summaryrefslogtreecommitdiffstats
path: root/tests/py/inet
diff options
context:
space:
mode:
Diffstat (limited to 'tests/py/inet')
-rw-r--r--tests/py/inet/ah.t2
-rw-r--r--tests/py/inet/dccp.t.json18
-rw-r--r--tests/py/inet/dccp.t.payload8
-rw-r--r--tests/py/inet/esp.t1
-rw-r--r--tests/py/inet/esp.t.json20
-rw-r--r--tests/py/inet/ether.t.payload.bridge21
-rw-r--r--tests/py/inet/ether.t.payload.ip23
-rw-r--r--tests/py/inet/reject.t33
-rw-r--r--tests/py/inet/reject.t.json.output194
-rw-r--r--tests/py/inet/reject.t.payload.inet104
-rw-r--r--tests/py/inet/rt.t5
-rw-r--r--tests/py/inet/sets.t.payload.bridge2
-rw-r--r--tests/py/inet/sets.t.payload.inet2
-rw-r--r--tests/py/inet/sets.t.payload.netdev4
-rw-r--r--tests/py/inet/synproxy.t.json32
15 files changed, 60 insertions, 409 deletions
diff --git a/tests/py/inet/ah.t b/tests/py/inet/ah.t
index 8544d9dd..945db996 100644
--- a/tests/py/inet/ah.t
+++ b/tests/py/inet/ah.t
@@ -6,8 +6,6 @@
*inet;test-inet;input
*netdev;test-netdev;ingress
-# nexthdr Bug to list table.
-
- ah nexthdr esp;ok
- ah nexthdr ah;ok
- ah nexthdr comp;ok
diff --git a/tests/py/inet/dccp.t.json b/tests/py/inet/dccp.t.json
index 9260fbc5..97e33c14 100644
--- a/tests/py/inet/dccp.t.json
+++ b/tests/py/inet/dccp.t.json
@@ -98,24 +98,6 @@
}
]
-# dccp sport ftp-data - re-mail-ck
-[
- {
- "match": {
- "left": {
- "payload": {
- "field": "sport",
- "protocol": "dccp"
- }
- },
- "op": "==",
- "right": {
- "range": [ "ftp-data", "re-mail-ck" ]
- }
- }
- }
-]
-
# dccp sport 20-50
[
{
diff --git a/tests/py/inet/dccp.t.payload b/tests/py/inet/dccp.t.payload
index b830aa4f..b252d829 100644
--- a/tests/py/inet/dccp.t.payload
+++ b/tests/py/inet/dccp.t.payload
@@ -43,14 +43,6 @@ inet test-inet input
[ payload load 2b @ transport header + 0 => reg 1 ]
[ lookup reg 1 set __set%d ]
-# dccp sport ftp-data - re-mail-ck
-inet test-inet input
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000021 ]
- [ payload load 2b @ transport header + 0 => reg 1 ]
- [ cmp gte reg 1 0x00001400 ]
- [ cmp lte reg 1 0x00003200 ]
-
# dccp sport 20-50
inet test-inet input
[ meta load l4proto => reg 1 ]
diff --git a/tests/py/inet/esp.t b/tests/py/inet/esp.t
index e79eeada..ebba7d87 100644
--- a/tests/py/inet/esp.t
+++ b/tests/py/inet/esp.t
@@ -13,6 +13,7 @@ esp spi != 111-222;ok
esp spi { 100, 102};ok
esp spi != { 100, 102};ok
esp spi { 100-102};ok
+esp spi != { 100-102};ok
- esp spi {100-102};ok
esp sequence 22;ok
diff --git a/tests/py/inet/esp.t.json b/tests/py/inet/esp.t.json
index 84ea9eea..ee690f96 100644
--- a/tests/py/inet/esp.t.json
+++ b/tests/py/inet/esp.t.json
@@ -128,6 +128,26 @@
}
]
+# esp spi != { 100-102}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "spi",
+ "protocol": "esp"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ { "range": [ 100, 102 ] }
+ ]
+ }
+ }
+ }
+]
+
# esp sequence 22
[
{
diff --git a/tests/py/inet/ether.t.payload.bridge b/tests/py/inet/ether.t.payload.bridge
index 4a6bccbe..e9208008 100644
--- a/tests/py/inet/ether.t.payload.bridge
+++ b/tests/py/inet/ether.t.payload.bridge
@@ -1,17 +1,3 @@
-# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept
-bridge test-bridge input
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
- [ payload load 2b @ transport header + 2 => reg 1 ]
- [ cmp eq reg 1 0x00001600 ]
- [ meta load iiftype => reg 1 ]
- [ cmp eq reg 1 0x00000001 ]
