summaryrefslogtreecommitdiffstats
path: root/tests/py/ip6
diff options
context:
space:
mode:
Diffstat (limited to 'tests/py/ip6')
-rw-r--r--tests/py/ip6/chains.t17
-rw-r--r--tests/py/ip6/dnat.t5
-rw-r--r--tests/py/ip6/dnat.t.payload.ip625
-rw-r--r--tests/py/ip6/dst.t25
-rw-r--r--tests/py/ip6/dst.t.payload.inet94
-rw-r--r--tests/py/ip6/dst.t.payload.ip695
-rw-r--r--tests/py/ip6/dup.t6
-rw-r--r--tests/py/ip6/dup.t.payload21
-rw-r--r--tests/py/ip6/ether.t8
-rw-r--r--tests/py/ip6/ether.t.payload49
-rw-r--r--tests/py/ip6/hbh.t25
-rw-r--r--tests/py/ip6/hbh.t.payload.inet94
-rw-r--r--tests/py/ip6/hbh.t.payload.ip694
-rw-r--r--tests/py/ip6/icmpv6.t96
-rw-r--r--tests/py/ip6/icmpv6.t.payload.ip6409
-rw-r--r--tests/py/ip6/ip6.t143
-rw-r--r--tests/py/ip6/ip6.t.payload.inet461
-rw-r--r--tests/py/ip6/ip6.t.payload.ip6339
-rw-r--r--tests/py/ip6/masquerade.t25
-rw-r--r--tests/py/ip6/masquerade.t.payload.ip6127
-rw-r--r--tests/py/ip6/mh.t49
-rw-r--r--tests/py/ip6/mh.t.payload.inet198
-rw-r--r--tests/py/ip6/mh.t.payload.ip6198
-rw-r--r--tests/py/ip6/redirect.t44
-rw-r--r--tests/py/ip6/redirect.t.payload.ip6185
-rw-r--r--tests/py/ip6/reject.t12
-rw-r--r--tests/py/ip6/reject.t.payload.ip626
-rw-r--r--tests/py/ip6/rt.t45
-rw-r--r--tests/py/ip6/rt.t.payload.inet180
-rw-r--r--tests/py/ip6/rt.t.payload.ip6180
-rw-r--r--tests/py/ip6/sets.t22
-rw-r--r--tests/py/ip6/sets.t.payload0
-rw-r--r--tests/py/ip6/sets.t.payload.inet8
-rw-r--r--tests/py/ip6/sets.t.payload.ip66
-rw-r--r--tests/py/ip6/snat.t5
-rw-r--r--tests/py/ip6/snat.t.payload.ip625
-rw-r--r--tests/py/ip6/vmap.t54
-rw-r--r--tests/py/ip6/vmap.t.payload.inet420
-rw-r--r--tests/py/ip6/vmap.t.payload.ip6336
39 files changed, 4151 insertions, 0 deletions
diff --git a/tests/py/ip6/chains.t b/tests/py/ip6/chains.t
new file mode 100644
index 00000000..c1e41e47
--- /dev/null
+++ b/tests/py/ip6/chains.t
@@ -0,0 +1,17 @@
+*ip6;test-ip6
+
+# filter chains available are: input, output, forward, forward, prerouting and postrouting.
+:filter-input;type filter hook input priority 0
+:filter-prer;type filter hook prerouting priority 0
+:filter-forw-t;type filter hook forward priority 0
+:filter-out-t;type filter hook output priority 0
+:filter-post-t;type filter hook postrouting priority 0
+
+# nat chains available are: input, output, forward, prerouting and postrouting.
+:nat-input;type nat hook input priority 0
+:nat-prerouting;type nat hook prerouting priority 0
+:nat-output;type nat hook output priority 0
+:nat-postrou;type nat hook postrouting priority 0
+
+# route chain available is output.
+:route-out;type route hook output priority 0
diff --git a/tests/py/ip6/dnat.t b/tests/py/ip6/dnat.t
new file mode 100644
index 00000000..83412258
--- /dev/null
+++ b/tests/py/ip6/dnat.t
@@ -0,0 +1,5 @@
+*ip6;test-ip6
+:prerouting;type nat hook prerouting priority 0
+
+tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100;ok
+tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok;tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::100
diff --git a/tests/py/ip6/dnat.t.payload.ip6 b/tests/py/ip6/dnat.t.payload.ip6
new file mode 100644
index 00000000..13c7a0e3
--- /dev/null
+++ b/tests/py/ip6/dnat.t.payload.ip6
@@ -0,0 +1,25 @@
+# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100
+ip6 test-ip6 prerouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ]
+ [ immediate reg 3 0x00005000 ]
+ [ immediate reg 4 0x00006400 ]
+ [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ]
+
+# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100
+ip6 test-ip6 prerouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ]
+ [ immediate reg 3 0x00006400 ]
+ [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ]
+
diff --git a/tests/py/ip6/dst.t b/tests/py/ip6/dst.t
new file mode 100644
index 00000000..3207af76
--- /dev/null
+++ b/tests/py/ip6/dst.t
@@ -0,0 +1,25 @@
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+dst nexthdr 22;ok
+dst nexthdr != 233;ok
+dst nexthdr 33-45;ok
+dst nexthdr != 33-45;ok
+dst nexthdr { 33, 55, 67, 88};ok
+- dst nexthdr != { 33, 55, 67, 88};ok
+dst nexthdr { 33-55};ok
+- dst nexthdr != { 33-55};ok
+dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;dst nexthdr { 51, 50, 17, 136, 58, 6, 33, 132, 108}
+- dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok
+dst nexthdr icmp;ok;dst nexthdr 1
+dst nexthdr != icmp;ok;dst nexthdr != 1
+
+dst hdrlength 22;ok
+dst hdrlength != 233;ok
+dst hdrlength 33-45;ok
+dst hdrlength != 33-45;ok
+dst hdrlength { 33, 55, 67, 88};ok
+- dst hdrlength != { 33, 55, 67, 88};ok
+dst hdrlength { 33-55};ok
+- dst hdrlength != { 33-55};ok
diff --git a/tests/py/ip6/dst.t.payload.inet b/tests/py/ip6/dst.t.payload.inet
new file mode 100644
index 00000000..7a219f41
--- /dev/null
+++ b/tests/py/ip6/dst.t.payload.inet
@@ -0,0 +1,94 @@
+# dst nexthdr 22
+inet test-inet input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# dst nexthdr != 233
+inet test-inet input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# dst nexthdr 33-45
+inet test-inet input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# dst nexthdr != 33-45
+inet test-inet input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# dst nexthdr { 33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# dst nexthdr { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# dst nexthdr icmp
+inet test-inet input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# dst nexthdr != icmp
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# dst hdrlength 22
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# dst hdrlength != 233
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# dst hdrlength 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# dst hdrlength != 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# dst hdrlength { 33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# dst hdrlength { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
diff --git a/tests/py/ip6/dst.t.payload.ip6 b/tests/py/ip6/dst.t.payload.ip6
new file mode 100644
index 00000000..3c778f93
--- /dev/null
+++ b/tests/py/ip6/dst.t.payload.ip6
@@ -0,0 +1,95 @@
+# dst nexthdr 22
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# dst nexthdr != 233
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# dst nexthdr 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# dst nexthdr != 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# dst nexthdr { 33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# dst nexthdr { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# dst nexthdr icmp
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# dst nexthdr != icmp
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# dst hdrlength 22
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# dst hdrlength != 233
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# dst hdrlength 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# dst hdrlength != 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# dst hdrlength { 33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# dst hdrlength { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 60 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+
diff --git a/tests/py/ip6/dup.t b/tests/py/ip6/dup.t
new file mode 100644
index 00000000..34f302f2
--- /dev/null
+++ b/tests/py/ip6/dup.t
@@ -0,0 +1,6 @@
+*ip6;test-ip6
+:input;type filter hook input priority 0
+
+dup to abcd::1;ok
+dup to abcd::1 device eth0;ok
+dup to ip6 saddr map { abcd::1 : cafe::cafe } device eth0;ok
diff --git a/tests/py/ip6/dup.t.payload b/tests/py/ip6/dup.t.payload
new file mode 100644
index 00000000..1df414cd
--- /dev/null
+++ b/tests/py/ip6/dup.t.payload
@@ -0,0 +1,21 @@
+# dup to abcd::1
+ip6 test test
+ [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ]
+ [ dup sreg_addr 1 ]
+
+# dup to abcd::1 device eth0
+ip6 test test
+ [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ]
+ [ immediate reg 2 0x00000002 ]
+ [ dup sreg_addr 1 sreg_dev 2 ]
+
+# dup to ip6 saddr map { abcd::1 : cafe::cafe } device eth0
+map%d test-ip6 b
+map%d test-ip6 0
+ element 0000cdab 00000000 00000000 01000000 : 0000feca 00000000 00000000 feca0000 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 1 ]
+ [ immediate reg 2 0x00000002 ]
+ [ dup sreg_addr 1 sreg_dev 2 ]
+
diff --git a/tests/py/ip6/ether.t b/tests/py/ip6/ether.t
new file mode 100644
index 00000000..98be273f
--- /dev/null
+++ b/tests/py/ip6/ether.t
@@ -0,0 +1,8 @@
+*ip6;test-ip6
+
