diff options
Diffstat (limited to 'tests/py/inet')
-rw-r--r-- | tests/py/inet/ah.t | 2 | ||||
-rw-r--r-- | tests/py/inet/dccp.t.json | 18 | ||||
-rw-r--r-- | tests/py/inet/dccp.t.payload | 8 | ||||
-rw-r--r-- | tests/py/inet/esp.t | 1 | ||||
-rw-r--r-- | tests/py/inet/esp.t.json | 20 | ||||
-rw-r--r-- | tests/py/inet/ether.t.payload.bridge | 21 | ||||
-rw-r--r-- | tests/py/inet/ether.t.payload.ip | 23 | ||||
-rw-r--r-- | tests/py/inet/reject.t | 33 | ||||
-rw-r--r-- | tests/py/inet/reject.t.json.output | 194 | ||||
-rw-r--r-- | tests/py/inet/reject.t.payload.inet | 104 | ||||
-rw-r--r-- | tests/py/inet/rt.t | 5 | ||||
-rw-r--r-- | tests/py/inet/sets.t.payload.bridge | 2 | ||||
-rw-r--r-- | tests/py/inet/sets.t.payload.inet | 2 | ||||
-rw-r--r-- | tests/py/inet/sets.t.payload.netdev | 4 | ||||
-rw-r--r-- | tests/py/inet/synproxy.t.json | 32 |
15 files changed, 60 insertions, 409 deletions
diff --git a/tests/py/inet/ah.t b/tests/py/inet/ah.t index 8544d9dd..945db996 100644 --- a/tests/py/inet/ah.t +++ b/tests/py/inet/ah.t @@ -6,8 +6,6 @@ *inet;test-inet;input *netdev;test-netdev;ingress -# nexthdr Bug to list table. - - ah nexthdr esp;ok - ah nexthdr ah;ok - ah nexthdr comp;ok diff --git a/tests/py/inet/dccp.t.json b/tests/py/inet/dccp.t.json index 9260fbc5..97e33c14 100644 --- a/tests/py/inet/dccp.t.json +++ b/tests/py/inet/dccp.t.json @@ -98,24 +98,6 @@ } ] -# dccp sport ftp-data - re-mail-ck -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "dccp" - } - }, - "op": "==", - "right": { - "range": [ "ftp-data", "re-mail-ck" ] - } - } - } -] - # dccp sport 20-50 [ { diff --git a/tests/py/inet/dccp.t.payload b/tests/py/inet/dccp.t.payload index b830aa4f..b252d829 100644 --- a/tests/py/inet/dccp.t.payload +++ b/tests/py/inet/dccp.t.payload @@ -43,14 +43,6 @@ inet test-inet input [ payload load 2b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d ] -# dccp sport ftp-data - re-mail-ck -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - # dccp sport 20-50 inet test-inet input [ meta load l4proto => reg 1 ] diff --git a/tests/py/inet/esp.t b/tests/py/inet/esp.t index e79eeada..ebba7d87 100644 --- a/tests/py/inet/esp.t +++ b/tests/py/inet/esp.t @@ -13,6 +13,7 @@ esp spi != 111-222;ok esp spi { 100, 102};ok esp spi != { 100, 102};ok esp spi { 100-102};ok +esp spi != { 100-102};ok - esp spi {100-102};ok esp sequence 22;ok diff --git a/tests/py/inet/esp.t.json b/tests/py/inet/esp.t.json index 84ea9eea..ee690f96 100644 --- a/tests/py/inet/esp.t.json +++ b/tests/py/inet/esp.t.json @@ -128,6 +128,26 @@ } ] +# esp spi != { 100-102} +[ + { + "match": { + "left": { + "payload": { + "field": "spi", + "protocol": "esp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 100, 102 ] } + ] + } + } + } +] + # esp sequence 22 [ { diff --git a/tests/py/inet/ether.t.payload.bridge b/tests/py/inet/ether.t.payload.bridge index 4a6bccbe..e9208008 100644 --- a/tests/py/inet/ether.t.payload.bridge +++ b/tests/py/inet/ether.t.payload.bridge @@ -1,17 +1,3 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - # tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept bridge test-bridge input [ meta load l4proto => reg 1 ] @@ -40,10 +26,3 @@ bridge test-bridge input [ cmp eq reg 1 0x0c540f00 0x00000411 ] [ immediate reg 0 accept ] -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 -bridge test-bridge input - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - diff --git a/tests/py/inet/ether.t.payload.ip b/tests/py/inet/ether.t.payload.ip index 196930fd..a604f603 100644 --- a/tests/py/inet/ether.t.payload.ip +++ b/tests/py/inet/ether.t.payload.ip @@ -1,17 +1,3 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - # tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept ip test-ip4 input [ meta load l4proto => reg 1 ] @@ -44,12 +30,3 @@ ip test-ip4 input [ cmp eq reg 1 0x0c540f00 0x00000411 ] [ immediate reg 0 accept ] -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - diff --git a/tests/py/inet/reject.t b/tests/py/inet/reject.t index 0e8966c9..a9ecd2ea 100644 --- a/tests/py/inet/reject.t +++ b/tests/py/inet/reject.t @@ -2,33 +2,32 @@ *inet;test-inet;input -# The output is specific for inet family -reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable -reject with icmp type net-unreachable;ok;meta nfproto ipv4 reject with icmp type net-unreachable -reject with icmp type prot-unreachable;ok;meta nfproto ipv4 reject with icmp type prot-unreachable -reject with icmp type port-unreachable;ok;meta nfproto ipv4 reject -reject with icmp type net-prohibited;ok;meta nfproto ipv4 reject with icmp type net-prohibited -reject with icmp type host-prohibited;ok;meta nfproto ipv4 reject with icmp type host-prohibited -reject with icmp type admin-prohibited;ok;meta nfproto ipv4 reject with icmp type admin-prohibited - -reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route -reject with icmpv6 type admin-prohibited;ok;meta nfproto ipv6 reject with icmpv6 type admin-prohibited -reject with icmpv6 type addr-unreachable;ok;meta nfproto ipv6 reject with icmpv6 type addr-unreachable -reject with icmpv6 type port-unreachable;ok;meta nfproto ipv6 reject +reject with icmp type host-unreachable;ok +reject with icmp type net-unreachable;ok +reject with icmp type prot-unreachable;ok +reject with icmp type port-unreachable;ok +reject with icmp type net-prohibited;ok +reject with icmp type host-prohibited;ok +reject with icmp type admin-prohibited;ok + +reject with icmpv6 type no-route;ok +reject with icmpv6 type admin-prohibited;ok +reject with icmpv6 type addr-unreachable;ok +reject with icmpv6 type port-unreachable;ok mark 12345 reject with tcp reset;ok;meta l4proto 6 meta mark 0x00003039 reject with tcp reset reject;ok -meta nfproto ipv4 reject;ok -meta nfproto ipv6 reject;ok +meta nfproto ipv4 reject;ok;reject with icmp type port-unreachable +meta nfproto ipv6 reject;ok;reject with icmpv6 type port-unreachable reject with icmpx type host-unreachable;ok reject with icmpx type no-route;ok reject with icmpx type admin-prohibited;ok reject with icmpx type port-unreachable;ok;reject -meta nfproto ipv4 reject with icmp type host-unreachable;ok -meta nfproto ipv6 reject with icmpv6 type no-route;ok +meta nfproto ipv4 reject with icmp type host-unreachable;ok;reject with icmp type host-unreachable +meta nfproto ipv6 reject with icmpv6 type no-route;ok;reject with icmpv6 type no-route meta nfproto ipv6 reject with icmp type host-unreachable;fail meta nfproto ipv4 ip protocol icmp reject with icmpv6 type no-route;fail diff --git a/tests/py/inet/reject.t.json.output b/tests/py/inet/reject.t.json.output index 73846fb0..043617a7 100644 --- a/tests/py/inet/reject.t.json.output +++ b/tests/py/inet/reject.t.json.output @@ -1,145 +1,73 @@ -# reject with icmp type host-unreachable +# mark 12345 reject with tcp reset [ { "match": { "left": { - "meta": { "key": "nfproto" } + "meta": { "key": "l4proto" } }, "op": "==", - "right": "ipv4" + "right": 6 } }, { - "reject": { - "expr": "host-unreachable", - "type": "icmp" - } - } -] - -# reject with icmp type net-unreachable -[ - { "match": { "left": { - "meta": { "key": "nfproto" } + "meta": { "key": "mark" } }, "op": "==", - "right": "ipv4" + "right": 12345 } }, { "reject": { - "expr": "net-unreachable", - "type": "icmp" + "type": "tcp reset" } } ] -# reject with icmp type prot-unreachable +# reject [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "prot-unreachable", - "type": "icmp" - } - } -] - -# reject with icmp type port-unreachable -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" + "expr": "port-unreachable", + "type": "icmpx" } - }, - { - "reject": null } ] -# reject with icmp type net-prohibited +# meta nfproto ipv4 reject [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "net-prohibited", + "expr": "port-unreachable", "type": "icmp" } } ] -# reject with icmp type host-prohibited +# meta nfproto ipv6 reject [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "host-prohibited", - "type": "icmp" + "expr": "port-unreachable", + "type": "icmpv6" } } ] -# reject with icmp type admin-prohibited +# meta nfproto ipv4 reject with icmp type host-unreachable [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "admin-prohibited", + "expr": "host-unreachable", "type": "icmp" } } ] -# reject with icmpv6 type no-route +# meta nfproto ipv6 reject with icmpv6 type no-route [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { "reject": { "expr": "no-route", "type": "icmpv6" @@ -147,91 +75,3 @@ } ] -# reject with icmpv6 type admin-prohibited -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { - "reject": { - "expr": "admin-prohibited", - "type": "icmpv6" - } - } -] - -# reject with icmpv6 type addr-unreachable -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { - "reject": { - "expr": "addr-unreachable", - "type": "icmpv6" - } - } -] - -# reject with icmpv6 type port-unreachable -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { - "reject": null - } -] - -# mark 12345 reject with tcp reset -[ - { - "match": { - "left": { - "meta": { "key": "l4proto" } - }, - "op": "==", - "right": 6 - } - }, - { - "match": { - "left": { - "meta": { "key": "mark" } - }, - "op": "==", - "right": 12345 - } - }, - { - "reject": { - "type": "tcp reset" - } - } -] - -# reject with icmpx type port-unreachable -[ - { - "reject": null - } -] - diff --git a/tests/py/inet/reject.t.payload.inet b/tests/py/inet/reject.t.payload.inet index ee1aae02..3f220282 100644 --- a/tests/py/inet/reject.t.payload.inet +++ b/tests/py/inet/reject.t.payload.inet @@ -116,110 +116,6 @@ inet test-inet input [ cmp eq reg 1 0x0000000a ] [ reject type 0 code 0 ] -# reject with icmp type prot-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 13 ] - -# reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - -# reject with icmpv6 type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 1 ] - -# reject with icmpv6 type addr-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 3 ] - -# reject with icmpv6 type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with tcp reset -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ reject type 1 code 0 ] - -# reject -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# meta nfproto ipv6 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with icmpx type host-unreachable -inet test-inet input - [ reject type 2 code 2 ] - -# reject with icmpx type no-route -inet test-inet input - [ reject type 2 code 0 ] - -# reject with icmpx type admin-prohibited -inet test-inet input - [ reject type 2 code 3 ] - -# reject with icmpx type port-unreachable -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject with icmp type host-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 1 ] - -# meta nfproto ipv6 reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - # meta nfproto ipv4 reject with icmpx type admin-prohibited inet test-inet input [ meta load nfproto => reg 1 ] diff --git a/tests/py/inet/rt.t b/tests/py/inet/rt.t index 23608ab2..a0e0d003 100644 --- a/tests/py/inet/rt.t +++ b/tests/py/inet/rt.t @@ -2,14 +2,13 @@ *inet;test-inet;output -rt nexthop 192.168.0.1;fail -rt nexthop fd00::1;fail - meta nfproto ipv4 rt nexthop 192.168.0.1;ok;meta nfproto ipv4 rt ip nexthop 192.168.0.1 rt ip6 nexthop fd00::1;ok # missing context +rt nexthop 192.168.0.1;fail rt nexthop fd00::1;fail + # wrong context rt ip nexthop fd00::1;fail diff --git a/tests/py/inet/sets.t.payload.bridge b/tests/py/inet/sets.t.payload.bridge index 92f5417c..3dd9d57b 100644 --- a/tests/py/inet/sets.t.payload.bridge +++ b/tests/py/inet/sets.t.payload.bridge @@ -29,7 +29,7 @@ bridge # ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept __set%d test-inet 87 __set%d test-inet 0 - element 0000000a 00000a00 : 0 [end] element 0101a8c0 00005000 : 0 [end] + element 0000000a 00000a00 - ffffff0a 00001700 : 0 [end] element 0101a8c0 00005000 - 0803a8c0 0000bb01 : 0 [end] bridge [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] diff --git a/tests/py/inet/sets.t.payload.inet b/tests/py/inet/sets.t.payload.inet index bd6e1b0f..53c6b182 100644 --- a/tests/py/inet/sets.t.payload.inet +++ b/tests/py/inet/sets.t.payload.inet @@ -29,7 +29,7 @@ inet # ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept __set%d test-inet 87 __set%d test-inet 0 - element 0000000a 00000a00 : 0 [end] element 0101a8c0 00005000 : 0 [end] + element 0000000a 00000a00 - ffffff0a 00001700 : 0 [end] element 0101a8c0 00005000 - 0803a8c0 0000bb01 : 0 [end] inet [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] diff --git a/tests/py/inet/sets.t.payload.netdev b/tests/py/inet/sets.t.payload.netdev index f3032d8e..9d6f6bbd 100644 --- a/tests/py/inet/sets.t.payload.netdev +++ b/tests/py/inet/sets.t.payload.netdev @@ -14,7 +14,7 @@ netdev test-netdev ingress [ lookup reg 1 set set2 0x1 ] [ immediate reg 0 accept ] -# ip saddr . ip daddr . tcp dport @ set3 accept +# ip saddr . ip daddr . tcp dport @set3 accept inet [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] @@ -29,7 +29,7 @@ inet # ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept __set%d test-netdev 87 __set%d test-netdev 0 - element 0000000a 00000a00 : 0 [end] element 0101a8c0 00005000 : 0 [end] + element 0000000a 00000a00 - ffffff0a 00001700 : 0 [end] element 0101a8c0 00005000 - 0803a8c0 0000bb01 : 0 [end] netdev [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] diff --git a/tests/py/inet/synproxy.t.json b/tests/py/inet/synproxy.t.json index 92c69d75..1dd85a61 100644 --- a/tests/py/inet/synproxy.t.json +++ b/tests/py/inet/synproxy.t.json @@ -5,24 +5,6 @@ } ] -# synproxy mss 1460 -[ - { - "synproxy": { - "mss": 1460 - } - } -] - -# synproxy wscale 7 -[ - { - "synproxy": { - "wscale": 7 - } - } -] - # synproxy mss 1460 wscale 7 [ { @@ -56,20 +38,6 @@ } ] -# synproxy mss 1460 wscale 7 timestamp sack-perm -[ - { - "synproxy": { - "mss": 1460, - "wscale": 7, - "flags": [ - "timestamp", - "sack-perm" - ] - } - } -] - # synproxy mss 1460 wscale 5 timestamp sack-perm [ { |