diff options
Diffstat (limited to 'tests/py/ip6')
-rw-r--r-- | tests/py/ip6/frag.t | 63 | ||||
-rw-r--r-- | tests/py/ip6/frag.t.payload.ip6 | 109 |
2 files changed, 172 insertions, 0 deletions
diff --git a/tests/py/ip6/frag.t b/tests/py/ip6/frag.t new file mode 100644 index 00000000..56801ed8 --- /dev/null +++ b/tests/py/ip6/frag.t @@ -0,0 +1,63 @@ +:output;type filter hook output priority 0 +:ingress;type filter hook ingress device lo priority 0 + +*ip6;test-ip6;output +*inet;test-inet;output + +frag nexthdr tcp;ok;frag nexthdr 6 +frag nexthdr != icmp;ok;frag nexthdr != 1 +frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok;frag nexthdr { 51, 136, 132, 6, 108, 50, 17, 33} +- frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok +frag nexthdr esp;ok;frag nexthdr 50 +frag nexthdr ah;ok;frag nexthdr 51 + +frag reserved 22;ok +frag reserved != 233;ok +frag reserved 33-45;ok +frag reserved != 33-45;ok +frag reserved { 33, 55, 67, 88};ok +- frag reserved != { 33, 55, 67, 88};ok +frag reserved { 33-55};ok +- frag reserved != { 33-55};ok + +# BUG: frag frag-off 22 and frag frag-off { 33-55} +# This breaks table listing: "netlink: Error: Relational expression size mismatch" + +- frag frag-off 22;ok +- frag frag-off != 233;ok +- frag frag-off 33-45;ok +- frag frag-off != 33-45;ok +- frag frag-off { 33, 55, 67, 88};ok +- frag frag-off != { 33, 55, 67, 88};ok +- frag frag-off { 33-55};ok +- frag frag-off != { 33-55};ok + +# BUG frag reserved2 33 and frag reserved2 1 +# $ sudo nft add rule ip test input frag reserved2 33 +# <cmdline>:1:39-40: Error: Value 33 exceeds valid range 0-3 +# add rule ip test input frag reserved2 33 +# ^^ +# sudo nft add rule ip test input frag reserved2 1 +# <cmdline>:1:1-39: Error: Could not process rule: Invalid argument +# add rule ip test input frag reserved2 1 +# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +# BUG more-fragments 1 and frag more-fragments 4 +# frag more-fragments 1 +# <cmdline>:1:1-44: Error: Could not process rule: Invalid argument +# add rule ip test input frag more-fragments 1 +# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +# $ sudo nft add rule ip test input frag more-fragments 4 +# <cmdline>:1:44-44: Error: Value 4 exceeds valid range 0-1 +# add rule ip test input frag more-fragments 4 +# ^ + +frag id 1;ok +frag id 22;ok +frag id != 33;ok +frag id 33-45;ok +frag id != 33-45;ok +frag id { 33, 55, 67, 88};ok +- frag id != { 33, 55, 67, 88};ok +frag id { 33-55};ok +- frag id != { 33-55};ok diff --git a/tests/py/ip6/frag.t.payload.ip6 b/tests/py/ip6/frag.t.payload.ip6 new file mode 100644 index 00000000..f2d04b6b --- /dev/null +++ b/tests/py/ip6/frag.t.payload.ip6 @@ -0,0 +1,109 @@ +# frag nexthdr tcp +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + +# frag nexthdr != icmp +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag nexthdr esp +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# frag nexthdr ah +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + +# frag reserved 22 +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# frag reserved != 233 +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# frag reserved 33-45 +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# frag reserved != 33-45 +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# frag reserved { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag reserved { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag id 1 +ip6 test-ip6 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp eq reg 1 0x01000000 ] + +# frag id 22 +ip6 test-ip6 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# frag id != 33 +ip6 test-ip6 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp neq reg 1 0x21000000 ] + +# frag id 33-45 +ip6 test-ip6 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# frag id != 33-45 +ip6 test-ip6 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# frag id { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag id { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + |