "num": { + "range": [ + 1, + 65535 + ] + } + } + } +] + +# queue flags bypass,fanout to 1-65535 +[ + { + "queue": { + "flags": [ + "bypass", + "fanout" + ], + "num": { + "range": [ + 1, + 65535 + ] + } + } + } +] + +# queue to 1-65535 +[ + { + "queue": { + "num": { + "range": [ + 1, + 65535 + ] + } + } + } +] + diff --git a/tests/py/any/queue.t.payload b/tests/py/any/queue.t.payload index 78d939c6..2f221930 100644 --- a/tests/py/any/queue.t.payload +++ b/tests/py/any/queue.t.payload @@ -30,3 +30,52 @@ ip test-ip4 output ip test-ip4 output [ queue num 4-5 bypass ] +# queue to symhash mod 65536 +ip + [ hash reg 1 = symhash() % mod 65536 ] + [ queue sreg_qnum 1 ] + +# queue to jhash oif . meta mark mod 32 +ip + [ meta load oif => reg 2 ] + [ meta load mark => reg 13 ] + [ hash reg 1 = jhash(reg 2, 8, 0x0) % mod 32 ] + [ queue sreg_qnum 1 ] + +# queue flags bypass to numgen inc mod 65536 +ip + [ numgen reg 1 = inc mod 65536 ] + [ queue sreg_qnum 1 bypass ] + +# queue flags bypass to oifname map { "eth0" : 0, "ppp0" : 2, "eth1" : 2 } +__map%d test-ip4 b size 3 +__map%d test-ip4 0 + element 30687465 00000000 00000000 00000000 : 00000000 0 [end] element 30707070 00000000 00000000 00000000 : 00000002 0 [end] element 31687465 00000000 00000000 00000000 : 00000002 0 [end] +ip + [ meta load oifname => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ queue sreg_qnum 1 bypass ] + +# queue to 2 +ip + [ queue num 2 ] + +# queue to 65535 +ip + [ queue num 65535 ] + +# queue flags bypass to 65535 +ip + [ queue num 65535 bypass ] + +# queue flags bypass to 1-65535 +ip + [ queue num 1-65535 bypass ] + +# queue flags bypass,fanout to 1-65535 +ip + [ queue num 1-65535 bypass fanout ] + +# queue to 1-65535 +ip + [ queue num 1-65535 ] diff --git a/tests/py/any/quota.t b/tests/py/any/quota.t index 9a8db114..79dd7654 100644 --- a/tests/py/any/quota.t +++ b/tests/py/any/quota.t @@ -1,12 +1,13 @@ :output;type filter hook output priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;output *ip6;test-ip6;output *inet;test-inet;output *arp;test-arp;output *bridge;test-bridge;output -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress quota 1025 bytes;ok quota 1 kbytes;ok diff --git a/tests/py/any/rawpayload.t b/tests/py/any/rawpayload.t index c3382a96..5bc9d35f 100644 --- a/tests/py/any/rawpayload.t +++ b/tests/py/any/rawpayload.t @@ -1,19 +1,24 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress meta l4proto { tcp, udp, sctp} @th,16,16 { 22, 23, 80 };ok;meta l4proto { 6, 17, 132} th dport { 22, 23, 80} meta l4proto tcp @th,16,16 { 22, 23, 80};ok;tcp dport { 22, 23, 80} -@nh,8,8 255;ok -@nh,8,16 0;ok +@nh,8,8 0xff;ok +@nh,8,16 0x0;ok # out of range (0-1) @th,16,1 2;fail @ll,0,0 2;fail @ll,0,1;fail -@ll,0,1 1;ok;@ll,0,8 & 128 == 128 -@ll,0,8 and 0x80 eq 0x80;ok;@ll,0,8 & 128 == 128 -@ll,0,128 0xfedcba987654321001234567890abcde;ok;@ll,0,128 338770000845734292516042252062074518750 +@ll,0,1 1;ok;@ll,0,8 & 0x80 == 0x80 +@ll,0,8 & 0x80 == 0x80;ok +@ll,0,128 0xfedcba987654321001234567890abcde;ok + +meta l4proto 91 @th,400,16 0x0 accept;ok + +@ih,32,32 0x14000000;ok diff --git a/tests/py/any/rawpayload.t.json b/tests/py/any/rawpayload.t.json index 22028ad8..4cae4d49 100644 --- a/tests/py/any/rawpayload.t.json +++ b/tests/py/any/rawpayload.t.json @@ -66,7 +66,7 @@ } ] -# @nh,8,8 255 +# @nh,8,8 0xff [ { "match": { @@ -78,12 +78,12 @@ } }, "op": "==", - "right": 255 + "right": "0xff" } } ] -# @nh,8,16 0 +# @nh,8,16 0x0 [ { "match": { @@ -117,7 +117,7 @@ } ] -# @ll,0,8 and 0x80 eq 0x80 +# @ll,0,8 & 0x80 == 0x80 [ { "match": { @@ -156,3 +156,51 @@ } ] +# meta l4proto 91 @th,400,16 0x0 accept +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 91 + } + }, + { + "match": { + "left": { + "payload": { + "base": "th", + "len": 16, + "offset": 400 + } + }, + "op": "==", + "right": 0 + } + }, + { + "accept": null + } +] + +# @ih,32,32 0x14000000 +[ + { + "match": { + "left": { + "payload": { + "base": "ih", + "len": 32, + "offset": 32 + } + }, + "op": "==", + "right": 335544320 + } + } +] + diff --git a/tests/py/any/rawpayload.t.json.output b/tests/py/any/rawpayload.t.json.output index ccadbc57..291b237a 100644 --- a/tests/py/any/rawpayload.t.json.output +++ b/tests/py/any/rawpayload.t.json.output @@ -79,7 +79,7 @@ } ] -# @ll,0,8 and 0x80 eq 0x80 +# @ll,0,8 & 0x80 == 0x80 [ { "match": { @@ -101,3 +101,19 @@ } ] +# @nh,8,8 0xff +[ + { + "match": { + "left": { + "payload": { + "base": "nh", + "len": 8, + "offset": 8 + } + }, + "op": "==", + "right": 255 + } + } +] diff --git a/tests/py/any/rawpayload.t.payload b/tests/py/any/rawpayload.t.payload index a2cc6635..fe2377e6 100644 --- a/tests/py/any/rawpayload.t.payload +++ b/tests/py/any/rawpayload.t.payload @@ -21,12 +21,12 @@ inet test-inet input [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] -# @nh,8,8 255 +# @nh,8,8 0xff inet test-inet input [ payload load 1b @ network header + 1 => reg 1 ] [ cmp eq reg 1 0x000000ff ] -# @nh,8,16 0 +# @nh,8,16 0x0 inet test-inet input [ payload load 2b @ network header + 1 => reg 1 ] [ cmp eq reg 1 0x00000000 ] @@ -34,16 +34,30 @@ inet test-inet input # @ll,0,1 1 inet test-inet input [ payload load 1b @ link header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000080 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000080 ] -# @ll,0,8 and 0x80 eq 0x80 +# @ll,0,8 & 0x80 == 0x80 inet test-inet input [ payload load 1b @ link header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000080 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000080 ] # @ll,0,128 0xfedcba987654321001234567890abcde inet test-inet input [ payload load 16b @ link header + 0 => reg 1 ] [ cmp eq reg 1 0x98badcfe 0x10325476 0x67452301 0xdebc0a89 ] + +# meta l4proto 91 @th,400,16 0x0 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000005b ] + [ payload load 2b @ transport header + 50 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + [ immediate reg 0 accept ] + +# @ih,32,32 0x14000000 +inet test-inet input + [ payload load 4b @ inner header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000014 ] + diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t index 08b1dcb3..177f01c4 100644 --- a/tests/py/any/tcpopt.t +++ b/tests/py/any/tcpopt.t @@ -4,17 +4,16 @@ *ip6;test-ip6;input *inet;test-inet;input -tcp option eol kind 1;ok -tcp option noop kind 1;ok -tcp option maxseg kind 1;ok +tcp option eol exists;ok +tcp option nop exists;ok +tcp option maxseg exists;ok tcp option maxseg length 1;ok tcp option maxseg size 1;ok -tcp option window kind 1;ok tcp option window length 1;ok tcp option window count 1;ok -tcp option sack-permitted kind 1;ok -tcp option sack-permitted length 1;ok -tcp option sack kind 1;ok +tcp option sack-perm exists;ok +tcp option sack-perm length 1;ok +tcp option sack exists;ok tcp option sack length 1;ok tcp option sack left 1;ok tcp option sack0 left 1;ok;tcp option sack left 1 @@ -26,20 +25,38 @@ tcp option sack0 right 1;ok;tcp option sack right 1 tcp option sack1 right 1;ok tcp option sack2 right 1;ok tcp option sack3 right 1;ok -tcp option timestamp kind 1;ok +tcp option timestamp exists;ok tcp option timestamp length 1;ok tcp option timestamp tsval 1;ok tcp option timestamp tsecr 1;ok +tcp option 255 missing;ok +tcp option 6 exists;ok +tcp option @255,8,8 255;ok tcp option foobar;fail tcp option foo bar;fail tcp option eol left;fail tcp option eol left 1;fail -tcp option eol left 1;fail tcp option sack window;fail tcp option sack window 1;fail +tcp option 256 exists;fail +tcp option @255,8,8 256;fail tcp option window exists;ok tcp option window missing;ok tcp option maxseg size set 1360;ok + +tcp option md5sig exists;ok +tcp option fastopen exists;ok +tcp option mptcp exists;ok + +tcp option mptcp subtype 0;ok +tcp option mptcp subtype 1;ok +tcp option mptcp subtype { 0, 2};ok + +reset tcp option mptcp;ok +reset tcp option 2;ok;reset tcp option maxseg +reset tcp option 123;ok +reset tcp option meh;fail +reset tcp option 256;fail diff --git a/tests/py/any/tcpopt.t.json b/tests/py/any/tcpopt.t.json index 48eb339c..87074b9d 100644 --- a/tests/py/any/tcpopt.t.json +++ b/tests/py/any/tcpopt.t.json @@ -1,47 +1,44 @@ -# tcp option eol kind 1 +# tcp option eol exists [ { "match": { "left": { "tcp option": { - "field": "kind", "name": "eol" } }, "op": "==", - "right": 1 + "right": true } } ] -# tcp option noop kind 1 +# tcp option nop exists [ { "match": { "left": { "tcp option": { - "field": "kind", - "name": "noop" + "name": "nop" } }, "op": "==", - "right": 1 + "right": true } } ] -# tcp option maxseg kind 1 +# tcp option maxseg exists [ { "match": { "left": { "tcp option": { - "field": "kind", "name": "maxseg" } }, "op": "==", - "right": 1 + "right": true } } ] @@ -78,22 +75,6 @@ } ] -# tcp option window kind 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "kind", - "name": "window" - } - }, - "op": "==", - "right": 1 - } - } -] - # tcp option window length 1 [ { @@ -126,30 +107,29 @@ } ] -# tcp option sack-permitted kind 1 +# tcp option sack-perm exists [ { "match": { "left": { "tcp option": { - "field": "kind", - "name": "sack-permitted" + "name": "sack-perm" } }, "op": "==", - "right": 1 + "right": true } } ] -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 [ { "match": { "left": { "tcp option": { "field": "length", - "name": "sack-permitted" + "name": "sack-perm" } }, "op": "==", @@ -158,18 +138,17 @@ } ] -# tcp option sack kind 1 +# tcp option sack exists [ { "match": { "left": { "tcp option": { - "field": "kind", "name": "sack" } }, "op": "==", - "right": 1 + "right": true } } ] @@ -350,18 +329,17 @@ } ] -# tcp option timestamp kind 1 +# tcp option timestamp exists [ { "match": { "left": { "tcp option": { - "field": "kind", "name": "timestamp" } }, "op": "==", - "right": 1 + "right": true } } ] @@ -414,6 +392,57 @@ } ] +# tcp option 255 missing +[ + { + "match": { + "left": { + "tcp option": { + "base": 255, + "len": 8, + "offset": 0 + } + }, + "op": "==", + "right": false + } + } +] + +# tcp option 6 exists +[ + { + "match": { + "left": { + "tcp option": { + "base": 6, + "len": 8, + "offset": 0 + } + }, + "op": "==", + "right": true + } + } +] + +# tcp option @255,8,8 255 +[ + { + "match": { + "left": { + "tcp option": { + "base": 255, + "len": 8, + "offset": 8 + } + }, + "op": "==", + "right": 255 + } + } +] + # tcp option window exists [ { @@ -459,3 +488,135 @@ } ] +# tcp option md5sig exists +[ + { + "match": { + "left": { + "tcp option": { + "name": "md5sig" + } + }, + "op": "==", + "right": true + } + } +] + +# tcp option fastopen exists +[ + { + "match": { + "left": { + "tcp