+:input;type filter hook input priority 0
+
+tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 accept
+tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04
+tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2;ok
+ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept;ok
diff --git a/tests/py/ip6/ether.t.payload b/tests/py/ip6/ether.t.payload
new file mode 100644
index 00000000..c7342cc0
--- /dev/null
+++ b/tests/py/ip6/ether.t.payload
@@ -0,0 +1,49 @@
+# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+ [ meta load iiftype => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ]
+ [ payload load 6b @ link header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0c540f00 0x00000411 ]
+ [ immediate reg 0 accept ]
+
+# tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ]
+ [ meta load iiftype => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 6b @ link header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0c540f00 0x00000411 ]
+
+# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+ [ meta load iiftype => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 6b @ link header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0c540f00 0x00000411 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ]
+
+# ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept
+ip6 test-ip6 input
+ [ meta load iiftype => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 6b @ link header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0c540f00 0x00000411 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ]
+ [ immediate reg 0 accept ]
diff --git a/tests/py/ip6/hbh.t b/tests/py/ip6/hbh.t
new file mode 100644
index 00000000..4e67c42a
--- /dev/null
+++ b/tests/py/ip6/hbh.t
@@ -0,0 +1,25 @@
+*ip6;test-ip6
+*inet;test-inet
+:filter-input;type filter hook input priority 0
+
+hbh hdrlength 22;ok
+hbh hdrlength != 233;ok
+hbh hdrlength 33-45;ok
+hbh hdrlength != 33-45;ok
+hbh hdrlength {33, 55, 67, 88};ok
+- hbh hdrlength != {33, 55, 67, 88};ok
+hbh hdrlength { 33-55};ok
+- hbh hdrlength != {33-55};ok
+
+hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;hbh nexthdr { 58, 136, 51, 50, 6, 17, 132, 33, 108}
+- hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok
+hbh nexthdr 22;ok
+hbh nexthdr != 233;ok
+hbh nexthdr 33-45;ok
+hbh nexthdr != 33-45;ok
+hbh nexthdr {33, 55, 67, 88};ok
+- hbh nexthdr != {33, 55, 67, 88};ok
+hbh nexthdr { 33-55};ok
+- hbh nexthdr != {33-55};ok
+hbh nexthdr ip;ok;hbh nexthdr 0
+hbh nexthdr != ip;ok;hbh nexthdr != 0
diff --git a/tests/py/ip6/hbh.t.payload.inet b/tests/py/ip6/hbh.t.payload.inet
new file mode 100644
index 00000000..2b4c9c77
--- /dev/null
+++ b/tests/py/ip6/hbh.t.payload.inet
@@ -0,0 +1,94 @@
+# hbh hdrlength 22
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# hbh hdrlength != 233
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# hbh hdrlength 33-45
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# hbh hdrlength != 33-45
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# hbh hdrlength {33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# hbh hdrlength { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# hbh nexthdr 22
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# hbh nexthdr != 233
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# hbh nexthdr 33-45
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# hbh nexthdr != 33-45
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# hbh nexthdr {33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# hbh nexthdr { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# hbh nexthdr ip
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# hbh nexthdr != ip
+inet test-inet filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000000 ]
+
diff --git a/tests/py/ip6/hbh.t.payload.ip6 b/tests/py/ip6/hbh.t.payload.ip6
new file mode 100644
index 00000000..a201ef56
--- /dev/null
+++ b/tests/py/ip6/hbh.t.payload.ip6
@@ -0,0 +1,94 @@
+# hbh hdrlength 22
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# hbh hdrlength != 233
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# hbh hdrlength 33-45
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# hbh hdrlength != 33-45
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# hbh hdrlength {33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# hbh hdrlength { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# hbh nexthdr 22
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# hbh nexthdr != 233
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# hbh nexthdr 33-45
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# hbh nexthdr != 33-45
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# hbh nexthdr {33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# hbh nexthdr { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# hbh nexthdr ip
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# hbh nexthdr != ip
+ip6 test-ip6 filter-input
+ [ exthdr load 1b @ 0 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000000 ]
+
diff --git a/tests/py/ip6/icmpv6.t b/tests/py/ip6/icmpv6.t
new file mode 100644
index 00000000..fca903f6
--- /dev/null
+++ b/tests/py/ip6/icmpv6.t
@@ -0,0 +1,96 @@
+*ip6;test-ip6
+# BUG: There is a bug with icmpv6 and inet tables
+# *inet;test-inet
+:input;type filter hook input priority 0
+
+icmpv6 type destination-unreachable accept;ok
+icmpv6 type packet-too-big accept;ok
+icmpv6 type time-exceeded accept;ok
+icmpv6 type echo-request accept;ok
+icmpv6 type echo-reply accept;ok
+icmpv6 type mld-listener-query accept;ok
+icmpv6 type mld-listener-report accept;ok
+icmpv6 type mld-listener-reduction accept;ok
+icmpv6 type nd-router-solicit accept;ok
+icmpv6 type nd-router-advert accept;ok
+icmpv6 type nd-neighbor-solicit accept;ok
+icmpv6 type nd-neighbor-advert accept;ok
+icmpv6 type nd-redirect accept;ok
+icmpv6 type router-renumbering accept;ok
+icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept;ok
+icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept;ok
+icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept;ok
+- icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept;ok
+
+icmpv6 code 4;ok
+icmpv6 code 3-66;ok
+icmpv6 code {5, 6, 7} accept;ok
+- icmpv6 code != {3, 66, 34};ok
+icmpv6 code { 3-66};ok
+- icmpv6 code != { 3-44};ok
+
+icmpv6 checksum 2222 log;ok
+icmpv6 checksum != 2222 log;ok
+icmpv6 checksum 222-226;ok
+icmpv6 checksum != 2222 log;ok
+icmpv6 checksum { 222, 226};ok
+- icmpv6 checksum != { 222, 226};ok
+icmpv6 checksum { 222-226};ok
+- icmpv6 checksum != { 222-226};ok
+
+# BUG: icmpv6 parameter-problem, pptr, mtu, packet-too-big
+# [ICMP6HDR_PPTR] = ICMP6HDR_FIELD("parameter-problem", icmp6_pptr),
+# [ICMP6HDR_MTU] = ICMP6HDR_FIELD("packet-too-big", icmp6_mtu),
+# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 35
+# <cmdline>:1:53-53: Error: syntax error, unexpected end of file
+# add rule ip6 test6 input icmpv6 parameter-problem 35
+# ^
+# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem
+# <cmdline>:1:26-31: Error: Value 58 exceeds valid range 0-0
+# add rule ip6 test6 input icmpv6 parameter-problem
+# ^^^^^^
+# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 2-4
+# <cmdline>:1:54-54: Error: syntax error, unexpected end of file
+# add rule ip6 test6 input icmpv6 parameter-problem 2-4
+
+# BUG: packet-too-big
+# $ sudo nft add rule ip6 test6 input icmpv6 packet-too-big 34
+# <cmdline>:1:50-50: Error: syntax error, unexpected end of file
+# add rule ip6 test6 input icmpv6 packet-too-big 34
+
+icmpv6 mtu 22;ok
+icmpv6 mtu != 233;ok
+icmpv6 mtu 33-45;ok
+icmpv6 mtu != 33-45;ok
+icmpv6 mtu {33, 55, 67, 88};ok
+- icmpv6 mtu != {33, 55, 67, 88};ok
+icmpv6 mtu {33-55};ok
+- icmpv6 mtu != {33-55};ok
+
+- icmpv6 id 2;ok
+- icmpv6 id != 233;ok
+icmpv6 id 33-45;ok
+icmpv6 id != 33-45;ok
+icmpv6 id {33, 55, 67, 88};ok
+- icmpv6 id != {33, 55, 67, 88};ok
+icmpv6 id {33-55};ok
+- icmpv6 id != {33-55};ok
+
+icmpv6 sequence 2;ok
+icmpv6 sequence {3, 4, 5, 6, 7} accept;ok
+
+icmpv6 sequence {2, 4};ok
+- icmpv6 sequence != {2, 4};ok
+icmpv6 sequence 2-4;ok
+icmpv6 sequence != 2-4;ok
+icmpv6 sequence { 2-4};ok
+- icmpv6 sequence != {2-4};ok
+
+- icmpv6 max-delay 22;ok
+- icmpv6 max-delay != 233;ok
+icmpv6 max-delay 33-45;ok
+icmpv6 max-delay != 33-45;ok
+icmpv6 max-delay {33, 55, 67, 88};ok
+- icmpv6 max-delay != {33, 55, 67, 88};ok
+icmpv6 max-delay {33-55};ok
+- icmpv6 max-delay != {33-55};ok