- [ payload load 6b @ link header + 6 => reg 1 ]
- [ cmp eq reg 1 0x0c540f00 0x00000411 ]
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
- [ immediate reg 0 accept ]
-
# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept
bridge test-bridge input
[ meta load l4proto => reg 1 ]
@@ -40,10 +26,3 @@ bridge test-bridge input
[ cmp eq reg 1 0x0c540f00 0x00000411 ]
[ immediate reg 0 accept ]
-# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4
-bridge test-bridge input
- [ payload load 6b @ link header + 6 => reg 1 ]
- [ cmp eq reg 1 0x0c540f00 0x00000411 ]
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
-
diff --git a/tests/py/inet/ether.t.payload.ip b/tests/py/inet/ether.t.payload.ip
index 196930fd..a604f603 100644
--- a/tests/py/inet/ether.t.payload.ip
+++ b/tests/py/inet/ether.t.payload.ip
@@ -1,17 +1,3 @@
-# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept
-ip test-ip4 input
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
- [ payload load 2b @ transport header + 2 => reg 1 ]
- [ cmp eq reg 1 0x00001600 ]
- [ meta load iiftype => reg 1 ]
- [ cmp eq reg 1 0x00000001 ]
- [ payload load 6b @ link header + 6 => reg 1 ]
- [ cmp eq reg 1 0x0c540f00 0x00000411 ]
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
- [ immediate reg 0 accept ]
-
# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept
ip test-ip4 input
[ meta load l4proto => reg 1 ]
@@ -44,12 +30,3 @@ ip test-ip4 input
[ cmp eq reg 1 0x0c540f00 0x00000411 ]
[ immediate reg 0 accept ]
-# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4
-ip test-ip4 input
- [ meta load iiftype => reg 1 ]
- [ cmp eq reg 1 0x00000001 ]
- [ payload load 6b @ link header + 6 => reg 1 ]
- [ cmp eq reg 1 0x0c540f00 0x00000411 ]
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
-
diff --git a/tests/py/inet/reject.t b/tests/py/inet/reject.t
index 0e8966c9..a9ecd2ea 100644
--- a/tests/py/inet/reject.t
+++ b/tests/py/inet/reject.t
@@ -2,33 +2,32 @@
*inet;test-inet;input
-# The output is specific for inet family
-reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable
-reject with icmp type net-unreachable;ok;meta nfproto ipv4 reject with icmp type net-unreachable
-reject with icmp type prot-unreachable;ok;meta nfproto ipv4 reject with icmp type prot-unreachable
-reject with icmp type port-unreachable;ok;meta nfproto ipv4 reject
-reject with icmp type net-prohibited;ok;meta nfproto ipv4 reject with icmp type net-prohibited
-reject with icmp type host-prohibited;ok;meta nfproto ipv4 reject with icmp type host-prohibited
-reject with icmp type admin-prohibited;ok;meta nfproto ipv4 reject with icmp type admin-prohibited
-
-reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route
-reject with icmpv6 type admin-prohibited;ok;meta nfproto ipv6 reject with icmpv6 type admin-prohibited
-reject with icmpv6 type addr-unreachable;ok;meta nfproto ipv6 reject with icmpv6 type addr-unreachable
-reject with icmpv6 type port-unreachable;ok;meta nfproto ipv6 reject
+reject with icmp type host-unreachable;ok
+reject with icmp type net-unreachable;ok
+reject with icmp type prot-unreachable;ok
+reject with icmp type port-unreachable;ok
+reject with icmp type net-prohibited;ok
+reject with icmp type host-prohibited;ok
+reject with icmp type admin-prohibited;ok
+
+reject with icmpv6 type no-route;ok
+reject with icmpv6 type admin-prohibited;ok
+reject with icmpv6 type addr-unreachable;ok