option": { + "name": "fastopen" + } + }, + "op": "==", + "right": true + } + } +] + +# tcp option mptcp exists +[ + { + "match": { + "left": { + "tcp option": { + "name": "mptcp" + } + }, + "op": "==", + "right": true + } + } +] + +# tcp option mptcp subtype 0 +[ + { + "match": { + "left": { + "tcp option": { + "field": "subtype", + "name": "mptcp" + } + }, + "op": "==", + "right": 0 + } + } +] + +# tcp option mptcp subtype 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "subtype", + "name": "mptcp" + } + }, + "op": "==", + "right": 1 + } + } +] + +# tcp option mptcp subtype { 0, 2} +[ + { + "match": { + "left": { + "tcp option": { + "field": "subtype", + "name": "mptcp" + } + }, + "op": "==", + "right": { + "set": [ + 0, + 2 + ] + } + } + } +] + +# reset tcp option mptcp +[ + { + "reset": { + "tcp option": { + "name": "mptcp" + } + } + } +] + +# reset tcp option 2 +[ + { + "reset": { + "tcp option": { + "name": "maxseg" + } + } + } +] + +# reset tcp option 123 +[ + { + "reset": { + "tcp option": { + "base": 123, + "len": 0, + "offset": 0 + } + } + } +] diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload index 63751cf2..99b8985f 100644 --- a/tests/py/any/tcpopt.t.payload +++ b/tests/py/any/tcpopt.t.payload @@ -1,603 +1,202 @@ -# tcp option eol kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option eol kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option eol kind 1 +# tcp option eol exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option noop kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option noop kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ] + [ exthdr load tcpopt 1b @ 0 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option noop kind 1 +# tcp option nop exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ] + [ exthdr load tcpopt 1b @ 1 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option maxseg kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg kind 1 +# tcp option maxseg exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg length 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg length 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 1 => reg 1 ] + [ exthdr load tcpopt 1b @ 2 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option maxseg length 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 2 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option maxseg size 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] - -# tcp option maxseg size 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] - -# tcp option maxseg size 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ] [ cmp eq reg 1 0x00000100 ] -# tcp option window kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window kind 1 -inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window length 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window length 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - # tcp option window length 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option window count 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window count 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window count 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack-permitted kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack-permitted kind 1 +# tcp option sack-perm exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] + [ exthdr load tcpopt 1b @ 4 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted length 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack-permitted length 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack kind 1 +# tcp option sack exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack length 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack length 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 1 => reg 1 ] + [ exthdr load tcpopt 1b @ 5 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option sack length 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 5 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option sack left 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack left 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack left 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack0 left 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack0 left 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack0 left 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack1 left 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 10 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack1 left 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 10 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack1 left 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 10 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack2 left 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 18 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack2 left 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 18 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack2 left 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 18 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack3 left 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 26 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack3 left 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 26 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack3 left 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 26 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack right 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack right 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack right 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack0 right 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack0 right 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack0 right 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack1 right 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 14 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack1 right 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 14 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack1 right 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 14 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack2 right 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 22 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack2 right 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 22 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack2 right 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 22 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack3 right 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack3 right 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack3 right 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ] [ cmp eq reg 1 0x01000000 ] -# tcp option timestamp kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option timestamp kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option timestamp kind 1 +# tcp option timestamp exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option timestamp length 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option timestamp length 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 1 => reg 1 ] + [ exthdr load tcpopt 1b @ 8 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option timestamp length 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 8 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option timestamp tsval 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 8 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option timestamp tsval 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 8 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option timestamp tsval 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 8 + 2 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option timestamp tsecr 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 8 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option timestamp tsecr 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 8 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option timestamp tsecr 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 8 + 6 => reg 1 ] [ cmp eq reg 1 0x01000000 ] -# tcp option window exists -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] - [ cmp eq reg 1 0x00000001 ] +# tcp option 255 missing +inet + [ exthdr load tcpopt 1b @ 255 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000000 ] -# tcp option window exists -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] +# tcp option 6 exists +inet + [ exthdr load tcpopt 1b @ 6 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] +# tcp option @255,8,8 255 +inet + [ exthdr load tcpopt 1b @ 255 + 1 => reg 1 ] + [ cmp eq reg 1 0x000000ff ] + # tcp option window exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option window missing -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# tcp option window missing -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# tcp option window missing inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000000 ] # tcp option maxseg size set 1360 -ip +inet [ immediate reg 1 0x00005005 ] [ exthdr write tcpopt reg 1 => 2b @ 2 + 2 ] -# tcp option maxseg size set 1360 -ip6 - [ immediate reg 1 0x00005005 ] - [ exthdr write tcpopt reg 1 => 2b @ 2 + 2 ] +# tcp option md5sig exists +inet + [ exthdr load tcpopt 1b @ 19 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] -# tcp option maxseg size set 1360 -inet - [ immediate reg 1 0x00005005 ] - [ exthdr write tcpopt reg 1 => 2b @ 2 + 2 ] +# tcp option fastopen exists +inet + [ exthdr load tcpopt 1b @ 34 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# tcp option mptcp exists +inet + [ exthdr load tcpopt 1b @ 30 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# tcp option mptcp subtype 0 +inet + [ exthdr load tcpopt 1b @ 30 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] +# tcp option mptcp subtype 1 +inet + [ exthdr load tcpopt 1b @ 30 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000010 ] + +# tcp option mptcp subtype { 0, 2} +__set%d test-inet 3 size 2 +__set%d test-inet 0 + element 00000000 : 0 [end] element 00000020 : 0 [end] +inet + [ exthdr load tcpopt 1b @ 30 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] + [ lookup reg 1 set __set%d ] + +# reset tcp option mptcp +ip test-ip4 input + [ exthdr reset tcpopt 30 ] + +# reset tcp option 2 +ip test-ip4 input + [ exthdr reset tcpopt 2 ] + +# reset tcp option 123 +ip test-ip4 input + [ exthdr reset tcpopt 123 ] |