diff --git a/tests/py/ip6/icmpv6.t.payload.ip6 b/tests/py/ip6/icmpv6.t.payload.ip6
new file mode 100644
index 00000000..55af9d8d
--- /dev/null
+++ b/tests/py/ip6/icmpv6.t.payload.ip6
@@ -0,0 +1,409 @@
+# icmpv6 type destination-unreachable accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type packet-too-big accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type time-exceeded accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000003 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type echo-request accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000080 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type echo-reply accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000081 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type mld-listener-query accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000082 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type mld-listener-report accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000083 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type mld-listener-reduction accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000084 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type nd-router-solicit accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000085 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type nd-router-advert accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000086 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type nd-neighbor-solicit accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000087 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type nd-neighbor-advert accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000088 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type nd-redirect accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000089 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type router-renumbering accept
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x0000008a ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000001 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept
+set%d test-ip6 3
+set%d test-ip6 0
+ element 0000008a : 0 [end] element 00000084 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000082 : 0 [end] element 00000003 : 0 [end] element 00000086 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 code 4
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000004 ]
+
+# icmpv6 code 3-66
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000003 ]
+ [ cmp lte reg 1 0x00000042 ]
+
+# icmpv6 code {5, 6, 7} accept
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 code { 3-66}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000003 : 0 [end] element 00000043 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# icmpv6 checksum 2222 log
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000ae08 ]
+ [ log prefix (null) ]
+
+# icmpv6 checksum != 2222 log
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp neq reg 1 0x0000ae08 ]
+ [ log prefix (null) ]
+
+# icmpv6 checksum 222-226
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x0000de00 ]
+ [ cmp lte reg 1 0x0000e200 ]
+
+# icmpv6 checksum != 2222 log
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp neq reg 1 0x0000ae08 ]
+ [ log prefix (null) ]
+
+# icmpv6 checksum { 222, 226}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 0000de00 : 0 [end] element 0000e200 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# icmpv6 checksum { 222-226}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 0000de00 : 0 [end] element 0000e300 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# icmpv6 mtu 22
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ cmp eq reg 1 0x16000000 ]
+
+# icmpv6 mtu != 233
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ cmp neq reg 1 0xe9000000 ]
+
+# icmpv6 mtu 33-45
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ cmp gte reg 1 0x21000000 ]
+ [ cmp lte reg 1 0x2d000000 ]
+
+# icmpv6 mtu != 33-45
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ cmp lt reg 1 0x21000000 ]
+ [ cmp gt reg 1 0x2d000000 ]
+
+# icmpv6 mtu {33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# icmpv6 mtu {33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# icmpv6 id 33-45
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# icmpv6 id != 33-45
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ cmp lt reg 1 0x00002100 ]
+ [ cmp gt reg 1 0x00002d00 ]
+
+# icmpv6 id {33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# icmpv6 id {33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# icmpv6 sequence 2
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000200 ]
+
+# icmpv6 sequence {3, 4, 5, 6, 7} accept
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 sequence {2, 4}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000200 : 0 [end] element 00000400 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# icmpv6 sequence 2-4
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ cmp gte reg 1 0x00000200 ]
+ [ cmp lte reg 1 0x00000400 ]
+
+# icmpv6 sequence != 2-4
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ cmp lt reg 1 0x00000200 ]
+ [ cmp gt reg 1 0x00000400 ]
+
+# icmpv6 sequence { 2-4}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000200 : 0 [end] element 00000500 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# icmpv6 max-delay 33-45
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# icmpv6 max-delay != 33-45
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ cmp lt reg 1 0x00002100 ]
+ [ cmp gt reg 1 0x00002d00 ]
+
+# icmpv6 max-delay {33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# icmpv6 max-delay {33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
diff --git a/tests/py/ip6/ip6.t b/tests/py/ip6/ip6.t
new file mode 100644
index 00000000..d4c5c7e3
--- /dev/null
+++ b/tests/py/ip6/ip6.t
@@ -0,0 +1,143 @@
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+# BUG: Problem with version, priority
+# <cmdline>:1:1-38: Error: Could not process rule: Invalid argument
+# add rule ip6 test6 input ip6 version 1
+# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- ip6 version 6;ok
+- ip6 priority 3;ok
+
+# $ sudo nft add rule ip6 test6 input ip6 priority 33
+# <cmdline>:1:39-40: Error: Value 33 exceeds valid range 0-15
+# $ sudo nft add rule ip6 test6 input ip6 priority 3
+# <cmdline>:1:1-39: Error: Could not process rule: Invalid argument
+# add rule ip6 test6 input ip6 priority 3
+#^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+ip6 flowlabel 22;ok
+ip6 flowlabel != 233;ok
+- ip6 flowlabel 33-45;ok
+- ip6 flowlabel != 33-45;ok
+ip6 flowlabel { 33, 55, 67, 88};ok
+# BUG ip6 flowlabel { 5046528, 2883584, 13522432 }
+- ip6 flowlabel != { 33, 55, 67, 88};ok
+ip6 flowlabel { 33-55};ok
+- ip6 flowlabel != { 33-55};ok
+
+ip6 length 22;ok
+ip6 length != 233;ok
+ip6 length 33-45;ok
+ip6 length != 33-45;ok
+- ip6 length { 33, 55, 67, 88};ok
+- ip6 length != {33, 55, 67, 88};ok
+ip6 length { 33-55};ok
+- ip6 length != { 33-55};ok
+
+ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log;ok;ip6 nexthdr { 132, 51, 108, 136, 17, 33, 6} log
+ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;ip6 nexthdr { 6, 136, 108, 33, 50, 17, 132, 58, 51}
+- ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok
+ip6 nexthdr esp;ok;ip6 nexthdr 50
+ip6 nexthdr != esp;ok;ip6 nexthdr != 50
+ip6 nexthdr { 33-44};ok
+- p6 nexthdr != { 33-44};ok
+ip6 nexthdr 33-44;ok
+ip6 nexthdr != 33-44;ok
+
+ip6 hoplimit 1 log;ok
+ip6 hoplimit != 233;ok
+ip6 hoplimit 33-45;ok
+ip6 hoplimit != 33-45;ok
+ip6 hoplimit {33, 55, 67, 88};ok
+- ip6 hoplimit != {33, 55, 67, 88};ok
+ip6 hoplimit {33-55};ok
+- ip6 hoplimit != {33-55};ok
+
+# from src/scanner.l
+# v680 (({hex4}:){7}{hex4})
+ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234;ok
+# v670 ((:)(:{hex4}{7}))
+ip6 saddr ::1234:1234:1234:1234:1234:1234:1234;ok;ip6 saddr 0:1234:1234:1234:1234:1234:1234:1234
+# v671 ((({hex4}:){1})(:{hex4}{6}))
+ip6 saddr 1234::1234:1234:1234:1234:1234:1234;ok;ip6 saddr 1234:0:1234:1234:1234:1234:1234:1234
+# v672 ((({hex4}:){2})(:{hex4}{5}))
+ip6 saddr 1234:1234::1234:1234:1234:1234:1234;ok;ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234
+ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234;ok
+# v673 ((({hex4}:){3})(:{hex4}{4}))
+ip6 saddr 1234:1234:1234::1234:1234:1234:1234;ok;ip6 saddr 1234:1234:1234:0:1234:1234:1234:1234
+# v674 ((({hex4}:){4})(:{hex4}{3}))
+ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234;ok
+# v675 ((({hex4}:){5})(:{hex4}{2}))
+ip6 saddr 1234:1234:1234:1234:1234::1234:1234;ok;ip6 saddr 1234:1234:1234:1234:1234:0:1234:1234
+# v676 ((({hex4}:){6})(:{hex4}{1}))
+ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234;ok
+# v677 ((({hex4}:){7})(:))
+ip6 saddr 1234:1234:1234:1234:1234:1234:1234::;ok;ip6 saddr 1234:1234:1234:1234:1234:1234:1234:0
+# v67 ({v670}|{v671}|{v672}|{v673}|{v674}|{v675}|{v676}|{v677})
+# v660 ((:)(:{hex4}{6}))
+ip6 saddr ::1234:1234:1234:1234:1234:1234;ok
+# v661 ((({hex4}:){1})(:{hex4}{5}))
+ip6 saddr 1234::1234:1234:1234:1234:1234;ok
+# v662 ((({hex4}:){2})(:{hex4}{4}))
+ip6 saddr 1234:1234::1234:1234:1234:1234;ok
+# v663 ((({hex4}:){3})(:{hex4}{3}))
+ip6 saddr 1234:1234:1234::1234:1234:1234;ok
+# v664 ((({hex4}:){4})(:{hex4}{2}))
+ip6 saddr 1234:1234:1234:1234::1234:1234;ok
+# v665 ((({hex4}:){5})(:{hex4}{1}))
+ip6 saddr 1234:1234:1234:1234:1234::1234;ok
+# v666 ((({hex4}:){6})(:))
+ip6 saddr 1234:1234:1234:1234:1234:1234::;ok
+# v66 ({v660}|{v661}|{v662}|{v663}|{v664}|{v665}|{v666})
+# v650 ((:)(:{hex4}{5}))
+ip6 saddr ::1234:1234:1234:1234:1234;ok
+# v651 ((({hex4}:){1})(:{hex4}{4}))
+ip6 saddr 1234::1234:1234:1234:1234;ok
+# v652 ((({hex4}:){2})(:{hex4}{3}))
+ip6 saddr 1234:1234::1234:1234:1234;ok
+# v653 ((({hex4}:){3})(:{hex4}{2}))
+ip6 saddr 1234:1234:1234::1234:1234;ok
+# v654 ((({hex4}:){4})(:{hex4}{1}))
+ip6 saddr 1234:1234:1234:1234::1234;ok
+# v655 ((({hex4}:){5})(:))
+ip6 saddr 1234:1234:1234:1234:1234::;ok
+# v65 ({v650}|{v651}|{v652}|{v653}|{v654}|{v655})
+# v640 ((:)(:{hex4}{4}))
+ip6 saddr ::1234:1234:1234:1234;ok
+# v641 ((({hex4}:){1})(:{hex4}{3}))
+ip6 saddr 1234::1234:1234:1234;ok
+# v642 ((({hex4}:){2})(:{hex4}{2}))
+ip6 saddr 1234:1234::1234:1234;ok
+# v643 ((({hex4}:){3})(:{hex4}{1}))
+ip6 saddr 1234:1234:1234::1234;ok
+# v644 ((({hex4}:){4})(:))
+ip6 saddr 1234:1234:1234:1234::;ok
+# v64 ({v640}|{v641}|{v642}|{v643}|{v644})
+# v630 ((:)(:{hex4}{3}))
+ip6 saddr ::1234:1234:1234;ok
+# v631 ((({hex4}:){1})(:{hex4}{2}))
+ip6 saddr 1234::1234:1234;ok
+# v632 ((({hex4}:){2})(:{hex4}{1}))
+ip6 saddr 1234:1234::1234;ok
+# v633 ((({hex4}:){3})(:))
+ip6 saddr 1234:1234:1234::;ok
+# v63 ({v630}|{v631}|{v632}|{v633})
+# v620 ((:)(:{hex4}{2}))
+ip6 saddr ::1234:1234;ok;ip6 saddr ::18.52.18.52
+# v621 ((({hex4}:){1})(:{hex4}{1}))
+ip6 saddr 1234::1234;ok
+# v622 ((({hex4}:){2})(:))
+ip6 saddr 1234:1234::;ok
+# v62 ({v620}|{v621}|{v622})
+# v610 ((:)(:{hex4}{1}))
+ip6 saddr ::1234;ok
+# v611 ((({hex4}:){1})(:))
+ip6 saddr 1234::;ok
+# v61 ({v610}|{v611})
+# v60 (::)
+ip6 saddr ::/64;ok
+
+- ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 };ok
+ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234;ok;ip6 daddr != 0:1234:1234:1234:1234:1234:1234:1234-1234:1234:0:1234:1234:1234:1234:1234
diff --git a/tests/py/ip6/ip6.t.payload.inet b/tests/py/ip6/ip6.t.payload.inet
new file mode 100644
index 00000000..b4fd2779
--- /dev/null
+++ b/tests/py/ip6/ip6.t.payload.inet
@@ -0,0 +1,461 @@
+# ip6 flowlabel 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00160000 ]
+
+# ip6 flowlabel != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ cmp neq reg 1 0x00e90000 ]
+
+# ip6 flowlabel { 33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 flowlabel { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 length 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+
+# ip6 length != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp neq reg 1 0x0000e900 ]
+
+# ip6 length 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# ip6 length != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp lt reg 1 0x00002100 ]
+ [ cmp gt reg 1 0x00002d00 ]
+
+# ip6 length { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log
+set%d test-inet 3
+set%d test-inet 0
+ element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+ [ log prefix (null) ]
+
+# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 nexthdr esp
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000032 ]
+
+# ip6 nexthdr != esp
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp neq reg 1 0x00000032 ]
+
+# ip6 nexthdr { 33-44}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 nexthdr 33-44
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002c ]
+
+# ip6 nexthdr != 33-44
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002c ]
+
+# ip6 hoplimit 1 log
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ log prefix (null) ]
+
+# ip6 hoplimit != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# ip6 hoplimit 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# ip6 hoplimit != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# ip6 hoplimit {33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 hoplimit {33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ]
+
+# ip6 saddr ::/64
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ]
+
+# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ]
+ [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
diff --git a/tests/py/ip6/ip6.t.payload.ip6 b/tests/py/ip6/ip6.t.payload.ip6
new file mode 100644
index 00000000..d355adae
--- /dev/null
+++ b/tests/py/ip6/ip6.t.payload.ip6
@@ -0,0 +1,339 @@
+# ip6 flowlabel 22
+ip6 test-ip6 input
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00160000 ]
+
+# ip6 flowlabel != 233
+ip6 test-ip6 input
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ cmp neq reg 1 0x00e90000 ]
+
+# ip6 flowlabel { 33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 flowlabel { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 length 22
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+
+# ip6 length != 233
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp neq reg 1 0x0000e900 ]
+
+# ip6 length 33-45
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# ip6 length != 33-45
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp lt reg 1 0x00002100 ]
+ [ cmp gt reg 1 0x00002d00 ]
+
+# ip6 length { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+ [ log prefix (null) ]
+
+# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 nexthdr esp
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000032 ]
+
+# ip6 nexthdr != esp
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp neq reg 1 0x00000032 ]
+
+# ip6 nexthdr { 33-44}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 nexthdr 33-44
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002c ]
+
+# ip6 nexthdr != 33-44
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002c ]
+
+# ip6 hoplimit 1 log
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ log prefix (null) ]
+
+# ip6 hoplimit != 233
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# ip6 hoplimit 33-45
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# ip6 hoplimit != 33-45
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# ip6 hoplimit {33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 hoplimit {33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ]
+
+# ip6 saddr ::/64
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ]
+
+# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ]
+ [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
diff --git a/tests/py/ip6/masquerade.t b/tests/py/ip6/masquerade.t
new file mode 100644
index 00000000..4e6c086c
--- /dev/null
+++ b/tests/py/ip6/masquerade.t
@@ -0,0 +1,25 @@
+*ip6;test-ip6
+:postrouting;type nat hook postrouting priority 0
+
+# nf_nat flags combination
+udp dport 53 masquerade;ok
+udp dport 53 masquerade random;ok
+udp dport 53 masquerade random,persistent;ok
+udp dport 53 masquerade random,persistent,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent
+udp dport 53 masquerade random,fully-random;ok
+udp dport 53 masquerade random,fully-random,persistent;ok
+udp dport 53 masquerade persistent;ok
+udp dport 53 masquerade persistent,random;ok;udp dport 53 masquerade random,persistent
+udp dport 53 masquerade persistent,random,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent
+udp dport 53 masquerade persistent,fully-random;ok;udp dport 53 masquerade fully-random,persistent
+udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerade random,fully-random,persistent
+
+# masquerade is a terminal statement
+tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail
+tcp sport 22 masquerade accept;fail
+ip6 saddr ::1 masquerade drop;fail
+
+# masquerade with sets
+tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade;ok
+ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade;ok
+iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade;ok
diff --git a/tests/py/ip6/masquerade.t.payload.ip6 b/tests/py/ip6/masquerade.t.payload.ip6
new file mode 100644
index 00000000..2e8bf959
--- /dev/null
+++ b/tests/py/ip6/masquerade.t.payload.ip6
@@ -0,0 +1,127 @@
+# udp dport 53 masquerade
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq ]
+
+# udp dport 53 masquerade random
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x4 ]
+
+# udp dport 53 masquerade random,persistent
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0xc ]
+
+# udp dport 53 masquerade random,persistent,fully-random
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x1c ]
+
+# udp dport 53 masquerade random,fully-random
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x14 ]
+
+# udp dport 53 masquerade random,fully-random,persistent
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x1c ]
+
+# udp dport 53 masquerade persistent
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x8 ]
+
+# udp dport 53 masquerade persistent,random
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0xc ]
+
+# udp dport 53 masquerade persistent,random,fully-random
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x1c ]
+
+# udp dport 53 masquerade persistent,fully-random
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x18 ]
+
+# udp dport 53 masquerade persistent,fully-random,random
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x1c ]
+
+# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end]
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+ [ masq ]
+
+# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade
+ip6 test-ip6 postrouting
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ]
+ [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ counter pkts 0 bytes 0 ]
+ [ masq ]
+
+# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00001600 : 0 [end] element 0000de00 : 0 [end]
+ip6 test-ip6 postrouting
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
+ [ ct load state => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+ [ masq ]
+
diff --git a/tests/py/ip6/mh.t b/tests/py/ip6/mh.t
new file mode 100644
index 00000000..cd652b39
--- /dev/null
+++ b/tests/py/ip6/mh.t
@@ -0,0 +1,49 @@
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+mh nexthdr 1;ok
+mh nexthdr != 1;ok
+mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp };ok;mh nexthdr { 58, 17, 108, 6, 51, 136, 50, 132, 33}
+- mh nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok
+mh nexthdr icmp;ok;mh nexthdr 1
+mh nexthdr != icmp;ok;mh nexthdr != 1
+mh nexthdr 22;ok
+mh nexthdr != 233;ok
+mh nexthdr 33-45;ok
+mh nexthdr != 33-45;ok
+mh nexthdr { 33, 55, 67, 88 };ok
+- mh nexthdr != { 33, 55, 67, 88 };ok
+mh nexthdr { 33-55 };ok
+- mh nexthdr != { 33-55 };ok
+
+mh hdrlength 22;ok
+mh hdrlength != 233;ok
+mh hdrlength 33-45;ok
+mh hdrlength != 33-45;ok
+mh hdrlength { 33, 55, 67, 88 };ok
+- mh hdrlength != { 33, 55, 67, 88 };ok
+mh hdrlength { 33-55 };ok
+- mh hdrlength != { 33-55 };ok
+
+mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message};ok
+mh type home-agent-switch-message;ok
+mh type != home-agent-switch-message;ok
+
+mh reserved 22;ok
+mh reserved != 233;ok
+mh reserved 33-45;ok
+mh reserved != 33-45;ok
+mh reserved { 33, 55, 67, 88};ok
+- mh reserved != {33, 55, 67, 88};ok
+mh reserved { 33-55};ok
+- mh reserved != { 33-55};ok
+
+mh checksum 22;ok
+mh checksum != 233;ok
+mh checksum 33-45;ok
+mh checksum != 33-45;ok
+mh checksum { 33, 55, 67, 88};ok
+- mh checksum != { 33, 55, 67, 88};ok
+mh checksum { 33-55};ok
+- mh checksum != { 33-55};ok
diff --git a/tests/py/ip6/mh.t.payload.inet b/tests/py/ip6/mh.t.payload.inet
new file mode 100644
index 00000000..53a0ce08
--- /dev/null
+++ b/tests/py/ip6/mh.t.payload.inet
@@ -0,0 +1,198 @@
+# mh nexthdr 1
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# mh nexthdr != 1
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp }
+set%d test-inet 3
+set%d test-inet 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh nexthdr icmp
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# mh nexthdr != icmp
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# mh nexthdr 22
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh nexthdr != 233
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh nexthdr 33-45
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh nexthdr != 33-45
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# mh nexthdr { 33, 55, 67, 88 }
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh nexthdr { 33-55 }
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh hdrlength 22
+inet test-inet input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh hdrlength != 233
+inet test-inet input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh hdrlength 33-45
+inet test-inet input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh hdrlength != 33-45
+inet test-inet input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# mh hdrlength { 33, 55, 67, 88 }
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh hdrlength { 33-55 }
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 135 + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh type home-agent-switch-message
+inet test-inet input
+ [ exthdr load 1b @ 135 + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000000c ]
+
+# mh type != home-agent-switch-message
+inet test-inet input
+ [ exthdr load 1b @ 135 + 2 => reg 1 ]
+ [ cmp neq reg 1 0x0000000c ]
+
+# mh reserved 22
+inet test-inet input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh reserved != 233
+inet test-inet input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh reserved 33-45
+inet test-inet input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh reserved != 33-45
+inet test-inet input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# mh reserved { 33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh reserved { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh checksum 22
+inet test-inet input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+
+# mh checksum != 233
+inet test-inet input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ cmp neq reg 1 0x0000e900 ]
+
+# mh checksum 33-45
+inet test-inet input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# mh checksum != 33-45
+inet test-inet input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ cmp lt reg 1 0x00002100 ]
+ [ cmp gt reg 1 0x00002d00 ]
+
+# mh checksum { 33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+inet test-inet input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh checksum { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end]
+inet test-inet input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
diff --git a/tests/py/ip6/mh.t.payload.ip6 b/tests/py/ip6/mh.t.payload.ip6
new file mode 100644
index 00000000..e903b74f
--- /dev/null
+++ b/tests/py/ip6/mh.t.payload.ip6
@@ -0,0 +1,198 @@
+# mh nexthdr 1
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# mh nexthdr != 1
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp }
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh nexthdr icmp
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# mh nexthdr != icmp
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# mh nexthdr 22
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh nexthdr != 233
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh nexthdr 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh nexthdr != 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# mh nexthdr { 33, 55, 67, 88 }
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh nexthdr { 33-55 }
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh hdrlength 22
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh hdrlength != 233
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh hdrlength 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh hdrlength != 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# mh hdrlength { 33, 55, 67, 88 }
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh hdrlength { 33-55 }
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh type home-agent-switch-message
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000000c ]
+
+# mh type != home-agent-switch-message
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 2 => reg 1 ]
+ [ cmp neq reg 1 0x0000000c ]
+
+# mh reserved 22
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh reserved != 233
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh reserved 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh reserved != 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# mh reserved { 33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh reserved { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 135 + 3 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh checksum 22
+ip6 test-ip6 input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+
+# mh checksum != 233
+ip6 test-ip6 input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ cmp neq reg 1 0x0000e900 ]
+
+# mh checksum 33-45
+ip6 test-ip6 input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# mh checksum != 33-45
+ip6 test-ip6 input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ cmp lt reg 1 0x00002100 ]
+ [ cmp gt reg 1 0x00002d00 ]
+
+# mh checksum { 33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# mh checksum { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 2b @ 135 + 4 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
diff --git a/tests/py/ip6/redirect.t b/tests/py/ip6/redirect.t
new file mode 100644
index 00000000..31ffe8c9
--- /dev/null
+++ b/tests/py/ip6/redirect.t
@@ -0,0 +1,44 @@
+*ip6;test-ip6
+:output;type nat hook output priority 0
+
+# with no arguments
+redirect;ok
+udp dport 954 redirect;ok
+ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect;ok
+
+# nf_nat flags combination
+udp dport 53 redirect random;ok
+udp dport 53 redirect random,persistent;ok
+udp dport 53 redirect random,persistent,fully-random;ok;udp dport 53 redirect random,fully-random,persistent
+udp dport 53 redirect random,fully-random;ok
+udp dport 53 redirect random,fully-random,persistent;ok
+udp dport 53 redirect persistent;ok
+udp dport 53 redirect persistent,random;ok;udp dport 53 redirect random,persistent
+udp dport 53 redirect persistent,random,fully-random;ok;udp dport 53 redirect random,fully-random,persistent
+udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-random,persistent
+udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent
+
+# port specification
+udp dport 1234 redirect to 1234;ok
+ip6 daddr fe00::cafe udp dport 9998 redirect to 6515;ok
+tcp dport 39128 redirect to 993;ok
+redirect to 1234;fail
+redirect to 12341111;fail
+
+# both port and nf_nat flags
+tcp dport 9128 redirect to 993 random;ok
+tcp dport 9128 redirect to 993 fully-random,persistent;ok
+
+# nf_nat flags are the last argument
+tcp dport 9128 redirect persistent to 123;fail
+tcp dport 9128 redirect random,persistent to 123;fail
+
+# redirect is a terminal statement
+tcp dport 22 redirect counter packets 0 bytes 0 accept;fail
+tcp sport 22 redirect accept;fail
+ip6 saddr ::1 redirect drop;fail
+
+# redirect with sets
+tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok
+ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect;ok
+iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok
diff --git a/tests/py/ip6/redirect.t.payload.ip6 b/tests/py/ip6/redirect.t.payload.ip6
new file mode 100644
index 00000000..3369a7a3
--- /dev/null
+++ b/tests/py/ip6/redirect.t.payload.ip6
@@ -0,0 +1,185 @@
+# redirect
+ip6 test-ip6 output
+ [ redir ]
+
+# udp dport 954 redirect
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000ba03 ]
+ [ redir ]
+
+# ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect
+ip6 test-ip6 output
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ]
+ [ counter pkts 0 bytes 0 ]
+ [ redir ]
+
+# udp dport 53 redirect random
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x4 ]
+
+# udp dport 53 redirect random,persistent
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0xc ]
+
+# udp dport 53 redirect random,persistent,fully-random
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x1c ]
+
+# udp dport 53 redirect random,fully-random
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x14 ]
+
+# udp dport 53 redirect random,fully-random,persistent
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x1c ]
+
+# udp dport 53 redirect persistent
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x8 ]
+
+# udp dport 53 redirect persistent,random
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0xc ]
+
+# udp dport 53 redirect persistent,random,fully-random
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x1c ]
+
+# udp dport 53 redirect persistent,fully-random
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x18 ]
+
+# udp dport 53 redirect persistent,fully-random,random
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x1c ]
+
+# udp dport 1234 redirect to 1234
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000d204 ]
+ [ immediate reg 1 0x0000d204 ]
+ [ redir proto_min reg 1 ]
+
+# ip6 daddr fe00::cafe udp dport 9998 redirect to 6515
+ip6 test-ip6 output
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00000e27 ]
+ [ immediate reg 1 0x00007319 ]
+ [ redir proto_min reg 1 ]
+
+# tcp dport 39128 redirect to 993
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000d898 ]
+ [ immediate reg 1 0x0000e103 ]
+ [ redir proto_min reg 1 ]
+
+# tcp dport 9128 redirect to 993 random
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000a823 ]
+ [ immediate reg 1 0x0000e103 ]
+ [ redir proto_min reg 1 flags 0x4 ]
+
+# tcp dport 9128 redirect to 993 fully-random,persistent
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000a823 ]
+ [ immediate reg 1 0x0000e103 ]
+ [ redir proto_min reg 1 flags 0x18 ]
+
+# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end]
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+ [ redir ]
+
+# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect
+ip6 test-ip6 output
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ]
+ [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ counter pkts 0 bytes 0 ]
+ [ redir ]
+
+# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00001600 : 0 [end] element 0000de00 : 0 [end]
+ip6 test-ip6 output
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
+ [ ct load state => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+ [ redir ]
+
diff --git a/tests/py/ip6/reject.t b/tests/py/ip6/reject.t
new file mode 100644
index 00000000..60dec90e
--- /dev/null
+++ b/tests/py/ip6/reject.t
@@ -0,0 +1,12 @@
+*ip6;test-ip6
+:output;type filter hook output priority 0
+
+reject;ok
+reject with icmpv6 type no-route;ok
+reject with icmpv6 type admin-prohibited;ok
+reject with icmpv6 type addr-unreachable;ok
+reject with icmpv6 type port-unreachable;ok;reject
+reject with tcp reset;ok;ip6 nexthdr 6 reject with tcp reset
+
+reject with icmpv6 type host-unreachable;fail
+reject with icmp type host-unreachable;fail
diff --git a/tests/py/ip6/reject.t.payload.ip6 b/tests/py/ip6/reject.t.payload.ip6
new file mode 100644
index 00000000..aa0b9ff2
--- /dev/null
+++ b/tests/py/ip6/reject.t.payload.ip6
@@ -0,0 +1,26 @@
+# reject
+ip6 test-ip6 output
+ [ reject type 0 code 4 ]
+
+# reject with icmpv6 type no-route
+ip6 test-ip6 output
+ [ reject type 0 code 0 ]
+
+# reject with icmpv6 type admin-prohibited
+ip6 test-ip6 output
+ [ reject type 0 code 1 ]
+
+# reject with icmpv6 type addr-unreachable
+ip6 test-ip6 output
+ [ reject type 0 code 3 ]
+
+# reject with icmpv6 type port-unreachable
+ip6 test-ip6 output
+ [ reject type 0 code 4 ]
+
+# reject with tcp reset
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ reject type 1 code 0 ]
+
diff --git a/tests/py/ip6/rt.t b/tests/py/ip6/rt.t
new file mode 100644
index 00000000..eca47ca8
--- /dev/null
+++ b/tests/py/ip6/rt.t
@@ -0,0 +1,45 @@
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+rt nexthdr 1;ok
+rt nexthdr != 1;ok
+rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;rt nexthdr { 33, 136, 50, 132, 51, 17, 108, 6, 58}
+- rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok
+rt nexthdr icmp;ok;rt nexthdr 1
+rt nexthdr != icmp;ok;rt nexthdr != 1
+rt nexthdr 22;ok
+rt nexthdr != 233;ok
+rt nexthdr 33-45;ok
+rt nexthdr != 33-45;ok
+rt nexthdr { 33, 55, 67, 88};ok
+- rt nexthdr != { 33, 55, 67, 88};ok
+rt nexthdr { 33-55};ok;rt nexthdr { 33-55}
+- rt nexthdr != { 33-55};ok
+
+rt hdrlength 22;ok
+rt hdrlength != 233;ok
+rt hdrlength 33-45;ok
+rt hdrlength != 33-45;ok
+rt hdrlength { 33, 55, 67, 88};ok
+- rt hdrlength != { 33, 55, 67, 88};ok
+rt hdrlength { 33-55};ok
+- rt hdrlength != { 33-55};ok
+
+rt type 22;ok
+rt type != 233;ok
+rt type 33-45;ok
+rt type != 33-45;ok
+rt type { 33, 55, 67, 88};ok
+- rt type != { 33, 55, 67, 88};ok
+rt type { 33-55};ok
+- rt type != { 33-55};ok
+
+rt seg-left 22;ok
+rt seg-left != 233;ok
+rt seg-left 33-45;ok
+rt seg-left != 33-45;ok
+rt seg-left { 33, 55, 67, 88};ok
+- rt seg-left != { 33, 55, 67, 88};ok
+rt seg-left { 33-55};ok
+- rt seg-left != { 33-55};ok
diff --git a/tests/py/ip6/rt.t.payload.inet b/tests/py/ip6/rt.t.payload.inet
new file mode 100644
index 00000000..9dc51b97
--- /dev/null
+++ b/tests/py/ip6/rt.t.payload.inet
@@ -0,0 +1,180 @@
+# rt nexthdr 1
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# rt nexthdr != 1
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt nexthdr icmp
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# rt nexthdr != icmp
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# rt nexthdr 22
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt nexthdr != 233
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt nexthdr 33-45
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt nexthdr != 33-45
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# rt nexthdr { 33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt nexthdr { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt hdrlength 22
+inet test-inet input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt hdrlength != 233
+inet test-inet input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt hdrlength 33-45
+inet test-inet input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt hdrlength != 33-45
+inet test-inet input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# rt hdrlength { 33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt hdrlength { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt type 22
+inet test-inet input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt type != 233
+inet test-inet input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt type 33-45
+inet test-inet input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt type != 33-45
+inet test-inet input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# rt type { 33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt type { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt seg-left 22
+inet test-inet input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt seg-left != 233
+inet test-inet input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt seg-left 33-45
+inet test-inet input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt seg-left != 33-45
+inet test-inet input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# rt seg-left { 33, 55, 67, 88}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt seg-left { 33-55}
+set%d test-inet 7
+set%d test-inet 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+inet test-inet input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
diff --git a/tests/py/ip6/rt.t.payload.ip6 b/tests/py/ip6/rt.t.payload.ip6
new file mode 100644
index 00000000..f766ec0a
--- /dev/null
+++ b/tests/py/ip6/rt.t.payload.ip6
@@ -0,0 +1,180 @@
+# rt nexthdr 1
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# rt nexthdr != 1
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt nexthdr icmp
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# rt nexthdr != icmp
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# rt nexthdr 22
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt nexthdr != 233
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt nexthdr 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt nexthdr != 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# rt nexthdr { 33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt nexthdr { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt hdrlength 22
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt hdrlength != 233
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt hdrlength 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt hdrlength != 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# rt hdrlength { 33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt hdrlength { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 1 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt type 22
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt type != 233
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt type 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt type != 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# rt type { 33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt type { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt seg-left 22
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt seg-left != 233
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt seg-left 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt seg-left != 33-45
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ cmp lt reg 1 0x00000021 ]
+ [ cmp gt reg 1 0x0000002d ]
+
+# rt seg-left { 33, 55, 67, 88}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
+# rt seg-left { 33-55}
+set%d test-ip6 7
+set%d test-ip6 0
+ element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
+ip6 test-ip6 input
+ [ exthdr load 1b @ 43 + 3 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+
diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t
new file mode 100644
index 00000000..4938929c
--- /dev/null
+++ b/tests/py/ip6/sets.t
@@ -0,0 +1,22 @@
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+!set_ipv6_add1 ipv6_addr;ok
+!set_inet1 inet_proto;ok
+!set_inet inet_service;ok
+!set_time time;ok
+
+?set2 192.168.3.4;fail
+!set2 ipv6_addr;ok
+?set2 1234:1234::1234:1234:1234:1234:1234;ok
+?set2 1234:1234::1234:1234:1234:1234:1234;fail
+?set2 1234::1234:1234:1234;ok
+?set2 1234:1234:1234:1234:1234::1234:1234 1234:1234::123;ok
+?set2 192.168.3.8 192.168.3.9;fail
+?set2 1234:1234::1234:1234:1234:1234;ok
+?set2 1234:1234::1234:1234:1234:1234;fail
+?set2 1234:1234:1234::1234;ok
+
+ip6 saddr @set2 drop;ok
+ip6 saddr @set33 drop;fail
diff --git a/tests/py/ip6/sets.t.payload b/tests/py/ip6/sets.t.payload
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tests/py/ip6/sets.t.payload
diff --git a/tests/py/ip6/sets.t.payload.inet b/tests/py/ip6/sets.t.payload.inet
new file mode 100644
index 00000000..27be86be
--- /dev/null
+++ b/tests/py/ip6/sets.t.payload.inet
@@ -0,0 +1,8 @@
+# ip6 saddr @set2 drop
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set set2 ]
+ [ immediate reg 0 drop ]
+
diff --git a/tests/py/ip6/sets.t.payload.ip6 b/tests/py/ip6/sets.t.payload.ip6
new file mode 100644
index 00000000..0e51fd3e
--- /dev/null
+++ b/tests/py/ip6/sets.t.payload.ip6
@@ -0,0 +1,6 @@
+# ip6 saddr @set2 drop
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set set2 ]
+ [ immediate reg 0 drop ]
+
diff --git a/tests/py/ip6/snat.t b/tests/py/ip6/snat.t
new file mode 100644
index 00000000..37bf1a1d
--- /dev/null
+++ b/tests/py/ip6/snat.t
@@ -0,0 +1,5 @@
+*ip6;test-ip6
+:postrouting;type nat hook postrouting priority 0
+
+tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::80-100
+tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100;ok
diff --git a/tests/py/ip6/snat.t.payload.ip6 b/tests/py/ip6/snat.t.payload.ip6
new file mode 100644
index 00000000..486bbb8b
--- /dev/null
+++ b/tests/py/ip6/snat.t.payload.ip6
@@ -0,0 +1,25 @@
+# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ]
+ [ immediate reg 3 0x00005000 ]
+ [ immediate reg 4 0x00006400 ]
+ [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ]
+
+# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100
+ip6 test-ip6 postrouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ]
+ [ immediate reg 3 0x00006400 ]
+ [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ]
+
diff --git a/tests/py/ip6/vmap.t b/tests/py/ip6/vmap.t
new file mode 100644
index 00000000..301a28ae
--- /dev/null
+++ b/tests/py/ip6/vmap.t
@@ -0,0 +1,54 @@
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+ip6 saddr vmap { abcd::3 : accept };ok
+ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234:1234;fail
+
+# Ipv6 address combinations
+# from src/scanner.l
+ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 0:1234:1234:1234:1234:1234:1234:1234 : accept}
+ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:0:1234:1234:1234:1234:1234:1234 : accept}
+ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:0:1234:1234:1234:1234:1234 : accept}
+ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:0:1234:1234:1234:1234 : accept}
+ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:0:1234:1234:1234 : accept}
+ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:0:1234:1234 : accept}
+ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:0:1234 : accept}
+ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:0 : accept}
+ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept};ok
+ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept};ok
+ip6 saddr vmap { ::1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234::1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234::1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234::1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234:: : accept};ok
+ip6 saddr vmap { ::1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234::1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234::1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:: : accept};ok
+ip6 saddr vmap { ::1234:1234 : accept};ok;ip6 saddr vmap { ::18.52.18.52 : accept}
+ip6 saddr vmap { 1234::1234 : accept};ok
+ip6 saddr vmap { 1234:1234:: : accept};ok
+ip6 saddr vmap { ::1234 : accept};ok
+ip6 saddr vmap { 1234:: : accept};ok
+ip6 saddr vmap { ::/64 : accept};ok
+
+ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::aaaa : drop}
+ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::bbbb : drop}
+ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::cccc : drop}
+ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::dddd: drop}
+
+# rule without comma:
+filter-input ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:bbbb:::accept::adda : drop};fail
diff --git a/tests/py/ip6/vmap.t.payload.inet b/tests/py/ip6/vmap.t.payload.inet
new file mode 100644
index 00000000..f0312bf3
--- /dev/null
+++ b/tests/py/ip6/vmap.t.payload.inet
@@ -0,0 +1,420 @@
+# ip6 saddr vmap { abcd::3 : accept }
+map%d test-inet b
+map%d test-inet 0
+ element 0000cdab 00000000 00000000 03000000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34120000 34123412 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00003412 34123412 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34120000 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 00003412 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 34120000 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 00003412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 34123412 34120000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 34123412 00003412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00000000 34123412 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00003412 34120000 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 00000000 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 00003412 34120000 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 00000000 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 00003412 34120000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 34123412 00000000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00000000 34120000 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00003412 00000000 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 00000000 34120000 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 00003412 00000000 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 00000000 34120000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 00003412 00000000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00000000 00000000 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00003412 00000000 34120000 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 00000000 00000000 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 00003412 00000000 34120000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:: : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 00000000 00000000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00000000 00000000 34120000 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00003412 00000000 00000000 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 00000000 00000000 34120000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:: : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 00003412 00000000 00000000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00000000 00000000 00000000 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00003412 00000000 00000000 34120000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:: : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 00000000 00000000 00000000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234 : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00000000 00000000 00000000 34120000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:: : accept}
+map%d test-inet b
+map%d test-inet 0
+ element 00003412 00000000 00000000 00000000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::/64 : accept}
+map%d test-inet f
+map%d test-inet 0
+ element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop}
+map%d test-inet b
+map%d test-inet 0
+ element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
diff --git a/tests/py/ip6/vmap.t.payload.ip6 b/tests/py/ip6/vmap.t.payload.ip6
new file mode 100644
index 00000000..0701b9b3
--- /dev/null
+++ b/tests/py/ip6/vmap.t.payload.ip6
@@ -0,0 +1,336 @@
+# ip6 saddr vmap { abcd::3 : accept }
+map%d test-ip6 b
+map%d test-ip6 0
+ element 0000cdab 00000000 00000000 03000000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34120000 34123412 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00003412 34123412 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34120000 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 00003412 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 34120000 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 00003412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 34123412 34120000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 34123412 00003412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00000000 34123412 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00003412 34120000 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 00000000 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 00003412 34120000 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 00000000 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 00003412 34120000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 34123412 00000000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00000000 34120000 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00003412 00000000 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 00000000 34120000 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 00003412 00000000 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 00000000 34120000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 00003412 00000000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00000000 00000000 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00003412 00000000 34120000 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 00000000 00000000 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 00003412 00000000 34120000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:: : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 00000000 00000000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00000000 00000000 34120000 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00003412 00000000 00000000 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 00000000 00000000 34120000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:: : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 00003412 00000000 00000000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00000000 00000000 00000000 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00003412 00000000 00000000 34120000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:: : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 00000000 00000000 00000000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234 : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00000000 00000000 00000000 34120000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:: : accept}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00003412 00000000 00000000 00000000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap { ::/64 : accept}
+map%d test-ip6 f
+map%d test-ip6 0
+ element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+