+reject with icmpv6 type port-unreachable;ok
mark 12345 reject with tcp reset;ok;meta l4proto 6 meta mark 0x00003039 reject with tcp reset
reject;ok
-meta nfproto ipv4 reject;ok
-meta nfproto ipv6 reject;ok
+meta nfproto ipv4 reject;ok;reject with icmp type port-unreachable
+meta nfproto ipv6 reject;ok;reject with icmpv6 type port-unreachable
reject with icmpx type host-unreachable;ok
reject with icmpx type no-route;ok
reject with icmpx type admin-prohibited;ok
reject with icmpx type port-unreachable;ok;reject
-meta nfproto ipv4 reject with icmp type host-unreachable;ok
-meta nfproto ipv6 reject with icmpv6 type no-route;ok
+meta nfproto ipv4 reject with icmp type host-unreachable;ok;reject with icmp type host-unreachable
+meta nfproto ipv6 reject with icmpv6 type no-route;ok;reject with icmpv6 type no-route
meta nfproto ipv6 reject with icmp type host-unreachable;fail
meta nfproto ipv4 ip protocol icmp reject with icmpv6 type no-route;fail
diff --git a/tests/py/inet/reject.t.json.output b/tests/py/inet/reject.t.json.output
index 73846fb0..043617a7 100644
--- a/tests/py/inet/reject.t.json.output
+++ b/tests/py/inet/reject.t.json.output
@@ -1,145 +1,73 @@
-# reject with icmp type host-unreachable
+# mark 12345 reject with tcp reset
[
{
"match": {
"left": {
- "meta": { "key": "nfproto" }
+ "meta": { "key": "l4proto" }
},
"op": "==",
- "right": "ipv4"
+ "right": 6
}
},
{
- "reject": {
- "expr": "host-unreachable",
- "type": "icmp"
- }
- }
-]
-
-# reject with icmp type net-unreachable
-[
- {
"match": {
"left": {
- "meta": { "key": "nfproto" }
+ "meta": { "key": "mark" }
},
"op": "==",
- "right": "ipv4"
+ "right": 12345
}
},
{
"reject": {
- "expr": "net-unreachable",
- "type": "icmp"
+ "type": "tcp reset"
}
}
]
-# reject with icmp type prot-unreachable
+# reject
[
{
- "match": {
- "left": {
- "meta": { "key": "nfproto" }
- },
- "op": "==",
- "right": "ipv4"
- }
- },
- {
"reject": {
- "expr": "prot-unreachable",
- "type": "icmp"
- }
- }
-]
-
-# reject with icmp type port-unreachable
-[
- {
- "match": {
- "left": {
- "meta": { "key": "nfproto" }
- },
- "op": "==",
- "right": "ipv4"
+ "expr": "port-unreachable",
+ "type": "icmpx"
}
- },
- {
- "reject": null
}
]
-# reject with icmp type net-prohibited
+# meta nfproto ipv4 reject
[
{
- "match": {
- "left": {
- "meta": { "key": "nfproto" }
- },
- "op": "==",
- "right": "ipv4"
- }
- },
- {
"reject": {
- "expr": "net-prohibited",
+ "expr": "port-unreachable",
"type": "icmp"
}
}
]
-# reject with icmp type host-prohibited
+# meta nfproto ipv6 reject
[
{
- "match": {
- "left": {
- "meta": { "key": "nfproto" }
- },
- "op": "==",
- "right": "ipv4"
- }
- },
- {
"reject": {
- "expr": "host-prohibited",
- "type": "icmp"
+ "expr": "port-unreachable",
+ "type": "icmpv6"
}
}
]
-# reject with icmp type admin-prohibited
+# meta nfproto ipv4 reject with icmp type host-unreachable
[
{
- "match": {
- "left": {
- "meta": { "key": "nfproto" }
- },
- "op": "==",
- "right": "ipv4"
- }
- },
- {
"reject": {
- "expr": "admin-prohibited",
+ "expr": "host-unreachable",
"type": "icmp"
}
}
]
-# reject with icmpv6 type no-route
+# meta nfproto ipv6 reject with icmpv6 type no-route
[
{
- "match": {
- "left": {
- "meta": { "key": "nfproto" }
- },
- "op": "==",
- "right": "ipv6"
- }
- },
- {
"reject": {
"expr": "no-route",
"type": "icmpv6"
@@ -147,91 +75,3 @@
}
]
-# reject with icmpv6 type admin-prohibited
-[
- {
- "match": {
- "left": {
- "meta": { "key": "nfproto" }
- },
- "op": "==",
- "right": "ipv6"
- }
- },
- {
- "reject": {
- "expr": "admin-prohibited",
- "type": "icmpv6"
- }
- }
-]
-
-# reject with icmpv6 type addr-unreachable
-[
- {
- "match": {
- "left": {
- "meta": { "key": "nfproto" }
- },
- "op": "==",
- "right": "ipv6"
- }
- },
- {
- "reject": {
- "expr": "addr-unreachable",
- "type": "icmpv6"
- }
- }
-]
-
-# reject with icmpv6 type port-unreachable
-[
- {
- "match": {
- "left": {
- "meta": { "key": "nfproto" }
- },
- "op": "==",
- "right": "ipv6"
- }
- },
- {
- "reject": null
- }
-]
-
-# mark 12345 reject with tcp reset
-[
- {
- "match": {
- "left": {
- "meta": { "key": "l4proto" }
- },
- "op": "==",
- "right": 6
- }
- },
- {
- "match": {
- "left": {
- "meta": { "key": "mark" }
- },
- "op": "==",
- "right": 12345
- }
- },
- {
- "reject": {
- "type": "tcp reset"
- }
- }
-]
-
-# reject with icmpx type port-unreachable
-[
- {
- "reject": null
- }
-]
-
diff --git a/tests/py/inet/reject.t.payload.inet b/tests/py/inet/reject.t.payload.inet
index ee1aae02..3f220282 100644
--- a/tests/py/inet/reject.t.payload.inet
+++ b/tests/py/inet/reject.t.payload.inet
@@ -116,110 +116,6 @@ inet test-inet input
[ cmp eq reg 1 0x0000000a ]
[ reject type 0 code 0 ]
-# reject with icmp type prot-unreachable
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
- [ reject type 0 code 2 ]
-
-# reject with icmp type port-unreachable
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
- [ reject type 0 code 3 ]
-
-# reject with icmp type net-prohibited
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
- [ reject type 0 code 9 ]
-
-# reject with icmp type host-prohibited
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
- [ reject type 0 code 10 ]
-
-# reject with icmp type admin-prohibited
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
- [ reject type 0 code 13 ]
-
-# reject with icmpv6 type no-route
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x0000000a ]
- [ reject type 0 code 0 ]
-
-# reject with icmpv6 type admin-prohibited
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x0000000a ]
- [ reject type 0 code 1 ]
-
-# reject with icmpv6 type addr-unreachable
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x0000000a ]
- [ reject type 0 code 3 ]
-
-# reject with icmpv6 type port-unreachable
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x0000000a ]
- [ reject type 0 code 4 ]
-
-# reject with tcp reset
-inet test-inet input
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
- [ reject type 1 code 0 ]
-
-# reject
-inet test-inet input
- [ reject type 2 code 1 ]
-
-# meta nfproto ipv4 reject
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
- [ reject type 0 code 3 ]
-
-# meta nfproto ipv6 reject
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x0000000a ]
- [ reject type 0 code 4 ]
-
-# reject with icmpx type host-unreachable
-inet test-inet input
- [ reject type 2 code 2 ]
-
-# reject with icmpx type no-route
-inet test-inet input
- [ reject type 2 code 0 ]
-
-# reject with icmpx type admin-prohibited
-inet test-inet input
- [ reject type 2 code 3 ]
-
-# reject with icmpx type port-unreachable
-inet test-inet input
- [ reject type 2 code 1 ]
-
-# meta nfproto ipv4 reject with icmp type host-unreachable
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x00000002 ]
