diff options
Diffstat (limited to 'tests/py/ip6')
39 files changed, 4151 insertions, 0 deletions
diff --git a/tests/py/ip6/chains.t b/tests/py/ip6/chains.t new file mode 100644 index 00000000..c1e41e47 --- /dev/null +++ b/tests/py/ip6/chains.t @@ -0,0 +1,17 @@ +*ip6;test-ip6 + +# filter chains available are: input, output, forward, forward, prerouting and postrouting. +:filter-input;type filter hook input priority 0 +:filter-prer;type filter hook prerouting priority 0 +:filter-forw-t;type filter hook forward priority 0 +:filter-out-t;type filter hook output priority 0 +:filter-post-t;type filter hook postrouting priority 0 + +# nat chains available are: input, output, forward, prerouting and postrouting. +:nat-input;type nat hook input priority 0 +:nat-prerouting;type nat hook prerouting priority 0 +:nat-output;type nat hook output priority 0 +:nat-postrou;type nat hook postrouting priority 0 + +# route chain available is output. +:route-out;type route hook output priority 0 diff --git a/tests/py/ip6/dnat.t b/tests/py/ip6/dnat.t new file mode 100644 index 00000000..83412258 --- /dev/null +++ b/tests/py/ip6/dnat.t @@ -0,0 +1,5 @@ +*ip6;test-ip6 +:prerouting;type nat hook prerouting priority 0 + +tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100;ok +tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok;tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::100 diff --git a/tests/py/ip6/dnat.t.payload.ip6 b/tests/py/ip6/dnat.t.payload.ip6 new file mode 100644 index 00000000..13c7a0e3 --- /dev/null +++ b/tests/py/ip6/dnat.t.payload.ip6 @@ -0,0 +1,25 @@ +# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100 +ip6 test-ip6 prerouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00005000 ] + [ immediate reg 4 0x00006400 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] + +# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100 +ip6 test-ip6 prerouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00006400 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] + diff --git a/tests/py/ip6/dst.t b/tests/py/ip6/dst.t new file mode 100644 index 00000000..3207af76 --- /dev/null +++ b/tests/py/ip6/dst.t @@ -0,0 +1,25 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +dst nexthdr 22;ok +dst nexthdr != 233;ok +dst nexthdr 33-45;ok +dst nexthdr != 33-45;ok +dst nexthdr { 33, 55, 67, 88};ok +- dst nexthdr != { 33, 55, 67, 88};ok +dst nexthdr { 33-55};ok +- dst nexthdr != { 33-55};ok +dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;dst nexthdr { 51, 50, 17, 136, 58, 6, 33, 132, 108} +- dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok +dst nexthdr icmp;ok;dst nexthdr 1 +dst nexthdr != icmp;ok;dst nexthdr != 1 + +dst hdrlength 22;ok +dst hdrlength != 233;ok +dst hdrlength 33-45;ok +dst hdrlength != 33-45;ok +dst hdrlength { 33, 55, 67, 88};ok +- dst hdrlength != { 33, 55, 67, 88};ok +dst hdrlength { 33-55};ok +- dst hdrlength != { 33-55};ok diff --git a/tests/py/ip6/dst.t.payload.inet b/tests/py/ip6/dst.t.payload.inet new file mode 100644 index 00000000..7a219f41 --- /dev/null +++ b/tests/py/ip6/dst.t.payload.inet @@ -0,0 +1,94 @@ +# dst nexthdr 22 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst nexthdr != 233 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst nexthdr 33-45 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst nexthdr != 33-45 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst nexthdr { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-inet 3 +set%d test-inet 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr icmp +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# dst nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# dst hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst hdrlength { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/dst.t.payload.ip6 b/tests/py/ip6/dst.t.payload.ip6 new file mode 100644 index 00000000..3c778f93 --- /dev/null +++ b/tests/py/ip6/dst.t.payload.ip6 @@ -0,0 +1,95 @@ +# dst nexthdr 22 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst nexthdr != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst nexthdr 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst nexthdr != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst nexthdr { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr icmp +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# dst nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# dst hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst hdrlength { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + + diff --git a/tests/py/ip6/dup.t b/tests/py/ip6/dup.t new file mode 100644 index 00000000..34f302f2 --- /dev/null +++ b/tests/py/ip6/dup.t @@ -0,0 +1,6 @@ +*ip6;test-ip6 +:input;type filter hook input priority 0 + +dup to abcd::1;ok +dup to abcd::1 device eth0;ok +dup to ip6 saddr map { abcd::1 : cafe::cafe } device eth0;ok diff --git a/tests/py/ip6/dup.t.payload b/tests/py/ip6/dup.t.payload new file mode 100644 index 00000000..1df414cd --- /dev/null +++ b/tests/py/ip6/dup.t.payload @@ -0,0 +1,21 @@ +# dup to abcd::1 +ip6 test test + [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ] + [ dup sreg_addr 1 ] + +# dup to abcd::1 device eth0 +ip6 test test + [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ] + [ immediate reg 2 0x00000002 ] + [ dup sreg_addr 1 sreg_dev 2 ] + +# dup to ip6 saddr map { abcd::1 : cafe::cafe } device eth0 +map%d test-ip6 b +map%d test-ip6 0 + element 0000cdab 00000000 00000000 01000000 : 0000feca 00000000 00000000 feca0000 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 1 ] + [ immediate reg 2 0x00000002 ] + [ dup sreg_addr 1 sreg_dev 2 ] + diff --git a/tests/py/ip6/ether.t b/tests/py/ip6/ether.t new file mode 100644 index 00000000..98be273f --- /dev/null +++ b/tests/py/ip6/ether.t @@ -0,0 +1,8 @@ +*ip6;test-ip6 + +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 accept +tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 +tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2;ok +ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept;ok diff --git a/tests/py/ip6/ether.t.payload b/tests/py/ip6/ether.t.payload new file mode 100644 index 00000000..c7342cc0 --- /dev/null +++ b/tests/py/ip6/ether.t.payload @@ -0,0 +1,49 @@ +# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + +# ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept +ip6 test-ip6 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + [ immediate reg 0 accept ] diff --git a/tests/py/ip6/hbh.t b/tests/py/ip6/hbh.t new file mode 100644 index 00000000..4e67c42a --- /dev/null +++ b/tests/py/ip6/hbh.t @@ -0,0 +1,25 @@ +*ip6;test-ip6 +*inet;test-inet +:filter-input;type filter hook input priority 0 + +hbh hdrlength 22;ok +hbh hdrlength != 233;ok +hbh hdrlength 33-45;ok +hbh hdrlength != 33-45;ok +hbh hdrlength {33, 55, 67, 88};ok +- hbh hdrlength != {33, 55, 67, 88};ok +hbh hdrlength { 33-55};ok +- hbh hdrlength != {33-55};ok + +hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;hbh nexthdr { 58, 136, 51, 50, 6, 17, 132, 33, 108} +- hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok +hbh nexthdr 22;ok +hbh nexthdr != 233;ok +hbh nexthdr 33-45;ok +hbh nexthdr != 33-45;ok +hbh nexthdr {33, 55, 67, 88};ok +- hbh nexthdr != {33, 55, 67, 88};ok +hbh nexthdr { 33-55};ok +- hbh nexthdr != {33-55};ok +hbh nexthdr ip;ok;hbh nexthdr 0 +hbh nexthdr != ip;ok;hbh nexthdr != 0 diff --git a/tests/py/ip6/hbh.t.payload.inet b/tests/py/ip6/hbh.t.payload.inet new file mode 100644 index 00000000..2b4c9c77 --- /dev/null +++ b/tests/py/ip6/hbh.t.payload.inet @@ -0,0 +1,94 @@ +# hbh hdrlength 22 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh hdrlength != 233 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh hdrlength 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh hdrlength != 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh hdrlength {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh hdrlength { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-inet 3 +set%d test-inet 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr 22 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh nexthdr != 233 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh nexthdr 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh nexthdr != 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh nexthdr {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr ip +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# hbh nexthdr != ip +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + diff --git a/tests/py/ip6/hbh.t.payload.ip6 b/tests/py/ip6/hbh.t.payload.ip6 new file mode 100644 index 00000000..a201ef56 --- /dev/null +++ b/tests/py/ip6/hbh.t.payload.ip6 @@ -0,0 +1,94 @@ +# hbh hdrlength 22 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh hdrlength != 233 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh hdrlength 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh hdrlength != 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh hdrlength {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr 22 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh nexthdr != 233 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh nexthdr 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh nexthdr != 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh nexthdr {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr ip +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# hbh nexthdr != ip +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + diff --git a/tests/py/ip6/icmpv6.t b/tests/py/ip6/icmpv6.t new file mode 100644 index 00000000..fca903f6 --- /dev/null +++ b/tests/py/ip6/icmpv6.t @@ -0,0 +1,96 @@ +*ip6;test-ip6 +# BUG: There is a bug with icmpv6 and inet tables +# *inet;test-inet +:input;type filter hook input priority 0 + +icmpv6 type destination-unreachable accept;ok +icmpv6 type packet-too-big accept;ok +icmpv6 type time-exceeded accept;ok +icmpv6 type echo-request accept;ok +icmpv6 type echo-reply accept;ok +icmpv6 type mld-listener-query accept;ok +icmpv6 type mld-listener-report accept;ok +icmpv6 type mld-listener-reduction accept;ok +icmpv6 type nd-router-solicit accept;ok +icmpv6 type nd-router-advert accept;ok +icmpv6 type nd-neighbor-solicit accept;ok +icmpv6 type nd-neighbor-advert accept;ok +icmpv6 type nd-redirect accept;ok +icmpv6 type router-renumbering accept;ok +icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept;ok +icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept;ok +icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept;ok +- icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept;ok + +icmpv6 code 4;ok +icmpv6 code 3-66;ok +icmpv6 code {5, 6, 7} accept;ok +- icmpv6 code != {3, 66, 34};ok +icmpv6 code { 3-66};ok +- icmpv6 code != { 3-44};ok + +icmpv6 checksum 2222 log;ok +icmpv6 checksum != 2222 log;ok +icmpv6 checksum 222-226;ok +icmpv6 checksum != 2222 log;ok +icmpv6 checksum { 222, 226};ok +- icmpv6 checksum != { 222, 226};ok +icmpv6 checksum { 222-226};ok +- icmpv6 checksum != { 222-226};ok + +# BUG: icmpv6 parameter-problem, pptr, mtu, packet-too-big +# [ICMP6HDR_PPTR] = ICMP6HDR_FIELD("parameter-problem", icmp6_pptr), +# [ICMP6HDR_MTU] = ICMP6HDR_FIELD("packet-too-big", icmp6_mtu), +# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 35 +# <cmdline>:1:53-53: Error: syntax error, unexpected end of file +# add rule ip6 test6 input icmpv6 parameter-problem 35 +# ^ +# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem +# <cmdline>:1:26-31: Error: Value 58 exceeds valid range 0-0 +# add rule ip6 test6 input icmpv6 parameter-problem +# ^^^^^^ +# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 2-4 +# <cmdline>:1:54-54: Error: syntax error, unexpected end of file +# add rule ip6 test6 input icmpv6 parameter-problem 2-4 + +# BUG: packet-too-big +# $ sudo nft add rule ip6 test6 input icmpv6 packet-too-big 34 +# <cmdline>:1:50-50: Error: syntax error, unexpected end of file +# add rule ip6 test6 input icmpv6 packet-too-big 34 + +icmpv6 mtu 22;ok +icmpv6 mtu != 233;ok +icmpv6 mtu 33-45;ok +icmpv6 mtu != 33-45;ok +icmpv6 mtu {33, 55, 67, 88};ok +- icmpv6 mtu != {33, 55, 67, 88};ok +icmpv6 mtu {33-55};ok +- icmpv6 mtu != {33-55};ok + +- icmpv6 id 2;ok +- icmpv6 id != 233;ok +icmpv6 id 33-45;ok +icmpv6 id != 33-45;ok +icmpv6 id {33, 55, 67, 88};ok +- icmpv6 id != {33, 55, 67, 88};ok +icmpv6 id {33-55};ok +- icmpv6 id != {33-55};ok + +icmpv6 sequence 2;ok +icmpv6 sequence {3, 4, 5, 6, 7} accept;ok + +icmpv6 sequence {2, 4};ok +- icmpv6 sequence != {2, 4};ok +icmpv6 sequence 2-4;ok +icmpv6 sequence != 2-4;ok +icmpv6 sequence { 2-4};ok +- icmpv6 sequence != {2-4};ok + +- icmpv6 max-delay 22;ok +- icmpv6 max-delay != 233;ok +icmpv6 max-delay 33-45;ok +icmpv6 max-delay != 33-45;ok +icmpv6 max-delay {33, 55, 67, 88};ok +- icmpv6 max-delay != {33, 55, 67, 88};ok +icmpv6 max-delay {33-55};ok +- icmpv6 max-delay != {33-55};ok diff --git a/tests/py/ip6/icmpv6.t.payload.ip6 b/tests/py/ip6/icmpv6.t.payload.ip6 new file mode 100644 index 00000000..55af9d8d --- /dev/null +++ b/tests/py/ip6/icmpv6.t.payload.ip6 @@ -0,0 +1,409 @@ +# icmpv6 type destination-unreachable accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + +# icmpv6 type packet-too-big accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# icmpv6 