- [ reject type 0 code 1 ]
-
-# meta nfproto ipv6 reject with icmpv6 type no-route
-inet test-inet input
- [ meta load nfproto => reg 1 ]
- [ cmp eq reg 1 0x0000000a ]
- [ reject type 0 code 0 ]
-
# meta nfproto ipv4 reject with icmpx type admin-prohibited
inet test-inet input
[ meta load nfproto => reg 1 ]
diff --git a/tests/py/inet/rt.t b/tests/py/inet/rt.t
index 23608ab2..a0e0d003 100644
--- a/tests/py/inet/rt.t
+++ b/tests/py/inet/rt.t
@@ -2,14 +2,13 @@
*inet;test-inet;output
-rt nexthop 192.168.0.1;fail
-rt nexthop fd00::1;fail
-
meta nfproto ipv4 rt nexthop 192.168.0.1;ok;meta nfproto ipv4 rt ip nexthop 192.168.0.1
rt ip6 nexthop fd00::1;ok
# missing context
+rt nexthop 192.168.0.1;fail
rt nexthop fd00::1;fail
+
# wrong context
rt ip nexthop fd00::1;fail
diff --git a/tests/py/inet/sets.t.payload.bridge b/tests/py/inet/sets.t.payload.bridge
index 92f5417c..3dd9d57b 100644
--- a/tests/py/inet/sets.t.payload.bridge
+++ b/tests/py/inet/sets.t.payload.bridge
@@ -29,7 +29,7 @@ bridge
# ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept
__set%d test-inet 87
__set%d test-inet 0
- element 0000000a 00000a00 : 0 [end] element 0101a8c0 00005000 : 0 [end]
+ element 0000000a 00000a00 - ffffff0a 00001700 : 0 [end] element 0101a8c0 00005000 - 0803a8c0 0000bb01 : 0 [end]
bridge
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
diff --git a/tests/py/inet/sets.t.payload.inet b/tests/py/inet/sets.t.payload.inet
index bd6e1b0f..53c6b182 100644
--- a/tests/py/inet/sets.t.payload.inet
+++ b/tests/py/inet/sets.t.payload.inet
@@ -29,7 +29,7 @@ inet
# ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept
__set%d test-inet 87
__set%d test-inet 0
- element 0000000a 00000a00 : 0 [end] element 0101a8c0 00005000 : 0 [end]
+ element 0000000a 00000a00 - ffffff0a 00001700 : 0 [end] element 0101a8c0 00005000 - 0803a8c0 0000bb01 : 0 [end]
inet
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
diff --git a/tests/py/inet/sets.t.payload.netdev b/tests/py/inet/sets.t.payload.netdev
index f3032d8e..9d6f6bbd 100644
--- a/tests/py/inet/sets.t.payload.netdev
+++ b/tests/py/inet/sets.t.payload.netdev
@@ -14,7 +14,7 @@ netdev test-netdev ingress
[ lookup reg 1 set set2 0x1 ]
[ immediate reg 0 accept ]
-# ip saddr . ip daddr . tcp dport @ set3 accept
+# ip saddr . ip daddr . tcp dport @set3 accept
inet
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
@@ -29,7 +29,7 @@ inet
# ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept
__set%d test-netdev 87
__set%d test-netdev 0
- element 0000000a 00000a00 : 0 [end] element 0101a8c0 00005000 : 0 [end]
+ element 0000000a 00000a00 - ffffff0a 00001700 : 0 [end] element 0101a8c0 00005000 - 0803a8c0 0000bb01 : 0 [end]
netdev
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
diff --git a/tests/py/inet/synproxy.t.json b/tests/py/inet/synproxy.t.json
index 92c69d75..1dd85a61 100644
--- a/tests/py/inet/synproxy.t.json
+++ b/tests/py/inet/synproxy.t.json
@@ -5,24 +5,6 @@
}
]
-# synproxy mss 1460
-[
- {
- "synproxy": {
- "mss": 1460
- }
- }
-]
-
-# synproxy wscale 7
-[
- {
- "synproxy": {
- "wscale": 7
- }
- }
-]
-
# synproxy mss 1460 wscale 7
[
{
@@ -56,20 +38,6 @@
}
]
-# synproxy mss 1460 wscale 7 timestamp sack-perm
-[
- {
- "synproxy": {
- "mss": 1460,
- "wscale": 7,
- "flags": [
- "timestamp",
- "sack-perm"
- ]
- }
- }
-]
-
# synproxy mss 1460 wscale 5 timestamp sack-perm
[
{