type time-exceeded accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] + [ immediate reg 0 accept ] + +# icmpv6 type echo-request accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000080 ] + [ immediate reg 0 accept ] + +# icmpv6 type echo-reply accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ immediate reg 0 accept ] + +# icmpv6 type mld-listener-query accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000082 ] + [ immediate reg 0 accept ] + +# icmpv6 type mld-listener-report accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000083 ] + [ immediate reg 0 accept ] + +# icmpv6 type mld-listener-reduction accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-router-solicit accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000085 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-router-advert accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000086 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-neighbor-solicit accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000087 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-neighbor-advert accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-redirect accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000089 ] + [ immediate reg 0 accept ] + +# icmpv6 type router-renumbering accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000008a ] + [ immediate reg 0 accept ] + +# icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000001 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 0000008a : 0 [end] element 00000084 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000082 : 0 [end] element 00000003 : 0 [end] element 00000086 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 code 4 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + +# icmpv6 code 3-66 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000003 ] + [ cmp lte reg 1 0x00000042 ] + +# icmpv6 code {5, 6, 7} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 code { 3-66} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000003 : 0 [end] element 00000043 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 checksum 2222 log +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000ae08 ] + [ log prefix (null) ] + +# icmpv6 checksum != 2222 log +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000ae08 ] + [ log prefix (null) ] + +# icmpv6 checksum 222-226 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x0000de00 ] + [ cmp lte reg 1 0x0000e200 ] + +# icmpv6 checksum != 2222 log +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000ae08 ] + [ log prefix (null) ] + +# icmpv6 checksum { 222, 226} +set%d test-ip6 3 +set%d test-ip6 0 + element 0000de00 : 0 [end] element 0000e200 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 checksum { 222-226} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 0000de00 : 0 [end] element 0000e300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 mtu 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# icmpv6 mtu != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# icmpv6 mtu 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# icmpv6 mtu != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# icmpv6 mtu {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 mtu {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 id 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmpv6 id != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmpv6 id {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 id {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 sequence 2 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000200 ] + +# icmpv6 sequence {3, 4, 5, 6, 7} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 sequence {2, 4} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000200 : 0 [end] element 00000400 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 sequence 2-4 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00000200 ] + [ cmp lte reg 1 0x00000400 ] + +# icmpv6 sequence != 2-4 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00000200 ] + [ cmp gt reg 1 0x00000400 ] + +# icmpv6 sequence { 2-4} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000200 : 0 [end] element 00000500 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 max-delay 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmpv6 max-delay != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmpv6 max-delay {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 max-delay {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/ip6.t b/tests/py/ip6/ip6.t new file mode 100644 index 00000000..d4c5c7e3 --- /dev/null +++ b/tests/py/ip6/ip6.t @@ -0,0 +1,143 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +# BUG: Problem with version, priority +# <cmdline>:1:1-38: Error: Could not process rule: Invalid argument +# add rule ip6 test6 input ip6 version 1 +# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- ip6 version 6;ok +- ip6 priority 3;ok + +# $ sudo nft add rule ip6 test6 input ip6 priority 33 +# <cmdline>:1:39-40: Error: Value 33 exceeds valid range 0-15 +# $ sudo nft add rule ip6 test6 input ip6 priority 3 +# <cmdline>:1:1-39: Error: Could not process rule: Invalid argument +# add rule ip6 test6 input ip6 priority 3 +#^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +ip6 flowlabel 22;ok +ip6 flowlabel != 233;ok +- ip6 flowlabel 33-45;ok +- ip6 flowlabel != 33-45;ok +ip6 flowlabel { 33, 55, 67, 88};ok +# BUG ip6 flowlabel { 5046528, 2883584, 13522432 } +- ip6 flowlabel != { 33, 55, 67, 88};ok +ip6 flowlabel { 33-55};ok +- ip6 flowlabel != { 33-55};ok + +ip6 length 22;ok +ip6 length != 233;ok +ip6 length 33-45;ok +ip6 length != 33-45;ok +- ip6 length { 33, 55, 67, 88};ok +- ip6 length != {33, 55, 67, 88};ok +ip6 length { 33-55};ok +- ip6 length != { 33-55};ok + +ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log;ok;ip6 nexthdr { 132, 51, 108, 136, 17, 33, 6} log +ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;ip6 nexthdr { 6, 136, 108, 33, 50, 17, 132, 58, 51} +- ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok +ip6 nexthdr esp;ok;ip6 nexthdr 50 +ip6 nexthdr != esp;ok;ip6 nexthdr != 50 +ip6 nexthdr { 33-44};ok +- p6 nexthdr != { 33-44};ok +ip6 nexthdr 33-44;ok +ip6 nexthdr != 33-44;ok + +ip6 hoplimit 1 log;ok +ip6 hoplimit != 233;ok +ip6 hoplimit 33-45;ok +ip6 hoplimit != 33-45;ok +ip6 hoplimit {33, 55, 67, 88};ok +- ip6 hoplimit != {33, 55, 67, 88};ok +ip6 hoplimit {33-55};ok +- ip6 hoplimit != {33-55};ok + +# from src/scanner.l +# v680 (({hex4}:){7}{hex4}) +ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234;ok +# v670 ((:)(:{hex4}{7})) +ip6 saddr ::1234:1234:1234:1234:1234:1234:1234;ok;ip6 saddr 0:1234:1234:1234:1234:1234:1234:1234 +# v671 ((({hex4}:){1})(:{hex4}{6})) +ip6 saddr 1234::1234:1234:1234:1234:1234:1234;ok;ip6 saddr 1234:0:1234:1234:1234:1234:1234:1234 +# v672 ((({hex4}:){2})(:{hex4}{5})) +ip6 saddr 1234:1234::1234:1234:1234:1234:1234;ok;ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 +ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234;ok +# v673 ((({hex4}:){3})(:{hex4}{4})) +ip6 saddr 1234:1234:1234::1234:1234:1234:1234;ok;ip6 saddr 1234:1234:1234:0:1234:1234:1234:1234 +# v674 ((({hex4}:){4})(:{hex4}{3})) +ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234;ok +# v675 ((({hex4}:){5})(:{hex4}{2})) +ip6 saddr 1234:1234:1234:1234:1234::1234:1234;ok;ip6 saddr 1234:1234:1234:1234:1234:0:1234:1234 +# v676 ((({hex4}:){6})(:{hex4}{1})) +ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234;ok +# v677 ((({hex4}:){7})(:)) +ip6 saddr 1234:1234:1234:1234:1234:1234:1234::;ok;ip6 saddr 1234:1234:1234:1234:1234:1234:1234:0 +# v67 ({v670}|{v671}|{v672}|{v673}|{v674}|{v675}|{v676}|{v677}) +# v660 ((:)(:{hex4}{6})) +ip6 saddr ::1234:1234:1234:1234:1234:1234;ok +# v661 ((({hex4}:){1})(:{hex4}{5})) +ip6 saddr 1234::1234:1234:1234:1234:1234;ok +# v662 ((({hex4}:){2})(:{hex4}{4})) +ip6 saddr 1234:1234::1234:1234:1234:1234;ok +# v663 ((({hex4}:){3})(:{hex4}{3})) +ip6 saddr 1234:1234:1234::1234:1234:1234;ok +# v664 ((({hex4}:){4})(:{hex4}{2})) +ip6 saddr 1234:1234:1234:1234::1234:1234;ok +# v665 ((({hex4}:){5})(:{hex4}{1})) +ip6 saddr 1234:1234:1234:1234:1234::1234;ok +# v666 ((({hex4}:){6})(:)) +ip6 saddr 1234:1234:1234:1234:1234:1234::;ok +# v66 ({v660}|{v661}|{v662}|{v663}|{v664}|{v665}|{v666}) +# v650 ((:)(:{hex4}{5})) +ip6 saddr ::1234:1234:1234:1234:1234;ok +# v651 ((({hex4}:){1})(:{hex4}{4})) +ip6 saddr 1234::1234:1234:1234:1234;ok +# v652 ((({hex4}:){2})(:{hex4}{3})) +ip6 saddr 1234:1234::1234:1234:1234;ok +# v653 ((({hex4}:){3})(:{hex4}{2})) +ip6 saddr 1234:1234:1234::1234:1234;ok +# v654 ((({hex4}:){4})(:{hex4}{1})) +ip6 saddr 1234:1234:1234:1234::1234;ok +# v655 ((({hex4}:){5})(:)) +ip6 saddr 1234:1234:1234:1234:1234::;ok +# v65 ({v650}|{v651}|{v652}|{v653}|{v654}|{v655}) +# v640 ((:)(:{hex4}{4})) +ip6 saddr ::1234:1234:1234:1234;ok +# v641 ((({hex4}:){1})(:{hex4}{3})) +ip6 saddr 1234::1234:1234:1234;ok +# v642 ((({hex4}:){2})(:{hex4}{2})) +ip6 saddr 1234:1234::1234:1234;ok +# v643 ((({hex4}:){3})(:{hex4}{1})) +ip6 saddr 1234:1234:1234::1234;ok +# v644 ((({hex4}:){4})(:)) +ip6 saddr 1234:1234:1234:1234::;ok +# v64 ({v640}|{v641}|{v642}|{v643}|{v644}) +# v630 ((:)(:{hex4}{3})) +ip6 saddr ::1234:1234:1234;ok +# v631 ((({hex4}:){1})(:{hex4}{2})) +ip6 saddr 1234::1234:1234;ok +# v632 ((({hex4}:){2})(:{hex4}{1})) +ip6 saddr 1234:1234::1234;ok +# v633 ((({hex4}:){3})(:)) +ip6 saddr 1234:1234:1234::;ok +# v63 ({v630}|{v631}|{v632}|{v633}) +# v620 ((:)(:{hex4}{2})) +ip6 saddr ::1234:1234;ok;ip6 saddr ::18.52.18.52 +# v621 ((({hex4}:){1})(:{hex4}{1})) +ip6 saddr 1234::1234;ok +# v622 ((({hex4}:){2})(:)) +ip6 saddr 1234:1234::;ok +# v62 ({v620}|{v621}|{v622}) +# v610 ((:)(:{hex4}{1})) +ip6 saddr ::1234;ok +# v611 ((({hex4}:){1})(:)) +ip6 saddr 1234::;ok +# v61 ({v610}|{v611}) +# v60 (::) +ip6 saddr ::/64;ok + +- ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 };ok +ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234;ok;ip6 daddr != 0:1234:1234:1234:1234:1234:1234:1234-1234:1234:0:1234:1234:1234:1234:1234 diff --git a/tests/py/ip6/ip6.t.payload.inet b/tests/py/ip6/ip6.t.payload.inet new file mode 100644 index 00000000..b4fd2779 --- /dev/null +++ b/tests/py/ip6/ip6.t.payload.inet @@ -0,0 +1,461 @@ +# ip6 flowlabel 22 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp eq reg 1 0x00160000 ] + +# ip6 flowlabel != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp neq reg 1 0x00e90000 ] + +# ip6 flowlabel { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 flowlabel { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 length 22 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip6 length != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip6 length 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip6 length != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip6 length { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log +set%d test-inet 3 +set%d test-inet 0 + element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + [ log prefix (null) ] + +# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-inet 3 +set%d test-inet 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr esp +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ip6 nexthdr != esp +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# ip6 nexthdr { 33-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr 33-44 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002c ] + +# ip6 nexthdr != 33-44 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002c ] + +# ip6 hoplimit 1 log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ log prefix (null) ] + +# ip6 hoplimit != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# ip6 hoplimit 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# ip6 hoplimit != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# ip6 hoplimit {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 hoplimit {33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::/64 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] + +# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + diff --git a/tests/py/ip6/ip6.t.payload.ip6 b/tests/py/ip6/ip6.t.payload.ip6 new file mode 100644 index 00000000..d355adae --- /dev/null +++ b/tests/py/ip6/ip6.t.payload.ip6 @@ -0,0 +1,339 @@ +# ip6 flowlabel 22 +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp eq reg 1 0x00160000 ] + +# ip6 flowlabel != 233 +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp neq reg 1 0x00e90000 ] + +# ip6 flowlabel { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 flowlabel { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 length 22 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip6 length != 233 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip6 length 33-45 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip6 length != 33-45 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip6 length { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log +set%d test-ip6 3 +set%d test-ip6 0 + element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + [ log prefix (null) ] + +# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr esp +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ip6 nexthdr != esp +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# ip6 nexthdr { 33-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr 33-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002c ] + +# ip6 nexthdr != 33-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002c ] + +# ip6 hoplimit 1 log +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ log prefix (null) ] + +# ip6 hoplimit != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# ip6 hoplimit 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# ip6 hoplimit != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# ip6 hoplimit {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 hoplimit {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::/64 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] + +# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + diff --git a/tests/py/ip6/masquerade.t b/tests/py/ip6/masquerade.t new file mode 100644 index 00000000..4e6c086c --- /dev/null +++ b/tests/py/ip6/masquerade.t @@ -0,0 +1,25 @@ +*ip6;test-ip6 +:postrouting;type nat hook postrouting priority 0 + +# nf_nat flags combination +udp dport 53 masquerade;ok +udp dport 53 masquerade random;ok +udp dport 53 masquerade random,persistent;ok +udp dport 53 masquerade random,persistent,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent +udp dport 53 masquerade random,fully-random;ok +udp dport 53 masquerade random,fully-random,persistent;ok +udp dport 53 masquerade persistent;ok +udp dport 53 masquerade persistent,random;ok;udp dport 53 masquerade random,persistent +udp dport 53 masquerade persistent,random,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent +udp dport 53 masquerade persistent,fully-random;ok;udp dport 53 masquerade fully-random,persistent +udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerade random,fully-random,persistent + +# masquerade is a terminal statement +tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail +tcp sport 22 masquerade accept;fail +ip6 saddr ::1 masquerade drop;fail + +# masquerade with sets +tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade;ok +ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade;ok +iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade;ok diff --git a/tests/py/ip6/masquerade.t.payload.ip6 b/tests/py/ip6/masquerade.t.payload.ip6 new file mode 100644 index 00000000..2e8bf959 --- /dev/null +++ b/tests/py/ip6/masquerade.t.payload.ip6 @@ -0,0 +1,127 @@ +# udp dport 53 masquerade +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq ] + +# udp dport 53 masquerade random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x4 ] + +# udp dport 53 masquerade random,persistent +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade random,persistent,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade random,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x14 ] + +# udp dport 53 masquerade random,fully-random,persistent +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x8 ] + +# udp dport 53 masquerade persistent,random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade persistent,random,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x18 ] + +# udp dport 53 masquerade persistent,fully-random,random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade +set%d test-ip6 3 +set%d test-ip6 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ masq ] + +# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade +ip6 test-ip6 postrouting + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] + [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ masq ] + +# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0 [end] element 0000de00 : 0 [end] +ip6 test-ip6 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + [ masq ] + diff --git a/tests/py/ip6/mh.t b/tests/py/ip6/mh.t new file mode 100644 index 00000000..cd652b39 --- /dev/null +++ b/tests/py/ip6/mh.t @@ -0,0 +1,49 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +mh nexthdr 1;ok +mh nexthdr != 1;ok +mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp };ok;mh nexthdr { 58, 17, 108, 6, 51, 136, 50, 132, 33} +- mh nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok +mh nexthdr icmp;ok;mh nexthdr 1 +mh nexthdr != icmp;ok;mh nexthdr != 1 +mh nexthdr 22;ok +mh nexthdr != 233;ok +mh nexthdr 33-45;ok +mh nexthdr != 33-45;ok +mh nexthdr { 33, 55, 67, 88 };ok +- mh nexthdr != { 33, 55, 67, 88 };ok +mh nexthdr { 33-55 };ok +- mh nexthdr != { 33-55 };ok + +mh hdrlength 22;ok +mh hdrlength != 233;ok +mh hdrlength 33-45;ok +mh hdrlength != 33-45;ok +mh hdrlength { 33, 55, 67, 88 };ok +- mh hdrlength != { 33, 55, 67, 88 };ok +mh hdrlength { 33-55 };ok +- mh hdrlength != { 33-55 };ok + +mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message};ok +mh type home-agent-switch-message;ok +mh type != home-agent-switch-message;ok + +mh reserved 22;ok +mh reserved != 233;ok +mh reserved 33-45;ok +mh reserved != 33-45;ok +mh reserved { 33, 55, 67, 88};ok +- mh reserved != {33, 55, 67, 88};ok +mh reserved { 33-55};ok +- mh reserved != { 33-55};ok + +mh checksum 22;ok +mh checksum != 233;ok +mh checksum 33-45;ok +mh checksum != 33-45;ok +mh checksum { 33, 55, 67, 88};ok +- mh checksum != { 33, 55, 67, 88};ok +mh checksum { 33-55};ok +- mh checksum != { 33-55};ok diff --git a/tests/py/ip6/mh.t.payload.inet b/tests/py/ip6/mh.t.payload.inet new file mode 100644 index 00000000..53a0ce08 --- /dev/null +++ b/tests/py/ip6/mh.t.payload.inet @@ -0,0 +1,198 @@ +# mh nexthdr 1 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != 1 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } +set%d test-inet 3 +set%d test-inet 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr icmp +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != icmp +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr 22 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh nexthdr != 233 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh nexthdr 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh nexthdr != 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh nexthdr { 33, 55, 67, 88 } +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr { 33-55 } +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength 22 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh hdrlength != 233 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh hdrlength 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh hdrlength != 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh hdrlength { 33, 55, 67, 88 } +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength { 33-55 } +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} +set%d test-inet 3 +set%d test-inet 0 + element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type home-agent-switch-message +inet test-inet input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp eq reg 1 0x0000000c ] + +# mh type != home-agent-switch-message +inet test-inet input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp neq reg 1 0x0000000c ] + +# mh reserved 22 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh reserved != 233 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh reserved 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh reserved != 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh reserved { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh reserved { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum 22 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# mh checksum != 233 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# mh checksum 33-45 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# mh checksum != 33-45 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# mh checksum { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/mh.t.payload.ip6 b/tests/py/ip6/mh.t.payload.ip6 new file mode 100644 index 00000000..e903b74f --- /dev/null +++ b/tests/py/ip6/mh.t.payload.ip6 @@ -0,0 +1,198 @@ +# mh nexthdr 1 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != 1 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } +set%d test-ip6 3 +set%d test-ip6 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr icmp +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr 22 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh nexthdr != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh nexthdr 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh nexthdr != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh nexthdr { 33, 55, 67, 88 } +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr { 33-55 } +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh hdrlength { 33, 55, 67, 88 } +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength { 33-55 } +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type home-agent-switch-message +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp eq reg 1 0x0000000c ] + +# mh type != home-agent-switch-message +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp neq reg 1 0x0000000c ] + +# mh reserved 22 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh reserved != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh reserved 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh reserved != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh reserved { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh reserved { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum 22 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# mh checksum != 233 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# mh checksum 33-45 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# mh checksum != 33-45 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# mh checksum { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/redirect.t b/tests/py/ip6/redirect.t new file mode 100644 index 00000000..31ffe8c9 --- /dev/null +++ b/tests/py/ip6/redirect.t @@ -0,0 +1,44 @@ +*ip6;test-ip6 +:output;type nat hook output priority 0 + +# with no arguments +redirect;ok +udp dport 954 redirect;ok +ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect;ok + +# nf_nat flags combination +udp dport 53 redirect random;ok +udp dport 53 redirect random,persistent;ok +udp dport 53 redirect random,persistent,fully-random;ok;udp dport 53 redirect random,fully-random,persistent +udp dport 53 redirect random,fully-random;ok +udp dport 53 redirect random,fully-random,persistent;ok +udp dport 53 redirect persistent;ok +udp dport 53 redirect persistent,random;ok;udp dport 53 redirect random,persistent +udp dport 53 redirect persistent,random,fully-random;ok;udp dport 53 redirect random,fully-random,persistent +udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-random,persistent +udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent + +# port specification +udp dport 1234 redirect to 1234;ok +ip6 daddr fe00::cafe udp dport 9998 redirect to 6515;ok +tcp dport 39128 redirect to 993;ok +redirect to 1234;fail +redirect to 12341111;fail + +# both port and nf_nat flags +tcp dport 9128 redirect to 993 random;ok +tcp dport 9128 redirect to 993 fully-random,persistent;ok + +# nf_nat flags are the last argument +tcp dport 9128 redirect persistent to 123;fail +tcp dport 9128 redirect random,persistent to 123;fail + +# redirect is a terminal statement +tcp dport 22 redirect counter packets 0 bytes 0 accept;fail +tcp sport 22 redirect accept;fail +ip6 saddr ::1 redirect drop;fail + +# redirect with sets +tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok +ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect;ok +iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok diff --git a/tests/py/ip6/redirect.t.payload.ip6 b/tests/py/ip6/redirect.t.payload.ip6 new file mode 100644 index 00000000..3369a7a3 --- /dev/null +++ b/tests/py/ip6/redirect.t.payload.ip6 @@ -0,0 +1,185 @@ +# redirect +ip6 test-ip6 output + [ redir ] + +# udp dport 954 redirect +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000ba03 ] + [ redir ] + +# ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect +ip6 test-ip6 output + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ] + [ counter pkts 0 bytes 0 ] + [ redir ] + +# udp dport 53 redirect random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x4 ] + +# udp dport 53 redirect random,persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0xc ] + +# udp dport 53 redirect random,persistent,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 53 redirect random,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x14 ] + +# udp dport 53 redirect random,fully-random,persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 53 redirect persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x8 ] + +# udp dport 53 redirect persistent,random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0xc ] + +# udp dport 53 redirect persistent,random,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 53 redirect persistent,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x18 ] + +# udp dport 53 redirect persistent,fully-random,random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 1234 redirect to 1234 +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 1 0x0000d204 ] + [ redir proto_min reg 1 ] + +# ip6 daddr fe00::cafe udp dport 9998 redirect to 6515 +ip6 test-ip6 output + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00000e27 ] + [ immediate reg 1 0x00007319 ] + [ redir proto_min reg 1 ] + +# tcp dport 39128 redirect to 993 +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000d898 ] + [ immediate reg 1 0x0000e103 ] + [ redir proto_min reg 1 ] + +# tcp dport 9128 redirect to 993 random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x0000e103 ] + [ redir proto_min reg 1 flags 0x4 ] + +# tcp dport 9128 redirect to 993 fully-random,persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x0000e103 ] + [ redir proto_min reg 1 flags 0x18 ] + +# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect +set%d test-ip6 3 +set%d test-ip6 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ redir ] + +# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect +ip6 test-ip6 output + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] + [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ redir ] + +# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0 [end] element 0000de00 : 0 [end] +ip6 test-ip6 output + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + [ redir ] + diff --git a/tests/py/ip6/reject.t b/tests/py/ip6/reject.t new file mode 100644 index 00000000..60dec90e --- /dev/null +++ b/tests/py/ip6/reject.t @@ -0,0 +1,12 @@ +*ip6;test-ip6 +:output;type filter hook output priority 0 + +reject;ok +reject with icmpv6 type no-route;ok +reject with icmpv6 type admin-prohibited;ok +reject with icmpv6 type addr-unreachable;ok +reject with icmpv6 type port-unreachable;ok;reject +reject with tcp reset;ok;ip6 nexthdr 6 reject with tcp reset + +reject with icmpv6 type host-unreachable;fail +reject with icmp type host-unreachable;fail diff --git a/tests/py/ip6/reject.t.payload.ip6 b/tests/py/ip6/reject.t.payload.ip6 new file mode 100644 index 00000000..aa0b9ff2 --- /dev/null +++ b/tests/py/ip6/reject.t.payload.ip6 @@ -0,0 +1,26 @@ +# reject +ip6 test-ip6 output + [ reject type 0 code 4 ] + +# reject with icmpv6 type no-route +ip6 test-ip6 output + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +ip6 test-ip6 output + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +ip6 test-ip6 output + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +ip6 test-ip6 output + [ reject type 0 code 4 ] + +# reject with tcp reset +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + diff --git a/tests/py/ip6/rt.t b/tests/py/ip6/rt.t new file mode 100644 index 00000000..eca47ca8 --- /dev/null +++ b/tests/py/ip6/rt.t @@ -0,0 +1,45 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +rt nexthdr 1;ok +rt nexthdr != 1;ok +rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;rt nexthdr { 33, 136, 50, 132, 51, 17, 108, 6, 58} +- rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok +rt nexthdr icmp;ok;rt nexthdr 1 +rt nexthdr != icmp;ok;rt nexthdr != 1 +rt nexthdr 22;ok +rt nexthdr != 233;ok +rt nexthdr 33-45;ok +rt nexthdr != 33-45;ok +rt nexthdr { 33, 55, 67, 88};ok +- rt nexthdr != { 33, 55, 67, 88};ok +rt nexthdr { 33-55};ok;rt nexthdr { 33-55} +- rt nexthdr != { 33-55};ok + +rt hdrlength 22;ok +rt hdrlength != 233;ok +rt hdrlength 33-45;ok +rt hdrlength != 33-45;ok +rt hdrlength { 33, 55, 67, 88};ok +- rt hdrlength != { 33, 55, 67, 88};ok +rt hdrlength { 33-55};ok +- rt hdrlength != { 33-55};ok + +rt type 22;ok +rt type != 233;ok +rt type 33-45;ok +rt type != 33-45;ok +rt type { 33, 55, 67, 88};ok +- rt type != { 33, 55, 67, 88};ok +rt type { 33-55};ok +- rt type != { 33-55};ok + +rt seg-left 22;ok +rt seg-left != 233;ok +rt seg-left 33-45;ok +rt seg-left != 33-45;ok +rt seg-left { 33, 55, 67, 88};ok +- rt seg-left != { 33, 55, 67, 88};ok +rt seg-left { 33-55};ok +- rt seg-left != { 33-55};ok diff --git a/tests/py/ip6/rt.t.payload.inet b/tests/py/ip6/rt.t.payload.inet new file mode 100644 index 00000000..9dc51b97 --- /dev/null +++ b/tests/py/ip6/rt.t.payload.inet @@ -0,0 +1,180 @@ +# rt nexthdr 1 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != 1 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-inet 3 +set%d test-inet 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr icmp +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != icmp +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr 22 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt nexthdr != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt nexthdr 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt nexthdr != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt nexthdr { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength 22 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt hdrlength != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt hdrlength 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt hdrlength != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt hdrlength { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type 22 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt type != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt type 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt type != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt type { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left 22 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt seg-left != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt seg-left 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt seg-left != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt seg-left { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/rt.t.payload.ip6 b/tests/py/ip6/rt.t.payload.ip6 new file mode 100644 index 00000000..f766ec0a --- /dev/null +++ b/tests/py/ip6/rt.t.payload.ip6 @@ -0,0 +1,180 @@ +# rt nexthdr 1 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != 1 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr icmp +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt nexthdr != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt nexthdr 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt nexthdr != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt nexthdr { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt hdrlength { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt type != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt type 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt type != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt type { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt seg-left != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt seg-left 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt seg-left != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt seg-left { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t new file mode 100644 index 00000000..4938929c --- /dev/null +++ b/tests/py/ip6/sets.t @@ -0,0 +1,22 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +!set_ipv6_add1 ipv6_addr;ok +!set_inet1 inet_proto;ok +!set_inet inet_service;ok +!set_time time;ok + +?set2 192.168.3.4;fail +!set2 ipv6_addr;ok +?set2 1234:1234::1234:1234:1234:1234:1234;ok +?set2 1234:1234::1234:1234:1234:1234:1234;fail +?set2 1234::1234:1234:1234;ok +?set2 1234:1234:1234:1234:1234::1234:1234 1234:1234::123;ok +?set2 192.168.3.8 192.168.3.9;fail +?set2 1234:1234::1234:1234:1234:1234;ok +?set2 1234:1234::1234:1234:1234:1234;fail +?set2 1234:1234:1234::1234;ok + +ip6 saddr @set2 drop;ok +ip6 saddr @set33 drop;fail diff --git a/tests/py/ip6/sets.t.payload b/tests/py/ip6/sets.t.payload new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/py/ip6/sets.t.payload diff --git a/tests/py/ip6/sets.t.payload.inet b/tests/py/ip6/sets.t.payload.inet new file mode 100644 index 00000000..27be86be --- /dev/null +++ b/tests/py/ip6/sets.t.payload.inet @@ -0,0 +1,8 @@ +# ip6 saddr @set2 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/py/ip6/sets.t.payload.ip6 b/tests/py/ip6/sets.t.payload.ip6 new file mode 100644 index 00000000..0e51fd3e --- /dev/null +++ b/tests/py/ip6/sets.t.payload.ip6 @@ -0,0 +1,6 @@ +# ip6 saddr @set2 drop +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/py/ip6/snat.t b/tests/py/ip6/snat.t new file mode 100644 index 00000000..37bf1a1d --- /dev/null +++ b/tests/py/ip6/snat.t @@ -0,0 +1,5 @@ +*ip6;test-ip6 +:postrouting;type nat hook postrouting priority 0 + +tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::80-100 +tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100;ok diff --git a/tests/py/ip6/snat.t.payload.ip6 b/tests/py/ip6/snat.t.payload.ip6 new file mode 100644 index 00000000..486bbb8b --- /dev/null +++ b/tests/py/ip6/snat.t.payload.ip6 @@ -0,0 +1,25 @@ +# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100 +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00005000 ] + [ immediate reg 4 0x00006400 ] + [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] + +# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100 +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00006400 ] + [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] + diff --git a/tests/py/ip6/vmap.t b/tests/py/ip6/vmap.t new file mode 100644 index 00000000..301a28ae --- /dev/null +++ b/tests/py/ip6/vmap.t @@ -0,0 +1,54 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +ip6 saddr vmap { abcd::3 : accept };ok +ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234:1234;fail + +# Ipv6 address combinations +# from src/scanner.l +ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 0:1234:1234:1234:1234:1234:1234:1234 : accept} +ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:0:1234:1234:1234:1234:1234:1234 : accept} +ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:0:1234:1234:1234:1234:1234 : accept} +ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:0:1234:1234:1234:1234 : accept} +ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:0:1234:1234:1234 : accept} +ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:0:1234:1234 : accept} +ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:0:1234 : accept} +ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:0 : accept} +ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept};ok +ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept};ok +ip6 saddr vmap { ::1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234::1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234::1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234::1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234:: : accept};ok +ip6 saddr vmap { ::1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234::1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234::1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:: : accept};ok +ip6 saddr vmap { ::1234:1234 : accept};ok;ip6 saddr vmap { ::18.52.18.52 : accept} +ip6 saddr vmap { 1234::1234 : accept};ok +ip6 saddr vmap { 1234:1234:: : accept};ok +ip6 saddr vmap { ::1234 : accept};ok +ip6 saddr vmap { 1234:: : accept};ok +ip6 saddr vmap { ::/64 : accept};ok + +ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::aaaa : drop} +ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::bbbb : drop} +ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::cccc : drop} +ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::dddd: drop} + +# rule without comma: +filter-input ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:bbbb:::accept::adda : drop};fail diff --git a/tests/py/ip6/vmap.t.payload.inet b/tests/py/ip6/vmap.t.payload.inet new file mode 100644 index 00000000..f0312bf3 --- /dev/null +++ b/tests/py/ip6/vmap.t.payload.inet @@ -0,0 +1,420 @@ +# ip6 saddr vmap { abcd::3 : accept } +map%d test-inet b +map%d test-inet 0 + element 0000cdab 00000000 00000000 03000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34120000 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34120000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00003412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 00003412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 34120000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00003412 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 34120000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00003412 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::/64 : accept} +map%d test-inet f +map%d test-inet 0 + element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + diff --git a/tests/py/ip6/vmap.t.payload.ip6 b/tests/py/ip6/vmap.t.payload.ip6 new file mode 100644 index 00000000..0701b9b3 --- /dev/null +++ b/tests/py/ip6/vmap.t.payload.ip6 @@ -0,0 +1,336 @@ +# ip6 saddr vmap { abcd::3 : accept } +map%d test-ip6 b +map%d test-ip6 0 + element 0000cdab 00000000 00000000 03000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34120000 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34120000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00003412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 00003412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 34120000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00003412 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 34120000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00003412 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::/64 : accept} +map%d test-ip6 f +map%d test-ip6 0 + element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + |