diff options
Diffstat (limited to 'tests/py/ip')
52 files changed, 3380 insertions, 2471 deletions
diff --git a/tests/py/ip/ct.t b/tests/py/ip/ct.t index d3247f79..a0a22289 100644 --- a/tests/py/ip/ct.t +++ b/tests/py/ip/ct.t @@ -21,3 +21,16 @@ ct original protocol 17 ct reply proto-src 53;ok;ct protocol 17 ct reply proto-s # wrong address family ct reply ip daddr dead::beef;fail + +meta mark set ct original daddr map { 1.1.1.1 : 0x00000011 };fail +meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 };ok +meta mark set ct original saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e };fail +meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e };ok +ct original saddr . meta mark { 1.1.1.1 . 0x00000014 };fail +ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 };ok +ct mark set ip dscp << 2 | 0x10;ok +ct mark set ip dscp << 26 | 0x10;ok +ct mark set ip dscp & 0x0f << 1;ok;ct mark set ip dscp & af33 +ct mark set ip dscp & 0x0f << 2;ok;ct mark set ip dscp & 0x3c +ct mark set ip dscp | 0x04;ok +ct mark set ip dscp | 1 << 20;ok;ct mark set ip dscp | 0x100000 diff --git a/tests/py/ip/ct.t.json b/tests/py/ip/ct.t.json index 881cd4c9..915632ae 100644 --- a/tests/py/ip/ct.t.json +++ b/tests/py/ip/ct.t.json @@ -216,3 +216,266 @@ } ] +# meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 } +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": { + "set": [ + [ + "1.1.1.1", + 17 + ] + ] + }, + "key": { + "ct": { + "dir": "original", + "key": "ip daddr" + } + } + } + } + } + } +] + +# meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e } +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "1.1.1.1", + 20 + ] + }, + 30 + ] + ] + }, + "key": { + "concat": [ + { + "ct": { + "dir": "original", + "key": "ip saddr" + } + }, + { + "meta": { + "key": "mark" + } + } + ] + } + } + } + } + } +] + +# ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 } +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "dir": "original", + "key": "ip saddr" + } + }, + { + "meta": { + "key": "mark" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.1.1.1", + 20 + ] + } + ] + } + } + } +] + +# ct mark set ip dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip dscp & 0x0f << 1 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "&": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + "af33" + ] + } + } + } +] + +# ct mark set ip dscp & 0x0f << 2 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "&": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 60 + ] + } + } + } +] + +# ct mark set ip dscp | 0x04 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 4 + ] + } + } + } +] + +# ct mark set ip dscp | 1 << 20 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 1048576 + ] + } + } + } +] diff --git a/tests/py/ip/ct.t.payload b/tests/py/ip/ct.t.payload index d5faed4c..692011d0 100644 --- a/tests/py/ip/ct.t.payload +++ b/tests/py/ip/ct.t.payload @@ -21,25 +21,21 @@ ip test-ip4 output # ct original ip saddr 192.168.1.0/24 ip test-ip4 output [ ct load src_ip => reg 1 , dir original ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct reply ip saddr 192.168.1.0/24 ip test-ip4 output [ ct load src_ip => reg 1 , dir reply ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct original ip daddr 192.168.1.0/24 ip test-ip4 output [ ct load dst_ip => reg 1 , dir original ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct reply ip daddr 192.168.1.0/24 ip test-ip4 output [ ct load dst_ip => reg 1 , dir reply ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct l3proto ipv4 @@ -60,3 +56,81 @@ ip test-ip4 output [ cmp eq reg 1 0x00000011 ] [ ct load proto_src => reg 1 , dir reply ] [ cmp eq reg 1 0x00003500 ] + +# meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 : 00000011 0 [end] +ip + [ ct load dst_ip => reg 1 , dir original ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 00000014 : 0000001e 0 [end] +ip + [ ct load src_ip => reg 1 , dir original ] + [ meta load mark => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 } +__set%d test-ip4 3 +__set%d test-ip4 0 + element 01010101 00000014 : 0 [end] +ip + [ ct load src_ip => reg 1 , dir original ] + [ meta load mark => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ct mark set ip dscp << 2 | 0x10 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp << 26 | 0x10 +ip + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp & 0x0f << 1 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000001e ) ^ 0x00000000 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp & 0x0f << 2 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003c ) ^ 0x00000000 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp | 0x04 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffb ) ^ 0x00000004 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp | 1 << 20 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffefffff ) ^ 0x00100000 ] + [ ct set mark with reg 1 ] diff --git a/tests/py/ip/dnat.t b/tests/py/ip/dnat.t index 089017c8..881571db 100644 --- a/tests/py/ip/dnat.t +++ b/tests/py/ip/dnat.t @@ -8,6 +8,16 @@ iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2;ok iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2;ok iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2;ok iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080;ok +iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080-8999;ok +iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080;ok +iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080-8999;ok dnat to ct mark map { 0x00000014 : 1.2.3.4};ok dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok + +dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 8888 - 8999 };ok +dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 80 };ok +dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.2 . 8888 - 8999 };ok +ip daddr 192.168.0.1 dnat ip to tcp dport map { 443 : 10.141.10.4 . 8443, 80 : 10.141.10.4 . 8080 };ok +meta l4proto 6 dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69 . 22, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 };ok +dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69/32, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 };ok diff --git a/tests/py/ip/dnat.t.json b/tests/py/ip/dnat.t.json index 0481a368..fe15d072 100644 --- a/tests/py/ip/dnat.t.json +++ b/tests/py/ip/dnat.t.json @@ -262,3 +262,482 @@ } ] +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080-8999 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 81 + } + }, + { + "dnat": { + "addr": "192.168.3.2", + "port": { + "range": [ + 8080, + 8999 + ] + } + } + } +] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080-8999 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 81 + } + }, + { + "dnat": { + "addr": { + "range": [ + "192.168.3.2", + "192.168.3.4" + ] + }, + "port": { + "range": [ + 8080, + 8999 + ] + } + } + } +] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 81 + } + }, + { + "dnat": { + "addr": { + "range": [ + "192.168.3.2", + "192.168.3.4" + ] + }, + "port": 8080 + } + } +] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.2 . 8888 - 8999 } +[ + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "192.168.1.2", + 80 + ] + }, + { + "concat": [ + "10.141.10.2", + { + "range": [ + 8888, + 8999 + ] + } + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "tcp" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 8888 - 8999 } +[ + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "192.168.1.2", + 80 + ] + }, + { + "concat": [ + { + "prefix": { + "addr": "10.141.10.0", + "len": 24 + } + }, + { + "range": [ + 8888, + 8999 + ] + } + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "tcp" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 80 } +[ + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "192.168.1.2", + 80 + ] + }, + { + "concat": [ + { + "prefix": { + "addr": "10.141.10.0", + "len": 24 + } + }, + 80 + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "tcp" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + +# ip daddr 192.168.0.1 dnat ip to tcp dport map { 443 : 10.141.10.4 . 8443, 80 : 10.141.10.4 . 8080 } +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "192.168.0.1" + } + }, + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + 80, + { + "concat": [ + "10.141.10.4", + 8080 + ] + } + ], + [ + 443, + { + "concat": [ + "10.141.10.4", + 8443 + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + } + } + }, + "family": "ip" + } + } +] + +# meta l4proto 6 dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69 . 22, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 } +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 6 + } + }, + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "enp2s0", + "10.1.1.136" + ] + }, + { + "concat": [ + "1.1.2.69", + 22 + ] + } + ], + [ + { + "concat": [ + "enp2s0", + { + "range": [ + "10.1.1.1", + "10.1.1.135" + ] + } + ] + }, + { + "concat": [ + { + "range": [ + "1.1.2.66", + "1.84.236.78" + ] + }, + 22 + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "meta": { + "key": "iifname" + } + }, + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + +# dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69/32, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 } +[ + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "enp2s0", + "10.1.1.136" + ] + }, + { + "prefix": { + "addr": "1.1.2.69", + "len": 32 + } + } + ], + [ + { + "concat": [ + "enp2s0", + { + "range": [ + "10.1.1.1", + "10.1.1.135" + ] + } + ] + }, + { + "range": [ + "1.1.2.66", + "1.84.236.78" + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "meta": { + "key": "iifname" + } + }, + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + diff --git a/tests/py/ip/dnat.t.payload.ip b/tests/py/ip/dnat.t.payload.ip index 1b869d0a..439c6abe 100644 --- a/tests/py/ip/dnat.t.payload.ip +++ b/tests/py/ip/dnat.t.payload.ip @@ -8,7 +8,7 @@ ip test-ip4 prerouting [ cmp gte reg 1 0x00005000 ] [ cmp lte reg 1 0x00005a00 ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport != 80-90 dnat to 192.168.3.2 ip test-ip4 prerouting @@ -19,7 +19,7 @@ ip test-ip4 prerouting [ payload load 2b @ transport header + 2 => reg 1 ] [ range neq reg 1 0x00005000 0x00005a00 ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2 __set%d test-ip4 3 @@ -33,7 +33,7 @@ ip test-ip4 prerouting [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2 __set%d test-ip4 3 @@ -47,7 +47,7 @@ ip test-ip4 prerouting [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2 ip test-ip4 prerouting @@ -58,7 +58,7 @@ ip test-ip4 prerouting [ payload load 2b @ transport header + 2 => reg 1 ] [ range neq reg 1 0x00001700 0x00002200 ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080 ip test-ip4 prerouting @@ -70,7 +70,7 @@ ip test-ip4 prerouting [ cmp eq reg 1 0x00005100 ] [ immediate reg 1 0x0203a8c0 ] [ immediate reg 2 0x0000901f ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 proto_min reg 2 proto_max reg 0 ] + [ nat dnat ip addr_min reg 1 proto_min reg 2 flags 0x2 ] # dnat to ct mark map { 0x00000014 : 1.2.3.4} __map%d test-ip4 b @@ -79,7 +79,7 @@ __map%d test-ip4 0 ip test-ip4 prerouting [ ct load mark => reg 1 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} __map%d test-ip4 b @@ -89,5 +89,116 @@ ip test-ip4 output [ ct load mark => reg 1 ] [ payload load 4b @ network header + 16 => reg 9 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 8888 - 8999 } +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 0201a8c0 00005000 : 000a8d0a 0000b822 ff0a8d0a 00002723 0 [end] +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 2b @ transport header + 2 => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 10 proto_min reg 9 proto_max reg 11 ] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 80 } +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 0201a8c0 00005000 : 000a8d0a 00005000 ff0a8d0a 00005000 0 [end] +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 2b @ transport header + 2 => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 10 proto_min reg 9 proto_max reg 11 ] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.2 . 8888 - 8999 } +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 0201a8c0 00005000 : 020a8d0a 0000b822 020a8d0a 00002723 0 [end] +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 2b @ transport header + 2 => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 10 proto_min reg 9 proto_max reg 11 ] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080-8999 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005100 ] + [ immediate reg 1 0x0203a8c0 ] + [ immediate reg 2 0x0000901f ] + [ immediate reg 3 0x00002723 ] + [ nat dnat ip addr_min reg 1 proto_min reg 2 proto_max reg 3 flags 0x2 ] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005100 ] + [ immediate reg 1 0x0203a8c0 ] + [ immediate reg 2 0x0403a8c0 ] + [ immediate reg 3 0x0000901f ] + [ nat dnat ip addr_min reg 1 addr_max reg 2 proto_min reg 3 flags 0x2 ] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080-8999 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005100 ] + [ immediate reg 1 0x0203a8c0 ] + [ immediate reg 2 0x0403a8c0 ] + [ immediate reg 3 0x0000901f ] + [ immediate reg 4 0x00002723 ] + [ nat dnat ip addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 flags 0x2 ] + +# ip daddr 192.168.0.1 dnat ip to tcp dport map { 443 : 10.141.10.4 . 8443, 80 : 10.141.10.4 . 8080 } +__map%d test-ip4 b size 2 +__map%d test-ip4 0 + element 0000bb01 : 040a8d0a 0000fb20 0 [end] element 00005000 : 040a8d0a 0000901f 0 [end] +ip + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 proto_min reg 9 ] + +# meta l4proto 6 dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69 . 22, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 } +__map%d test-ip4 8f size 2 +__map%d test-ip4 0 + element 32706e65 00003073 00000000 00000000 8801010a - 32706e65 00003073 00000000 00000000 8801010a : 45020101 00001600 45020101 00001600 0 [end] element 32706e65 00003073 00000000 00000000 0101010a - 32706e65 00003073 00000000 00000000 8701010a : 42020101 00001600 4eec5401 00001600 0 [end] +ip test-ip4 prerouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ meta load iifname => reg 1 ] + [ payload load 4b @ network header + 12 => reg 2 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 10 proto_min reg 9 proto_max reg 11 ] + +# dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69/32, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 } +__map%d test-ip4 8f size 2 +__map%d test-ip4 0 + element 32706e65 00003073 00000000 00000000 8801010a - 32706e65 00003073 00000000 00000000 8801010a : 45020101 45020101 0 [end] element 32706e65 00003073 00000000 00000000 0101010a - 32706e65 00003073 00000000 00000000 8701010a : 42020101 4eec5401 0 [end] +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ payload load 4b @ network header + 12 => reg 2 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 9 ] diff --git a/tests/py/ip/flowtable.t b/tests/py/ip/flowtable.t deleted file mode 100644 index 086c6cf6..00000000 --- a/tests/py/ip/flowtable.t +++ /dev/null @@ -1,5 +0,0 @@ -:input;type filter hook input priority 0 - -*ip;test-ip;input - -meter xyz size 8192 { ip saddr timeout 30s counter};ok diff --git a/tests/py/ip/flowtable.t.json b/tests/py/ip/flowtable.t.json deleted file mode 100644 index a03cc9d7..00000000 --- a/tests/py/ip/flowtable.t.json +++ /dev/null @@ -1,24 +0,0 @@ -# meter xyz size 8192 { ip saddr timeout 30s counter} -[ - { - "meter": { - "key": { - "elem": { - "timeout": 30, - "val": { - "payload": { - "field": "saddr", - "protocol": "ip" - } - } - } - }, - "name": "xyz", - "size": 8192, - "stmt": { - "counter": null - } - } - } -] - diff --git a/tests/py/ip/flowtable.t.payload b/tests/py/ip/flowtable.t.payload deleted file mode 100644 index c0aad39e..00000000 --- a/tests/py/ip/flowtable.t.payload +++ /dev/null @@ -1,7 +0,0 @@ -# meter xyz size 8192 { ip saddr timeout 30s counter} -xyz test-ip 31 -xyz test-ip 0 -ip test-ip input - [ payload load 4b @ network header + 12 => reg 1 ] - [ dynset update reg_key 1 set xyz timeout 30000ms expr [ counter pkts 0 bytes 0 ] ] - diff --git a/tests/py/ip/hash.t.payload b/tests/py/ip/hash.t.payload index 71ab0652..fefe492d 100644 --- a/tests/py/ip/hash.t.payload +++ b/tests/py/ip/hash.t.payload @@ -41,7 +41,7 @@ ip test-ip4 pre [ payload load 4b @ network header + 12 => reg 2 ] [ hash reg 1 = jhash(reg 2, 4, 0xdeadbeef) % mod 2 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # ct mark set symhash mod 2 offset 100 ip test-ip4 pre diff --git a/tests/py/ip/icmp.t b/tests/py/ip/icmp.t index 6c05fb9d..226c339b 100644 --- a/tests/py/ip/icmp.t +++ b/tests/py/ip/icmp.t @@ -26,51 +26,43 @@ icmp code 111 accept;ok icmp code != 111 accept;ok icmp code 33-55;ok icmp code != 33-55;ok -icmp code { 33-55};ok -icmp code != { 33-55};ok -icmp code { 2, 4, 54, 33, 56};ok;icmp code { prot-unreachable, 4, 33, 54, 56} -icmp code != { prot-unreachable, 4, 33, 54, 56};ok +icmp code { 2, 4, 54, 33, 56};ok +icmp code != { prot-unreachable, frag-needed, 33, 54, 56};ok;icmp code != { 2, 4, 33, 54, 56} icmp checksum 12343 accept;ok icmp checksum != 12343 accept;ok icmp checksum 11-343 accept;ok icmp checksum != 11-343 accept;ok -icmp checksum { 11-343} accept;ok -icmp checksum != { 11-343} accept;ok icmp checksum { 1111, 222, 343} accept;ok icmp checksum != { 1111, 222, 343} accept;ok -icmp id 1245 log;ok -icmp id 22;ok -icmp id != 233;ok -icmp id 33-45;ok -icmp id != 33-45;ok -icmp id { 33-55};ok -icmp id != { 33-55};ok -icmp id { 22, 34, 333};ok -icmp id != { 22, 34, 333};ok +icmp id 1245 log;ok;icmp type { echo-reply, echo-request} icmp id 1245 log +icmp id 22;ok;icmp type { echo-reply, echo-request} icmp id 22 +icmp id != 233;ok;icmp type { echo-reply, echo-request} icmp id != 233 +icmp id 33-45;ok;icmp type { echo-reply, echo-request} icmp id 33-45 +icmp id != 33-45;ok;icmp type { echo-reply, echo-request} icmp id != 33-45 -icmp sequence 22;ok -icmp sequence != 233;ok -icmp sequence 33-45;ok -icmp sequence != 33-45;ok -icmp sequence { 33, 55, 67, 88};ok -icmp sequence != { 33, 55, 67, 88};ok -icmp sequence { 33-55};ok -icmp sequence != { 33-55};ok +icmp id { 22, 34, 333};ok;icmp type { echo-request, echo-reply} icmp id { 22, 34, 333} +icmp id != { 22, 34, 333};ok;icmp type { echo-request, echo-reply} icmp id != { 22, 34, 333} + +icmp sequence 22;ok;icmp type { echo-reply, echo-request} icmp sequence 22 +icmp sequence != 233;ok;icmp type { echo-reply, echo-request} icmp sequence != 233 +icmp sequence 33-45;ok;icmp type { echo-reply, echo-request} icmp sequence 33-45 +icmp sequence != 33-45;ok;icmp type { echo-reply, echo-request} icmp sequence != 33-45 +icmp sequence { 33, 55, 67, 88};ok;icmp type { echo-request, echo-reply} icmp sequence { 33, 55, 67, 88} +icmp sequence != { 33, 55, 67, 88};ok;icmp type { echo-request, echo-reply} icmp sequence != { 33, 55, 67, 88} +icmp id 1 icmp sequence 2;ok;icmp type { echo-reply, echo-request} icmp id 1 icmp sequence 2 +icmp type { echo-reply, echo-request} icmp id 1 icmp sequence 2;ok +icmp type echo-reply icmp id 1;ok icmp mtu 33;ok icmp mtu 22-33;ok -icmp mtu { 22-33};ok -icmp mtu != { 22-33};ok icmp mtu 22;ok icmp mtu != 233;ok icmp mtu 33-45;ok icmp mtu != 33-45;ok icmp mtu { 33, 55, 67, 88};ok icmp mtu != { 33, 55, 67, 88};ok -icmp mtu { 33-55};ok -icmp mtu != { 33-55};ok icmp gateway 22;ok icmp gateway != 233;ok @@ -78,7 +70,8 @@ icmp gateway 33-45;ok icmp gateway != 33-45;ok icmp gateway { 33, 55, 67, 88};ok icmp gateway != { 33, 55, 67, 88};ok -icmp gateway { 33-55};ok -icmp gateway != { 33-55};ok icmp gateway != 34;ok icmp gateway != { 333, 334};ok + +icmp code 1 icmp type 2;ok;icmp type 2 icmp code 1 +icmp code != 1 icmp type 2 icmp mtu 5;fail diff --git a/tests/py/ip/icmp.t.json b/tests/py/ip/icmp.t.json index 4e172745..45e04c78 100644 --- a/tests/py/ip/icmp.t.json +++ b/tests/py/ip/icmp.t.json @@ -8,7 +8,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "echo-reply" } }, @@ -27,7 +27,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "destination-unreachable" } }, @@ -46,7 +46,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "source-quench" } }, @@ -65,7 +65,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "redirect" } }, @@ -84,7 +84,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "echo-request" } }, @@ -103,7 +103,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "time-exceeded" } }, @@ -122,7 +122,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "parameter-problem" } }, @@ -141,7 +141,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "timestamp-request" } }, @@ -160,7 +160,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "timestamp-reply" } }, @@ -179,7 +179,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "info-request" } }, @@ -198,7 +198,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "info-reply" } }, @@ -217,7 +217,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "address-mask-request" } }, @@ -236,7 +236,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "address-mask-reply" } }, @@ -255,7 +255,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "router-advertisement" } }, @@ -274,7 +274,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "router-solicitation" } }, @@ -293,7 +293,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ "echo-reply", @@ -301,6 +301,8 @@ "source-quench", "redirect", "echo-request", + "router-advertisement", + "router-solicitation", "time-exceeded", "parameter-problem", "timestamp-request", @@ -308,9 +310,7 @@ "info-request", "info-reply", "address-mask-request", - "address-mask-reply", - "router-advertisement", - "router-solicitation" + "address-mask-reply" ] } } @@ -352,7 +352,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 111 } }, @@ -390,53 +390,18 @@ "protocol": "icmp" } }, - "op": "==", - "right": { - "range": [ 33, 55 ] - } - } - } -] - -# icmp code != 33-55 -[ - { - "match": { - "left": { - "payload": { - "field": "code", - "protocol": "icmp" - } - }, - "op": "!=", - "right": { - "range": [ 33, 55 ] - } - } - } -] - -# icmp code { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "code", - "protocol": "icmp" - } - }, - "op": "==", + "op": "==", "right": { - "set": [ - { "range": [ 33, 55 ] } + "range": [ + 33, + 55 ] } } } ] -# icmp code != { 33-55} +# icmp code != 33-55 [ { "match": { @@ -448,8 +413,9 @@ }, "op": "!=", "right": { - "set": [ - { "range": [ 33, 55 ] } + "range": [ + 33, + 55 ] } } @@ -466,7 +432,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ 2, @@ -480,7 +446,7 @@ } ] -# icmp code != { prot-unreachable, 4, 33, 54, 56} +# icmp code != { prot-unreachable, frag-needed, 33, 54, 56} [ { "match": { @@ -493,7 +459,7 @@ "op": "!=", "right": { "set": [ - "prot-unreachable", + 2, 4, 33, 54, @@ -514,7 +480,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 12343 } }, @@ -552,52 +518,11 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { - "range": [ 11, 343 ] - } - } - }, - { - "accept": null - } -] - -# icmp checksum != 11-343 accept -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "icmp" - } - }, - "op": "!=", - "right": { - "range": [ 11, 343 ] - } - } - }, - { - "accept": null - } -] - -# icmp checksum { 11-343} accept -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "icmp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 11, 343 ] } + "range": [ + 11, + 343 ] } } @@ -607,7 +532,7 @@ } ] -# icmp checksum != { 11-343} accept +# icmp checksum != 11-343 accept [ { "match": { @@ -619,8 +544,9 @@ }, "op": "!=", "right": { - "set": [ - { "range": [ 11, 343 ] } + "range": [ + 11, + 343 ] } } @@ -640,12 +566,12 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ - 1111, 222, - 343 + 343, + 1111 ] } } @@ -668,9 +594,9 @@ "op": "!=", "right": { "set": [ - 1111, 222, - 343 + 343, + 1111 ] } } @@ -690,7 +616,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 1245 } }, @@ -709,7 +635,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 22 } } @@ -737,20 +663,19 @@ "match": { "left": { "payload": { - "field": "id", + "field": "type", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { - "range": [ 33, 45 ] + "set": [ + "echo-reply", + "echo-request" + ] } } - } -] - -# icmp id != 33-45 -[ + }, { "match": { "left": { @@ -759,36 +684,36 @@ "protocol": "icmp" } }, - "op": "!=", + "op": "==", "right": { - "range": [ 33, 45 ] + "range": [ + 33, + 45 + ] } } } ] -# icmp id { 33-55} +# icmp id != 33-45 [ { "match": { "left": { "payload": { - "field": "id", + "field": "type", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + "echo-reply", + "echo-request" ] } } - } -] - -# icmp id != { 33-55} -[ + }, { "match": { "left": { @@ -799,8 +724,9 @@ }, "op": "!=", "right": { - "set": [ - { "range": [ 33, 55 ] } + "range": [ + 33, + 45 ] } } @@ -813,11 +739,28 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "id", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ 22, @@ -835,6 +778,23 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "id", "protocol": "icmp" } @@ -857,11 +817,28 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 22 } } @@ -873,6 +850,23 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } @@ -889,13 +883,33 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { - "range": [ 33, 45 ] + "range": [ + 33, + 45 + ] } } } @@ -907,13 +921,33 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } }, "op": "!=", "right": { - "range": [ 33, 45 ] + "range": [ + 33, + 45 + ] } } } @@ -925,11 +959,28 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ 33, @@ -948,6 +999,23 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } @@ -965,121 +1033,125 @@ } ] -# icmp sequence { 33-55} +# icmp id 1 icmp sequence 2 [ { "match": { "left": { "payload": { - "field": "sequence", + "field": "type", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + "echo-reply", + "echo-request" ] } } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "protocol": "icmp" + } + }, + "op": "==", + "right": 2 + } } ] -# icmp sequence != { 33-55} +# icmp type { echo-reply, echo-request} icmp id 1 icmp sequence 2 [ { "match": { "left": { "payload": { - "field": "sequence", + "field": "type", "protocol": "icmp" } }, - "op": "!=", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + "echo-reply", + "echo-request" ] } } - } -] - -# icmp mtu 33 -[ + }, { "match": { "left": { "payload": { - "field": "mtu", + "field": "id", "protocol": "icmp" } }, - "op": "==", - "right": 33 + "op": "==", + "right": 1 } - } -] - -# icmp mtu 22-33 -[ + }, { "match": { "left": { "payload": { - "field": "mtu", + "field": "sequence", "protocol": "icmp" } }, - "op": "==", - "right": { - "range": [ 22, 33 ] - } + "op": "==", + "right": 2 } } ] -# icmp mtu { 22-33} +# icmp type echo-reply icmp id 1 [ { "match": { "left": { "payload": { - "field": "mtu", + "field": "type", "protocol": "icmp" } }, - "op": "==", - "right": { - "set": [ - { "range": [ 22, 33 ] } - ] - } + "op": "==", + "right": "echo-reply" } - } -] - -# icmp mtu != { 22-33} -[ + }, { "match": { "left": { "payload": { - "field": "mtu", + "field": "id", "protocol": "icmp" } }, - "op": "!=", - "right": { - "set": [ - { "range": [ 22, 33 ] } - ] - } + "op": "==", + "right": 1 } } ] -# icmp mtu 22 +# icmp mtu 33 [ { "match": { @@ -1089,13 +1161,13 @@ "protocol": "icmp" } }, - "op": "==", - "right": 22 + "op": "==", + "right": 33 } } ] -# icmp mtu != 233 +# icmp mtu 22-33 [ { "match": { @@ -1105,13 +1177,18 @@ "protocol": "icmp" } }, - "op": "!=", - "right": 233 + "op": "==", + "right": { + "range": [ + 22, + 33 + ] + } } } ] -# icmp mtu 33-45 +# icmp mtu 22 [ { "match": { @@ -1121,15 +1198,13 @@ "protocol": "icmp" } }, - "op": "==", - "right": { - "range": [ 33, 45 ] - } + "op": "==", + "right": 22 } } ] -# icmp mtu != 33-45 +# icmp mtu != 233 [ { "match": { @@ -1140,14 +1215,12 @@ } }, "op": "!=", - "right": { - "range": [ 33, 45 ] - } + "right": 233 } } ] -# icmp mtu { 33, 55, 67, 88} +# icmp mtu 33-45 [ { "match": { @@ -1157,20 +1230,18 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { - "set": [ + "range": [ 33, - 55, - 67, - 88 + 45 ] } } } ] -# icmp mtu != { 33, 55, 67, 88} +# icmp mtu != 33-45 [ { "match": { @@ -1182,18 +1253,16 @@ }, "op": "!=", "right": { - "set": [ + "range": [ 33, - 55, - 67, - 88 + 45 ] } } } ] -# icmp mtu { 33-55} +# icmp mtu { 33, 55, 67, 88} [ { "match": { @@ -1203,17 +1272,20 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + 33, + 55, + 67, + 88 ] } } } ] -# icmp mtu != { 33-55} +# icmp mtu != { 33, 55, 67, 88} [ { "match": { @@ -1226,7 +1298,10 @@ "op": "!=", "right": { "set": [ - { "range": [ 33, 55 ] } + 33, + 55, + 67, + 88 ] } } @@ -1243,7 +1318,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 22 } } @@ -1275,9 +1350,12 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { - "range": [ 33, 45 ] + "range": [ + 33, + 45 + ] } } } @@ -1295,7 +1373,10 @@ }, "op": "!=", "right": { - "range": [ 33, 45 ] + "range": [ + 33, + 45 + ] } } } @@ -1311,7 +1392,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ 33, @@ -1347,7 +1428,7 @@ } ] -# icmp gateway { 33-55} +# icmp gateway != 34 [ { "match": { @@ -1357,17 +1438,13 @@ "protocol": "icmp" } }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } + "op": "!=", + "right": 34 } } ] -# icmp gateway != { 33-55} +# icmp gateway != { 333, 334} [ { "match": { @@ -1380,47 +1457,38 @@ "op": "!=", "right": { "set": [ - { "range": [ 33, 55 ] } + 333, + 334 ] } } } ] -# icmp gateway != 34 +# icmp code 1 icmp type 2 [ { "match": { "left": { "payload": { - "field": "gateway", + "field": "type", "protocol": "icmp" } }, - "op": "!=", - "right": 34 + "op": "==", + "right": 2 } - } -] - -# icmp gateway != { 333, 334} -[ + }, { "match": { "left": { "payload": { - "field": "gateway", + "field": "code", "protocol": "icmp" } }, - "op": "!=", - "right": { - "set": [ - 333, - 334 - ] - } + "op": "==", + "right": 1 } } ] - diff --git a/tests/py/ip/icmp.t.json.output b/tests/py/ip/icmp.t.json.output index e8045bb8..d79e72b5 100644 --- a/tests/py/ip/icmp.t.json.output +++ b/tests/py/ip/icmp.t.json.output @@ -1,4 +1,4 @@ -# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply, router-advertisement, router-solicitation} accept +# icmp id 1245 log [ { "match": { @@ -8,104 +8,138 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ "echo-reply", - "destination-unreachable", - "source-quench", - "redirect", - "echo-request", - "router-advertisement", - "router-solicitation", - "time-exceeded", - "parameter-problem", - "timestamp-request", - "timestamp-reply", - "info-request", - "info-reply", - "address-mask-request", - "address-mask-reply" + "echo-request" ] } } }, { - "accept": null + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "==", + "right": 1245 + } + }, + { + "log": null } ] -# icmp code { 2, 4, 54, 33, 56} +# icmp id 22 [ { "match": { "left": { "payload": { - "field": "code", + "field": "type", "protocol": "icmp" } }, "op": "==", "right": { "set": [ - "prot-unreachable", - 4, - 33, - 54, - 56 + "echo-reply", + "echo-request" ] } } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "==", + "right": 22 + } } ] -# icmp checksum { 1111, 222, 343} accept +# icmp id != 233 [ { "match": { "left": { "payload": { - "field": "checksum", + "field": "type", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ - 222, - 343, - 1111 + "echo-reply", + "echo-request" ] } } }, { - "accept": null + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "!=", + "right": 233 + } } ] -# icmp checksum != { 1111, 222, 343} accept +# icmp id { 33-55} [ { "match": { "left": { "payload": { - "field": "checksum", + "field": "type", "protocol": "icmp" } }, - "op": "!=", + "op": "==", "right": { "set": [ - 222, - 343, - 1111 + "echo-reply", + "echo-request" ] } } }, { - "accept": null + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + { + "range": [ + 33, + 55 + ] + } + ] + } + } } ] + diff --git a/tests/py/ip/icmp.t.payload.ip b/tests/py/ip/icmp.t.payload.ip index 27f22207..3bc6de3c 100644 --- a/tests/py/ip/icmp.t.payload.ip +++ b/tests/py/ip/icmp.t.payload.ip @@ -102,17 +102,6 @@ ip test-ip4 input [ cmp eq reg 1 0x00000012 ] [ immediate reg 0 accept ] -# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept -__set%d test-ip4 3 -__set%d test-ip4 0 - element 00000000 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000008 : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] element 0000000d : 0 [end] element 0000000e : 0 [end] element 0000000f : 0 [end] element 00000010 : 0 [end] element 00000011 : 0 [end] element 00000012 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - [ immediate reg 0 accept ] - # icmp type != {echo-reply, destination-unreachable, source-quench} __set%d test-ip4 3 __set%d test-ip4 0 @@ -154,26 +143,6 @@ ip test-ip4 input [ payload load 1b @ transport header + 1 => reg 1 ] [ range neq reg 1 0x00000021 0x00000037 ] -# icmp code { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmp code != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # icmp code { 2, 4, 54, 33, 56} __set%d test-ip4 3 __set%d test-ip4 0 @@ -184,7 +153,7 @@ ip test-ip4 input [ payload load 1b @ transport header + 1 => reg 1 ] [ lookup reg 1 set __set%d ] -# icmp code != { prot-unreachable, 4, 33, 54, 56} +# icmp code != { prot-unreachable, frag-needed, 33, 54, 56} __set%d test-ip4 3 __set%d test-ip4 0 element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000036 : 0 [end] element 00000021 : 0 [end] element 00000038 : 0 [end] @@ -227,28 +196,6 @@ ip test-ip4 input [ range neq reg 1 0x00000b00 0x00005701 ] [ immediate reg 0 accept ] -# icmp checksum { 11-343} accept -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - [ immediate reg 0 accept ] - -# icmp checksum != { 11-343} accept -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - [ immediate reg 0 accept ] - # icmp checksum { 1111, 222, 343} accept __set%d test-ip4 3 __set%d test-ip4 0 @@ -272,155 +219,215 @@ ip test-ip4 input [ immediate reg 0 accept ] # icmp id 1245 log +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ cmp eq reg 1 0x0000dd04 ] [ log ] # icmp id 22 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ cmp eq reg 1 0x00001600 ] # icmp id != 233 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] # icmp id 33-45 +__set%d test-ip4 3 +__set%d test-ip4 input + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] # icmp id != 33-45 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ range neq reg 1 0x00002100 0x00002d00 ] - -# icmp id { 33-55} -__set%d test-ip4 7 +__set%d test-ip4 3 __set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] + [ payload load 1b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d ] - -# icmp id != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ range neq reg 1 0x00002100 0x00002d00 ] # icmp id { 22, 34, 333} __set%d test-ip4 3 __set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] +__set%d test-ip4 3 +__set%d test-ip4 0 element 00001600 : 0 [end] element 00002200 : 0 [end] element 00004d01 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] # icmp id != { 22, 34, 333} __set%d test-ip4 3 __set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] +__set%d test-ip4 3 +__set%d test-ip4 0 element 00001600 : 0 [end] element 00002200 : 0 [end] element 00004d01 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # icmp sequence 22 -ip test-ip4 input +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] +ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp eq reg 1 0x00001600 ] # icmp sequence != 233 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] # icmp sequence 33-45 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] # icmp sequence != 33-45 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] # icmp sequence { 33, 55, 67, 88} __set%d test-ip4 3 __set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] +__set%d test-ip4 3 +__set%d test-ip4 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] # icmp sequence != { 33, 55, 67, 88} __set%d test-ip4 3 __set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] +__set%d test-ip4 3 +__set%d test-ip4 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# icmp sequence { 33-55} -__set%d test-ip4 7 +# icmp id 1 icmp sequence 2 +__set%d test-ip4 3 __set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input + element 00000008 : 0 [end] element 00000000 : 0 [end] +ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] + [ payload load 1b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x02000100 ] -# icmp sequence != { 33-55} -__set%d test-ip4 7 +# icmp type { echo-reply, echo-request} icmp id 1 icmp sequence 2 +__set%d test-ip4 3 __set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input + element 00000000 : 0 [end] element 00000008 : 0 [end] +ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x02000100 ] + +# icmp type echo-reply icmp id 1 +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000100 ] # icmp mtu 33 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp eq reg 1 0x00002100 ] @@ -428,34 +435,18 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp gte reg 1 0x00001600 ] [ cmp lte reg 1 0x00002100 ] -# icmp mtu { 22-33} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmp mtu != { 22-33} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # icmp mtu 22 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp eq reg 1 0x00001600 ] @@ -463,6 +454,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] @@ -470,6 +463,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] @@ -478,6 +473,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] @@ -488,6 +485,8 @@ __set%d test-ip4 0 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] @@ -498,26 +497,8 @@ __set%d test-ip4 0 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# icmp mtu { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmp mtu != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] @@ -525,6 +506,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp eq reg 1 0x16000000 ] @@ -532,6 +515,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp neq reg 1 0xe9000000 ] @@ -539,6 +524,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp gte reg 1 0x21000000 ] [ cmp lte reg 1 0x2d000000 ] @@ -547,6 +534,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ range neq reg 1 0x21000000 0x2d000000 ] @@ -557,6 +546,8 @@ __set%d test-ip4 0 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] @@ -567,26 +558,8 @@ __set%d test-ip4 0 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# icmp gateway { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmp gateway != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] @@ -594,6 +567,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp neq reg 1 0x22000000 ] @@ -604,6 +579,8 @@ __set%d test-ip4 0 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] @@ -634,3 +611,9 @@ ip test-ip4 input [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# icmp code 1 icmp type 2 +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000102 ] diff --git a/tests/py/ip/igmp.t b/tests/py/ip/igmp.t index 939dcc32..a556e475 100644 --- a/tests/py/ip/igmp.t +++ b/tests/py/ip/igmp.t @@ -16,8 +16,6 @@ igmp checksum 12343;ok igmp checksum != 12343;ok igmp checksum 11-343;ok igmp checksum != 11-343;ok -igmp checksum { 11-343};ok -igmp checksum != { 11-343};ok igmp checksum { 1111, 222, 343};ok igmp checksum != { 1111, 222, 343};ok diff --git a/tests/py/ip/igmp.t.json b/tests/py/ip/igmp.t.json index 66dd3bb7..0e2a43f3 100644 --- a/tests/py/ip/igmp.t.json +++ b/tests/py/ip/igmp.t.json @@ -196,56 +196,6 @@ } ] -# igmp checksum { 11-343} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "igmp" - } - }, - "op": "==", - "right": { - "set": [ - { - "range": [ - 11, - 343 - ] - } - ] - } - } - } -] - -# igmp checksum != { 11-343} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "igmp" - } - }, - "op": "!=", - "right": { - "set": [ - { - "range": [ - 11, - 343 - ] - } - ] - } - } - } -] - # igmp checksum { 1111, 222, 343} [ { diff --git a/tests/py/ip/igmp.t.payload b/tests/py/ip/igmp.t.payload index 1319c324..940fe2cd 100644 --- a/tests/py/ip/igmp.t.payload +++ b/tests/py/ip/igmp.t.payload @@ -62,150 +62,6 @@ ip test-ip4 input [ payload load 2b @ transport header + 2 => reg 1 ] [ range neq reg 1 0x00000b00 0x00005701 ] -# igmp checksum { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp checksum != { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# igmp checksum { 1111, 222, 343} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp checksum != { 1111, 222, 343} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# igmp type membership-query -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - -# igmp type membership-report-v1 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000012 ] - -# igmp type membership-report-v2 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# igmp type membership-report-v3 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000022 ] - -# igmp type leave-group -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000017 ] - -# igmp type { membership-report-v1, membership-report-v2, membership-report-v3} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00000012 : 0 [end] element 00000016 : 0 [end] element 00000022 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp type != { membership-report-v1, membership-report-v2, membership-report-v3} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00000012 : 0 [end] element 00000016 : 0 [end] element 00000022 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# igmp checksum 12343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003730 ] - -# igmp checksum != 12343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003730 ] - -# igmp checksum 11-343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00000b00 ] - [ cmp lte reg 1 0x00005701 ] - -# igmp checksum != 11-343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ range neq reg 1 0x00000b00 0x00005701 ] - -# igmp checksum { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp checksum != { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # igmp checksum { 1111, 222, 343} __set%d test-ip4 3 size 3 __set%d test-ip4 0 @@ -226,41 +82,6 @@ ip test-ip4 input [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# igmp type membership-query -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - -# igmp type membership-report-v1 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000012 ] - -# igmp type membership-report-v2 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# igmp type membership-report-v3 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000022 ] - -# igmp type leave-group -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000017 ] - # igmp type { membership-report-v1, membership-report-v2, membership-report-v3} __set%d test-ip4 3 size 3 __set%d test-ip4 0 @@ -281,75 +102,6 @@ ip test-ip4 input [ payload load 1b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# igmp checksum 12343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003730 ] - -# igmp checksum != 12343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003730 ] - -# igmp checksum 11-343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00000b00 ] - [ cmp lte reg 1 0x00005701 ] - -# igmp checksum != 11-343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ range neq reg 1 0x00000b00 0x00005701 ] - -# igmp checksum { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp checksum != { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# igmp checksum { 1111, 222, 343} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp checksum != { 1111, 222, 343} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # igmp mrt 10 ip test-ip4 input [ meta load l4proto => reg 1 ] diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t index 0421d01b..e6999c29 100644 --- a/tests/py/ip/ip.t +++ b/tests/py/ip/ip.t @@ -1,10 +1,11 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *inet;test-inet;input *bridge;test-bridge;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress - ip version 2;ok @@ -39,8 +40,6 @@ ip length 333-435;ok ip length != 333-453;ok ip length { 333, 553, 673, 838};ok ip length != { 333, 553, 673, 838};ok -ip length { 333-535};ok -ip length != { 333-535};ok ip id 22;ok ip id != 233;ok @@ -48,17 +47,16 @@ ip id 33-45;ok ip id != 33-45;ok ip id { 33, 55, 67, 88};ok ip id != { 33, 55, 67, 88};ok -ip id { 33-55};ok -ip id != { 33-55};ok - -ip frag-off 222 accept;ok -ip frag-off != 233;ok -ip frag-off 33-45;ok -ip frag-off != 33-45;ok -ip frag-off { 33, 55, 67, 88};ok -ip frag-off != { 33, 55, 67, 88};ok -ip frag-off { 33-55};ok -ip frag-off != { 33-55};ok + +ip frag-off 0xde accept;ok +ip frag-off != 0xe9;ok +ip frag-off 0x21-0x2d;ok +ip frag-off != 0x21-0x2d;ok +ip frag-off { 0x21, 0x37, 0x43, 0x58};ok +ip frag-off != { 0x21, 0x37, 0x43, 0x58};ok +ip frag-off & 0x1fff != 0x0;ok +ip frag-off & 0x2000 != 0x0;ok +ip frag-off & 0x4000 != 0x0;ok ip ttl 0 drop;ok ip ttl 233;ok @@ -66,8 +64,6 @@ ip ttl 33-55;ok ip ttl != 45-50;ok ip ttl {43, 53, 45 };ok ip ttl != {43, 53, 45 };ok -ip ttl { 33-55};ok -ip ttl != { 33-55};ok ip protocol tcp;ok;ip protocol 6 ip protocol != tcp;ok;ip protocol != 6 @@ -84,23 +80,19 @@ ip checksum 33-45;ok ip checksum != 33-45;ok ip checksum { 33, 55, 67, 88};ok ip checksum != { 33, 55, 67, 88};ok -ip checksum { 33-55};ok -ip checksum != { 33-55};ok ip saddr set {192.19.1.2, 191.1.22.1};fail ip saddr 192.168.2.0/24;ok ip saddr != 192.168.2.0/24;ok ip saddr 192.168.3.1 ip daddr 192.168.3.100;ok -ip saddr != 1.1.1.1;ok;ip saddr != 1.1.1.1 -ip saddr 1.1.1.1;ok;ip saddr 1.1.1.1 +ip saddr != 1.1.1.1;ok +ip saddr 1.1.1.1;ok ip daddr 192.168.0.1-192.168.0.250;ok ip daddr 10.0.0.0-10.255.255.255;ok ip daddr 172.16.0.0-172.31.255.255;ok ip daddr 192.168.3.1-192.168.4.250;ok ip daddr != 192.168.0.1-192.168.0.250;ok -ip daddr { 192.168.0.1-192.168.0.250};ok -ip daddr != { 192.168.0.1-192.168.0.250};ok ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok @@ -135,3 +127,11 @@ iif "lo" ip protocol set 1;ok iif "lo" ip dscp set af23;ok iif "lo" ip dscp set cs0;ok + +ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 };ok +ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept };ok + +ip saddr 1.2.3.4 ip daddr 3.4.5.6;ok +ip saddr 1.2.3.4 counter ip daddr 3.4.5.6;ok + +ip dscp 1/6;ok;ip dscp & 0x3f == lephb diff --git a/tests/py/ip/ip.t.json b/tests/py/ip/ip.t.json index 3131ab79..a170e5c1 100644 --- a/tests/py/ip/ip.t.json +++ b/tests/py/ip/ip.t.json @@ -270,46 +270,6 @@ } ] -# ip length { 333-535} -[ - { - "match": { - "left": { - "payload": { - "field": "length", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 333, 535 ] } - ] - } - } - } -] - -# ip length != { 333-535} -[ - { - "match": { - "left": { - "payload": { - "field": "length", - "protocol": "ip" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 333, 535 ] } - ] - } - } - } -] - # ip id 22 [ { @@ -424,47 +384,7 @@ } ] -# ip id { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "id", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# ip id != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "id", - "protocol": "ip" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# ip frag-off 222 accept +# ip frag-off 0xde accept [ { "match": { @@ -483,7 +403,7 @@ } ] -# ip frag-off != 233 +# ip frag-off != 0xe9 [ { "match": { @@ -499,7 +419,7 @@ } ] -# ip frag-off 33-45 +# ip frag-off 0x21-0x2d [ { "match": { @@ -517,7 +437,7 @@ } ] -# ip frag-off != 33-45 +# ip frag-off != 0x21-0x2d [ { "match": { @@ -535,7 +455,7 @@ } ] -# ip frag-off { 33, 55, 67, 88} +# ip frag-off { 0x21, 0x37, 0x43, 0x58} [ { "match": { @@ -558,7 +478,7 @@ } ] -# ip frag-off != { 33, 55, 67, 88} +# ip frag-off != { 0x21, 0x37, 0x43, 0x58} [ { "match": { @@ -581,42 +501,65 @@ } ] -# ip frag-off { 33-55} +# ip frag-off & 0x1fff != 0x0 [ { "match": { "left": { - "payload": { - "field": "frag-off", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } + "&": [ + { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + 8191 ] - } + }, + "op": "!=", + "right": 0 } } ] -# ip frag-off != { 33-55} +# ip frag-off & 0x2000 != 0x0 [ { "match": { "left": { - "payload": { - "field": "frag-off", - "protocol": "ip" - } + "&": [ + { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + 8192 + ] }, "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } + "right": 0 + } + } +] + +# ip frag-off & 0x4000 != 0x0 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + 16384 ] - } + }, + "op": "!=", + "right": 0 } } ] @@ -736,46 +679,6 @@ } ] -# ip ttl { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "ttl", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# ip ttl != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "ttl", - "protocol": "ip" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # ip protocol tcp [ { @@ -1019,46 +922,6 @@ } ] -# ip checksum { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# ip checksum != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "ip" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # ip saddr 192.168.2.0/24 [ { @@ -1251,46 +1114,6 @@ } ] -# ip daddr { 192.168.0.1-192.168.0.250} -[ - { - "match": { - "left": { - "payload": { - "field": "daddr", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ "192.168.0.1", "192.168.0.250" ] } - ] - } - } - } -] - -# ip daddr != { 192.168.0.1-192.168.0.250} -[ - { - "match": { - "left": { - "payload": { - "field": "daddr", - "protocol": "ip" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ "192.168.0.1", "192.168.0.250" ] } - ] - } - } - } -] - # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept [ { @@ -1836,3 +1659,174 @@ } ] +# ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "192.0.2.1", + { + "range": [ + "10.0.0.1", + "10.0.0.2" + ] + } + ] + } + ] + } + } + } +] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +[ + { + "vmap": { + "data": { + "set": [ + [ + { + "concat": [ + { + "range": [ + "192.168.5.1", + "192.168.5.128" + ] + }, + { + "range": [ + "192.168.6.1", + "192.168.6.128" + ] + } + ] + }, + { + "accept": null + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + } + ] + } + } + } +] + +# ip saddr 1.2.3.4 ip daddr 3.4.5.6 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "3.4.5.6" + } + } +] + +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + }, + { + "counter": { + "bytes": 0, + "packets": 0 + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "3.4.5.6" + } + } +] + +# ip dscp 1/6 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 63 + ] + }, + "op": "==", + "right": "lephb" + } + } +] diff --git a/tests/py/ip/ip.t.json.output b/tests/py/ip/ip.t.json.output index b201cdaa..351ae935 100644 --- a/tests/py/ip/ip.t.json.output +++ b/tests/py/ip/ip.t.json.output @@ -230,3 +230,34 @@ } ] +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + }, + { + "counter": null + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "3.4.5.6" + } + } +] + diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload index d627b22f..d7ddf7be 100644 --- a/tests/py/ip/ip.t.payload +++ b/tests/py/ip/ip.t.payload @@ -1,25 +1,25 @@ # ip dscp cs1 ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000020 ] # ip dscp != cs1 ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000020 ] # ip dscp 0x38 ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000e0 ] # ip dscp != 0x20 ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000080 ] # ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} @@ -28,7 +28,7 @@ __set%d test-ip4 0 element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000060 : 0 [end] element 00000080 : 0 [end] element 000000a0 : 0 [end] element 000000c0 : 0 [end] element 000000e0 : 0 [end] element 00000000 : 0 [end] element 00000028 : 0 [end] element 00000030 : 0 [end] element 00000038 : 0 [end] element 00000048 : 0 [end] element 00000050 : 0 [end] element 00000058 : 0 [end] element 00000068 : 0 [end] element 00000070 : 0 [end] element 00000078 : 0 [end] element 00000088 : 0 [end] element 00000090 : 0 [end] element 00000098 : 0 [end] element 000000b8 : 0 [end] ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip dscp != {cs0, cs3} @@ -37,16 +37,16 @@ __set%d test-ip4 0 element 00000000 : 0 [end] element 00000060 : 0 [end] ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] # ip dscp vmap { cs1 : continue , cs4 : accept } counter __map%d test-ip4 b size 2 __map%d test-ip4 0 - element 00000020 : 0 [end] element 00000080 : 0 [end] + element 00000020 : continue 0 [end] element 00000080 : accept 0 [end] ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -87,22 +87,6 @@ ip test-ip4 input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip length { 333-535} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip length != { 333-535} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip id 22 ip test-ip4 input [ payload load 2b @ network header + 4 => reg 1 ] @@ -140,45 +124,29 @@ ip test-ip4 input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip id { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip id != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# ip frag-off 222 accept +# ip frag-off 0xde accept ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x0000de00 ] [ immediate reg 0 accept ] -# ip frag-off != 233 +# ip frag-off != 0xe9 ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] -# ip frag-off 33-45 +# ip frag-off 0x21-0x2d ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] -# ip frag-off != 33-45 +# ip frag-off != 0x21-0x2d ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] -# ip frag-off { 33, 55, 67, 88} +# ip frag-off { 0x21, 0x37, 0x43, 0x58} __set%d test-ip4 3 __set%d test-ip4 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -186,7 +154,7 @@ ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] -# ip frag-off != { 33, 55, 67, 88} +# ip frag-off != { 0x21, 0x37, 0x43, 0x58} __set%d test-ip4 3 __set%d test-ip4 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -194,21 +162,23 @@ ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip frag-off { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x1fff != 0x0 ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] -# ip frag-off != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x2000 != 0x0 ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] # ip ttl 0 drop ip test-ip4 input @@ -248,22 +218,6 @@ ip test-ip4 input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip ttl { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip ttl != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip protocol tcp ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -340,32 +294,14 @@ ip test-ip4 input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip checksum { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip checksum != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip saddr 192.168.2.0/24 ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x0002a8c0 ] # ip saddr != 192.168.2.0/24 ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp neq reg 1 0x0002a8c0 ] # ip saddr 192.168.3.1 ip daddr 192.168.3.100 @@ -414,22 +350,6 @@ ip test-ip4 input [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] -# ip daddr { 192.168.0.1-192.168.0.250} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip daddr != { 192.168.0.1-192.168.0.250} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-ip4 3 __set%d test-ip4 0 @@ -489,59 +409,49 @@ ip test-ip4 input # ip saddr & 0xff == 1 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] # ip saddr & 0.0.0.255 < 0.0.0.127 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] # ip saddr & 0xffff0000 == 0xffff0000 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000ffff ] -# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} -__set%d test-ip 3 -__set%d test-ip 0 - element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] -ip test-ip input - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 1b @ network header + 9 => reg 10 ] - [ lookup reg 1 set __set%d ] - # ip version 4 ip hdrlength 5 ip test-ip4 input [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000040 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000005 ] # ip hdrlength 0 ip test-ip4 input [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # ip hdrlength 15 ip test-ip4 input [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000f ] # ip hdrlength vmap { 0-4 : drop, 5 : accept, 6 : continue } counter __map%d test-ip4 f size 4 __map%d test-ip4 0 - element 00000000 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 1 [end] + element 00000000 : drop 0 [end] element 00000005 : accept 0 [end] element 00000006 : continue 0 [end] element 00000007 : 1 [end] ip test-ip4 input [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -571,7 +481,7 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ecn set ce @@ -579,7 +489,7 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000300 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000300 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set af23 @@ -587,7 +497,7 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00005800 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00005800 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set cs0 @@ -595,7 +505,7 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00000000 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ttl set 23 @@ -603,7 +513,7 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff00 ) ^ 0x00000017 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff00 ) ^ 0x00000017 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip protocol set 1 @@ -611,6 +521,46 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000ff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x000000ff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x1 ] +# ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 } +__set%d test-ip4 87 size 1 +__set%d test-ip4 0 + element 010200c0 0100000a - 010200c0 0200000a : 0 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +__map%d test-ip4 8f size 1 +__map%d test-ip4 0 + element 0105a8c0 0106a8c0 - 8005a8c0 8006a8c0 : accept 0 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# ip saddr 1.2.3.4 ip daddr 3.4.5.6 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ counter pkts 0 bytes 0 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip dscp 1/6 +ip test-ip4 input + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip.t.payload.bridge b/tests/py/ip/ip.t.payload.bridge index 91a4fde3..53f881d3 100644 --- a/tests/py/ip/ip.t.payload.bridge +++ b/tests/py/ip/ip.t.payload.bridge @@ -3,7 +3,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000020 ] # ip dscp != cs1 @@ -11,7 +11,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000020 ] # ip dscp 0x38 @@ -19,7 +19,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000e0 ] # ip dscp != 0x20 @@ -27,7 +27,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000080 ] # ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} @@ -38,7 +38,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip dscp != {cs0, cs3} @@ -49,18 +49,18 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] # ip dscp vmap { cs1 : continue , cs4 : accept } counter __map%d test-bridge b size 2 __map%d test-bridge 0 - element 00000020 : 0 [end] element 00000080 : 0 [end] + element 00000020 : continue 0 [end] element 00000080 : accept 0 [end] bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -113,26 +113,6 @@ bridge test-bridge input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip length { 333-535} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip length != { 333-535} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip id 22 bridge test-bridge input [ meta load protocol => reg 1 ] @@ -182,27 +162,7 @@ bridge test-bridge input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip id { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip id != { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# ip frag-off 222 accept +# ip frag-off 0xde accept bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -210,14 +170,14 @@ bridge test-bridge input [ cmp eq reg 1 0x0000de00 ] [ immediate reg 0 accept ] -# ip frag-off != 233 +# ip frag-off != 0xe9 bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] -# ip frag-off 33-45 +# ip frag-off 0x21-0x2d bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -225,14 +185,14 @@ bridge test-bridge input [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] -# ip frag-off != 33-45 +# ip frag-off != 0x21-0x2d bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] -# ip frag-off { 33, 55, 67, 88} +# ip frag-off { 0x21, 0x37, 0x43, 0x58} __set%d test-bridge 3 size 4 __set%d test-bridge 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -242,7 +202,7 @@ bridge test-bridge input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] -# ip frag-off != { 33, 55, 67, 88} +# ip frag-off != { 0x21, 0x37, 0x43, 0x58} __set%d test-bridge 3 size 4 __set%d test-bridge 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -252,25 +212,29 @@ bridge test-bridge input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip frag-off { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x1fff != 0x0 bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] -# ip frag-off != { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x2000 != 0x0 bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] # ip ttl 0 drop bridge test-bridge input @@ -322,26 +286,6 @@ bridge test-bridge input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip ttl { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip ttl != { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip protocol tcp bridge test-bridge input [ meta load protocol => reg 1 ] @@ -442,40 +386,18 @@ bridge test-bridge input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip checksum { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip checksum != { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip saddr 192.168.2.0/24 bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x0002a8c0 ] # ip saddr != 192.168.2.0/24 bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp neq reg 1 0x0002a8c0 ] # ip saddr 192.168.3.1 ip daddr 192.168.3.100 @@ -540,26 +462,6 @@ bridge test-bridge input [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] -# ip daddr { 192.168.0.1-192.168.0.250} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip daddr != { 192.168.0.1-192.168.0.250} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-bridge 3 size 3 __set%d test-bridge 0 @@ -639,7 +541,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] # ip saddr & 0.0.0.255 < 0.0.0.127 @@ -647,7 +549,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] # ip saddr & 0xffff0000 == 0xffff0000 @@ -655,7 +557,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000ffff ] # ip version 4 ip hdrlength 5 @@ -663,10 +565,10 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000040 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000005 ] # ip hdrlength 0 @@ -674,7 +576,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # ip hdrlength 15 @@ -682,18 +584,18 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000f ] # ip hdrlength vmap { 0-4 : drop, 5 : accept, 6 : continue } counter __map%d test-bridge f size 4 __map%d test-bridge 0 - element 00000000 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 1 [end] + element 00000000 : drop 0 [end] element 00000005 : accept 0 [end] element 00000006 : continue 0 [end] element 00000007 : 1 [end] bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -731,7 +633,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ecn set ce @@ -741,7 +643,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000300 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000300 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ttl set 23 @@ -751,7 +653,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff00 ) ^ 0x00000017 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff00 ) ^ 0x00000017 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip protocol set 1 @@ -761,7 +663,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000ff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x000000ff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x1 ] # iif "lo" ip dscp set af23 @@ -771,7 +673,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00005800 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00005800 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set cs0 @@ -781,6 +683,56 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00000000 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] +# ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 } +__set%d test-bridge 87 size 1 +__set%d test-bridge 0 + element 010200c0 0100000a - 010200c0 0200000a : 0 [end] +bridge + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +__map%d test-bridge 8f size 1 +__map%d test-bridge 0 + element 0105a8c0 0106a8c0 - 8005a8c0 8006a8c0 : accept 0 [end] +bridge + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# ip saddr 1.2.3.4 ip daddr 3.4.5.6 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ counter pkts 0 bytes 0 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip dscp 1/6 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip.t.payload.inet b/tests/py/ip/ip.t.payload.inet index b9cb28a2..08674c98 100644 --- a/tests/py/ip/ip.t.payload.inet +++ b/tests/py/ip/ip.t.payload.inet @@ -3,7 +3,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000020 ] # ip dscp != cs1 @@ -11,7 +11,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000020 ] # ip dscp 0x38 @@ -19,7 +19,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000e0 ] # ip dscp != 0x20 @@ -27,7 +27,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000080 ] # ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} @@ -38,7 +38,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip dscp != {cs0, cs3} @@ -49,18 +49,18 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] # ip dscp vmap { cs1 : continue , cs4 : accept } counter __map%d test-inet b size 2 __map%d test-inet 0 - element 00000020 : 0 [end] element 00000080 : 0 [end] + element 00000020 : continue 0 [end] element 00000080 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -113,26 +113,6 @@ inet test-inet input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip length { 333-535} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip length != { 333-535} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip id 22 inet test-inet input [ meta load nfproto => reg 1 ] @@ -182,27 +162,7 @@ inet test-inet input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip id { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip id != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# ip frag-off 222 accept +# ip frag-off 0xde accept inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] @@ -210,14 +170,14 @@ inet test-inet input [ cmp eq reg 1 0x0000de00 ] [ immediate reg 0 accept ] -# ip frag-off != 233 +# ip frag-off != 0xe9 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] -# ip frag-off 33-45 +# ip frag-off 0x21-0x2d inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] @@ -225,14 +185,14 @@ inet test-inet input [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] -# ip frag-off != 33-45 +# ip frag-off != 0x21-0x2d inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] -# ip frag-off { 33, 55, 67, 88} +# ip frag-off { 0x21, 0x37, 0x43, 0x58} __set%d test-inet 3 __set%d test-inet 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -242,7 +202,7 @@ inet test-inet input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] -# ip frag-off != { 33, 55, 67, 88} +# ip frag-off != { 0x21, 0x37, 0x43, 0x58} __set%d test-inet 3 __set%d test-inet 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -252,25 +212,29 @@ inet test-inet input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip frag-off { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x1fff != 0x0 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] -# ip frag-off != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x2000 != 0x0 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] # ip ttl 0 drop inet test-inet input @@ -322,26 +286,6 @@ inet test-inet input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip ttl { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip ttl != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip protocol tcp inet test-inet input [ meta load nfproto => reg 1 ] @@ -442,40 +386,18 @@ inet test-inet input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip checksum { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip checksum != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip saddr 192.168.2.0/24 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x0002a8c0 ] # ip saddr != 192.168.2.0/24 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp neq reg 1 0x0002a8c0 ] # ip saddr 192.168.3.1 ip daddr 192.168.3.100 @@ -540,26 +462,6 @@ inet test-inet input [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] -# ip daddr { 192.168.0.1-192.168.0.250} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip daddr != { 192.168.0.1-192.168.0.250} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-inet 3 __set%d test-inet 0 @@ -639,7 +541,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] # ip saddr & 0.0.0.255 < 0.0.0.127 @@ -647,7 +549,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] # ip saddr & 0xffff0000 == 0xffff0000 @@ -655,30 +557,18 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000ffff ] -# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} -__set%d test-ip 3 -__set%d test-ip 0 - element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] -inet test-ip input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 1b @ network header + 9 => reg 10 ] - [ lookup reg 1 set __set%d ] - # ip version 4 ip hdrlength 5 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000040 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000005 ] # ip hdrlength 0 @@ -686,7 +576,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # ip hdrlength 15 @@ -694,18 +584,18 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000f ] # ip hdrlength vmap { 0-4 : drop, 5 : accept, 6 : continue } counter __map%d test-inet f size 4 __map%d test-inet 0 - element 00000000 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 1 [end] + element 00000000 : drop 0 [end] element 00000005 : accept 0 [end] element 00000006 : continue 0 [end] element 00000007 : 1 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -743,7 +633,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ecn set ce @@ -753,7 +643,7 @@ inet test-netdev ingress [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000300 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000300 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set af23 @@ -763,7 +653,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00005800 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00005800 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set cs0 @@ -773,7 +663,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00000000 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ttl set 23 @@ -783,7 +673,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff00 ) ^ 0x00000017 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff00 ) ^ 0x00000017 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip protocol set 1 @@ -793,6 +683,56 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000ff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x000000ff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x1 ] +# ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 } +__set%d test-inet 87 size 1 +__set%d test-inet 0 + element 010200c0 0100000a - 010200c0 0200000a : 0 [end] +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +__map%d test-inet 8f size 1 +__map%d test-inet 0 + element 0105a8c0 0106a8c0 - 8005a8c0 8006a8c0 : accept 0 [end] +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# ip saddr 1.2.3.4 ip daddr 3.4.5.6 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ counter pkts 0 bytes 0 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip dscp 1/6 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip.t.payload.netdev b/tests/py/ip/ip.t.payload.netdev index 588e5ca2..8220b05d 100644 --- a/tests/py/ip/ip.t.payload.netdev +++ b/tests/py/ip/ip.t.payload.netdev @@ -47,26 +47,6 @@ netdev test-netdev ingress [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip length { 333-535} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip length != { 333-535} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip id 22 netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -116,27 +96,7 @@ netdev test-netdev ingress [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip id { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip id != { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# ip frag-off 222 accept +# ip frag-off 0xde accept netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -144,14 +104,14 @@ netdev test-netdev ingress [ cmp eq reg 1 0x0000de00 ] [ immediate reg 0 accept ] -# ip frag-off != 233 +# ip frag-off != 0xe9 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] -# ip frag-off 33-45 +# ip frag-off 0x21-0x2d netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -159,14 +119,14 @@ netdev test-netdev ingress [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] -# ip frag-off != 33-45 +# ip frag-off != 0x21-0x2d netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] -# ip frag-off { 33, 55, 67, 88} +# ip frag-off { 0x21, 0x37, 0x43, 0x58} __set%d test-netdev 3 __set%d test-netdev 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -176,7 +136,7 @@ netdev test-netdev ingress [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] -# ip frag-off != { 33, 55, 67, 88} +# ip frag-off != { 0x21, 0x37, 0x43, 0x58} __set%d test-netdev 3 __set%d test-netdev 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -186,25 +146,29 @@ netdev test-netdev ingress [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip frag-off { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress +# ip frag-off & 0x1fff != 0x0 +netdev x y [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] -# ip frag-off != { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress +# ip frag-off & 0x2000 != 0x0 +netdev x y [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +netdev x y + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] # ip ttl 0 drop netdev test-netdev ingress @@ -249,26 +213,6 @@ netdev test-netdev ingress [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip ttl { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip ttl != { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept __set%d test-netdev 3 __set%d test-netdev 0 @@ -355,40 +299,18 @@ netdev test-netdev ingress [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip checksum { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip checksum != { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip saddr 192.168.2.0/24 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x0002a8c0 ] # ip saddr != 192.168.2.0/24 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp neq reg 1 0x0002a8c0 ] # ip saddr 192.168.3.1 ip daddr 192.168.3.100 @@ -446,26 +368,6 @@ netdev test-netdev ingress [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] -# ip daddr { 192.168.0.1-192.168.0.250} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip daddr != { 192.168.0.1-192.168.0.250} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-netdev 3 __set%d test-netdev 0 @@ -538,7 +440,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] # ip saddr & 0.0.0.255 < 0.0.0.127 @@ -546,7 +448,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] # ip saddr & 0xffff0000 == 0xffff0000 @@ -554,7 +456,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000ffff ] # ip version 4 ip hdrlength 5 @@ -562,10 +464,10 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000040 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000005 ] # ip hdrlength 0 @@ -573,7 +475,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # ip hdrlength 15 @@ -581,18 +483,18 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000f ] # ip hdrlength vmap { 0-4 : drop, 5 : accept, 6 : continue } counter __map%d test-netdev f size 4 __map%d test-netdev 0 - element 00000000 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 1 [end] + element 00000000 : drop 0 [end] element 00000005 : accept 0 [end] element 00000006 : continue 0 [end] element 00000007 : 1 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -631,124 +533,12 @@ netdev test-netdev ingress [ payload load 4b @ network header + 16 => reg 1 ] [ cmp eq reg 1 0x0200a8c0 ] -# ip ttl 233 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - -# ip protocol tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - -# ip protocol != tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - -# ip saddr != 1.1.1.1 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp neq reg 1 0x01010101 ] - -# ip daddr 192.168.0.2 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0200a8c0 ] - -# ip ttl 233 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - -# ip protocol tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - -# ip protocol != tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - -# ip saddr != 1.1.1.1 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp neq reg 1 0x01010101 ] - -# ip daddr 192.168.0.2 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0200a8c0 ] - -# ip ttl 233 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - -# ip protocol tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - -# ip protocol != tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - -# ip ttl 233 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - -# ip protocol tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - -# ip protocol != tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - # ip dscp cs1 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000020 ] # ip dscp != cs1 @@ -756,7 +546,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000020 ] # ip dscp 0x38 @@ -764,7 +554,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000e0 ] # ip dscp != 0x20 @@ -772,7 +562,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000080 ] # ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} @@ -783,7 +573,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip dscp != {cs0, cs3} @@ -794,18 +584,18 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] # ip dscp vmap { cs1 : continue , cs4 : accept } counter __map%d test-netdev b size 2 __map%d test-netdev 0 - element 00000020 : 0 [end] element 00000080 : 0 [end] + element 00000020 : continue 0 [end] element 00000080 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -843,7 +633,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ecn set ce @@ -853,7 +643,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000300 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000300 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set af23 @@ -863,7 +653,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00005800 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00005800 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set cs0 @@ -873,7 +663,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00000000 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ttl set 23 @@ -883,7 +673,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff00 ) ^ 0x00000017 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff00 ) ^ 0x00000017 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip protocol set 1 @@ -893,6 +683,56 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000ff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x000000ff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x1 ] +# ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 } +__set%d test-netdev 87 size 1 +__set%d test-netdev 0 + element 010200c0 0100000a - 010200c0 0200000a : 0 [end] +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +__map%d test-netdev 8f size 1 +__map%d test-netdev 0 + element 0105a8c0 0106a8c0 - 8005a8c0 8006a8c0 : accept 0 [end] +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# ip saddr 1.2.3.4 ip daddr 3.4.5.6 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ counter pkts 0 bytes 0 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip dscp 1/6 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip_tcp.t b/tests/py/ip/ip_tcp.t index 467da3ef..ff398aa6 100644 --- a/tests/py/ip/ip_tcp.t +++ b/tests/py/ip/ip_tcp.t @@ -1,5 +1,4 @@ :input;type filter hook input priority 0 -:ingress;type filter hook ingress device lo priority 0 *ip;test-ip;input diff --git a/tests/py/ip/masquerade.t.payload b/tests/py/ip/masquerade.t.payload index 83351526..79e52856 100644 --- a/tests/py/ip/masquerade.t.payload +++ b/tests/py/ip/masquerade.t.payload @@ -112,12 +112,12 @@ ip test-ip4 postrouting # iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade __map%d test-ip4 b __map%d test-ip4 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] + element 00001600 : drop 0 [end] element 0000de00 : drop 0 [end] ip test-ip4 postrouting [ meta load iifname => reg 1 ] [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000a ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -130,7 +130,7 @@ ip test-ip4 postrouting [ payload load 1b @ network header + 9 => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ immediate reg 1 0x00000004 ] - [ masq proto_min reg 1 proto_max reg 0 ] + [ masq proto_min reg 1 flags 0x2 ] # ip protocol 6 masquerade to :1024-2048 ip test-ip4 postrouting @@ -138,5 +138,5 @@ ip test-ip4 postrouting [ cmp eq reg 1 0x00000006 ] [ immediate reg 1 0x00000004 ] [ immediate reg 2 0x00000008 ] - [ masq proto_min reg 1 proto_max reg 2 ] + [ masq proto_min reg 1 proto_max reg 2 flags 0x2 ] diff --git a/tests/py/ip/meta.t b/tests/py/ip/meta.t index f733d22d..a88a6145 100644 --- a/tests/py/ip/meta.t +++ b/tests/py/ip/meta.t @@ -8,8 +8,15 @@ meta l4proto ipv6-icmp icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-adv meta l4proto 58 icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-advert icmpv6 type nd-router-advert;ok +meta protocol ip udp dport 67;ok;udp dport 67 + meta ibrname "br0";fail meta obrname "br0";fail meta sdif "lo" accept;ok meta sdifname != "vrf1" accept;ok + +meta mark set ip dscp;ok + +meta mark set ip dscp << 2 | 0x10;ok +meta mark set ip dscp << 26 | 0x10;ok diff --git a/tests/py/ip/meta.t.json b/tests/py/ip/meta.t.json index f873aa88..25936dba 100644 --- a/tests/py/ip/meta.t.json +++ b/tests/py/ip/meta.t.json @@ -105,3 +105,132 @@ } ] +# meta sdif "lo" accept +[ + { + "match": { + "left": { + "meta": { + "key": "sdif" + } + }, + "op": "==", + "right": "lo" + } + }, + { + "accept": null + } +] + +# meta sdifname != "vrf1" accept +[ + { + "match": { + "left": { + "meta": { + "key": "sdifname" + } + }, + "op": "!=", + "right": "vrf1" + } + }, + { + "accept": null + } +] + +# meta protocol ip udp dport 67 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] + +# meta mark set ip dscp +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "payload": { + "field": "dscp", + "protocol": "ip" + } + } + } + } +] + +# meta mark set ip dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + + +# meta mark set ip dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] diff --git a/tests/py/ip/meta.t.payload b/tests/py/ip/meta.t.payload index 7bc69a29..880ac5d6 100644 --- a/tests/py/ip/meta.t.payload +++ b/tests/py/ip/meta.t.payload @@ -44,3 +44,35 @@ ip6 test-ip4 input [ meta load sdifname => reg 1 ] [ cmp neq reg 1 0x31667276 0x00000000 0x00000000 0x00000000 ] [ immediate reg 0 accept ] + +# meta protocol ip udp dport 67 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00004300 ] + +# meta mark set ip dscp +ip test-ip4 input + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ meta set mark with reg 1 ] + +# meta mark set ip dscp << 2 | 0x10 +ip test-ip4 input + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ meta set mark with reg 1 ] + +# meta mark set ip dscp << 26 | 0x10 +ip + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ meta set mark with reg 1 ] diff --git a/tests/py/ip/numgen.t b/tests/py/ip/numgen.t index 29a6a105..2a881460 100644 --- a/tests/py/ip/numgen.t +++ b/tests/py/ip/numgen.t @@ -5,3 +5,5 @@ ct mark set numgen inc mod 2;ok ct mark set numgen inc mod 2 offset 100;ok dnat to numgen inc mod 2 map { 0 : 192.168.10.100, 1 : 192.168.20.200 };ok dnat to numgen inc mod 10 map { 0-5 : 192.168.10.100, 6-9 : 192.168.20.200};ok +dnat to numgen inc mod 7 offset 167772161;ok +dnat to numgen inc mod 255 offset 167772161;ok diff --git a/tests/py/ip/numgen.t.json b/tests/py/ip/numgen.t.json index 9902c2cf..6cf66041 100644 --- a/tests/py/ip/numgen.t.json +++ b/tests/py/ip/numgen.t.json @@ -97,3 +97,33 @@ } ] +# dnat to numgen inc mod 7 offset 167772161 +[ + { + "dnat": { + "addr": { + "numgen": { + "mod": 7, + "mode": "inc", + "offset": 167772161 + } + } + } + } +] + +# dnat to numgen inc mod 255 offset 167772161 +[ + { + "dnat": { + "addr": { + "numgen": { + "mod": 255, + "mode": "inc", + "offset": 167772161 + } + } + } + } +] + diff --git a/tests/py/ip/numgen.t.payload b/tests/py/ip/numgen.t.payload index 04088b75..b4eadf85 100644 --- a/tests/py/ip/numgen.t.payload +++ b/tests/py/ip/numgen.t.payload @@ -10,7 +10,7 @@ __map%d x 0 ip test-ip4 pre [ numgen reg 1 = inc mod 2 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # dnat to numgen inc mod 10 map { 0-5 : 192.168.10.100, 6-9 : 192.168.20.200} __map%d test-ip4 f @@ -20,10 +20,21 @@ ip test-ip4 pre [ numgen reg 1 = inc mod 10 ] [ byteorder reg 1 = hton(reg 1, 4, 4) ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # ct mark set numgen inc mod 2 offset 100 ip test-ip4 pre [ numgen reg 1 = inc mod 2 offset 100 ] [ ct set mark with reg 1 ] +# dnat to numgen inc mod 7 offset 167772161 +ip test-ip4 pre + [ numgen reg 1 = inc mod 7 offset 167772161 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ nat dnat ip addr_min reg 1 ] + +# dnat to numgen inc mod 255 offset 167772161 +ip test-ip4 pre + [ numgen reg 1 = inc mod 255 offset 167772161 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ nat dnat ip addr_min reg 1 ] diff --git a/tests/py/ip/redirect.t b/tests/py/ip/redirect.t index d2991ce2..8c2b52f0 100644 --- a/tests/py/ip/redirect.t +++ b/tests/py/ip/redirect.t @@ -47,5 +47,5 @@ ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter redirect;ok iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect;ok # redirect with maps -ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080};ok +redirect to :tcp dport map { 22 : 8000, 80 : 8080};ok diff --git a/tests/py/ip/redirect.t.json b/tests/py/ip/redirect.t.json index 3544e7f1..2afdf9b1 100644 --- a/tests/py/ip/redirect.t.json +++ b/tests/py/ip/redirect.t.json @@ -593,21 +593,9 @@ } ] -# ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080} +# redirect to :tcp dport map { 22 : 8000, 80 : 8080} [ { - "match": { - "left": { - "payload": { - "field": "protocol", - "protocol": "ip" - } - }, - "op": "==", - "right": 6 - } - }, - { "redirect": { "port": { "map": { diff --git a/tests/py/ip/redirect.t.payload b/tests/py/ip/redirect.t.payload index f208aacb..4bed47c1 100644 --- a/tests/py/ip/redirect.t.payload +++ b/tests/py/ip/redirect.t.payload @@ -93,7 +93,7 @@ ip test-ip4 output [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00001600 ] [ immediate reg 1 0x00001600 ] - [ redir proto_min reg 1 ] + [ redir proto_min reg 1 flags 0x2 ] # udp dport 1234 redirect to :4321 ip test-ip4 output @@ -102,7 +102,7 @@ ip test-ip4 output [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x0000d204 ] [ immediate reg 1 0x0000e110 ] - [ redir proto_min reg 1 ] + [ redir proto_min reg 1 flags 0x2 ] # ip daddr 172.16.0.1 udp dport 9998 redirect to :6515 ip test-ip4 output @@ -113,7 +113,7 @@ ip test-ip4 output [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00000e27 ] [ immediate reg 1 0x00007319 ] - [ redir proto_min reg 1 ] + [ redir proto_min reg 1 flags 0x2 ] # tcp dport 39128 redirect to :993 ip test-ip4 output @@ -122,7 +122,7 @@ ip test-ip4 output [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x0000d898 ] [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 ] + [ redir proto_min reg 1 flags 0x2 ] # ip protocol tcp redirect to :100-200 ip test-ip4 output @@ -130,7 +130,7 @@ ip test-ip4 output [ cmp eq reg 1 0x00000006 ] [ immediate reg 1 0x00006400 ] [ immediate reg 2 0x0000c800 ] - [ redir proto_min reg 1 proto_max reg 2 ] + [ redir proto_min reg 1 proto_max reg 2 flags 0x2 ] # tcp dport 9128 redirect to :993 random ip test-ip4 output @@ -139,7 +139,7 @@ ip test-ip4 output [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x0000a823 ] [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x4 ] + [ redir proto_min reg 1 flags 0x6 ] # tcp dport 9128 redirect to :993 fully-random ip test-ip4 output @@ -148,7 +148,7 @@ ip test-ip4 output [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x0000a823 ] [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x10 ] + [ redir proto_min reg 1 flags 0x12 ] # tcp dport 9128 redirect to :123 persistent ip test-ip4 output @@ -157,7 +157,7 @@ ip test-ip4 output [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x0000a823 ] [ immediate reg 1 0x00007b00 ] - [ redir proto_min reg 1 flags 0x8 ] + [ redir proto_min reg 1 flags 0xa ] # tcp dport 9128 redirect to :123 random,persistent ip test-ip4 output @@ -166,7 +166,7 @@ ip test-ip4 output [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x0000a823 ] [ immediate reg 1 0x00007b00 ] - [ redir proto_min reg 1 flags 0xc ] + [ redir proto_min reg 1 flags 0xe ] # tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect __set%d test-ip4 3 @@ -194,12 +194,12 @@ ip test-ip4 output # iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect __map%d test-ip4 b __map%d test-ip4 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] + element 00001600 : drop 0 [end] element 0000de00 : drop 0 [end] ip test-ip4 output [ meta load iifname => reg 1 ] [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000a ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -207,14 +207,14 @@ ip test-ip4 output [ lookup reg 1 set __map%d dreg 0 ] [ redir ] -# ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080} +# redirect to :tcp dport map { 22 : 8000, 80 : 8080} __map%d test-ip4 b __map%d test-ip4 0 element 00001600 : 0000401f 0 [end] element 00005000 : 0000901f 0 [end] ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __map%d dreg 1 ] - [ redir proto_min reg 1 ] + [ redir proto_min reg 1 flags 0x2 ] diff --git a/tests/py/ip/reject.t b/tests/py/ip/reject.t index cc5561a0..ad009944 100644 --- a/tests/py/ip/reject.t +++ b/tests/py/ip/reject.t @@ -3,14 +3,15 @@ *ip;test-ip4;output reject;ok -reject with icmp type host-unreachable;ok -reject with icmp type net-unreachable;ok -reject with icmp type prot-unreachable;ok -reject with icmp type port-unreachable;ok;reject -reject with icmp type net-prohibited;ok -reject with icmp type host-prohibited;ok -reject with icmp type admin-prohibited;ok +reject with icmp host-unreachable;ok +reject with icmp net-unreachable;ok +reject with icmp prot-unreachable;ok +reject with icmp port-unreachable;ok;reject +reject with icmp net-prohibited;ok +reject with icmp host-prohibited;ok +reject with icmp admin-prohibited;ok +reject with icmp 3;ok;reject mark 0x80000000 reject with tcp reset;ok;meta mark 0x80000000 reject with tcp reset -reject with icmp type no-route;fail -reject with icmpv6 type no-route;fail +reject with icmp no-route;fail +reject with icmpv6 no-route;fail diff --git a/tests/py/ip/reject.t.json b/tests/py/ip/reject.t.json index d120b9f1..3e1d28de 100644 --- a/tests/py/ip/reject.t.json +++ b/tests/py/ip/reject.t.json @@ -5,7 +5,7 @@ } ] -# reject with icmp type host-unreachable +# reject with icmp host-unreachable [ { "reject": { @@ -15,7 +15,7 @@ } ] -# reject with icmp type net-unreachable +# reject with icmp net-unreachable [ { "reject": { @@ -25,7 +25,7 @@ } ] -# reject with icmp type prot-unreachable +# reject with icmp prot-unreachable [ { "reject": { @@ -35,7 +35,7 @@ } ] -# reject with icmp type port-unreachable +# reject with icmp port-unreachable [ { "reject": { @@ -45,7 +45,7 @@ } ] -# reject with icmp type net-prohibited +# reject with icmp net-prohibited [ { "reject": { @@ -55,7 +55,7 @@ } ] -# reject with icmp type host-prohibited +# reject with icmp host-prohibited [ { "reject": { @@ -65,7 +65,7 @@ } ] -# reject with icmp type admin-prohibited +# reject with icmp admin-prohibited [ { "reject": { @@ -75,6 +75,16 @@ } ] +# reject with icmp 3 +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmp" + } + } +] + # mark 0x80000000 reject with tcp reset [ { diff --git a/tests/py/ip/reject.t.json.output b/tests/py/ip/reject.t.json.output index b2529dd7..3917413d 100644 --- a/tests/py/ip/reject.t.json.output +++ b/tests/py/ip/reject.t.json.output @@ -1,7 +1,10 @@ -# reject with icmp type port-unreachable +# reject [ { - "reject": null + "reject": { + "expr": "port-unreachable", + "type": "icmp" + } } ] diff --git a/tests/py/ip/reject.t.payload b/tests/py/ip/reject.t.payload index 07e4cc8d..5829065a 100644 --- a/tests/py/ip/reject.t.payload +++ b/tests/py/ip/reject.t.payload @@ -2,34 +2,38 @@ ip test-ip4 output [ reject type 0 code 3 ] -# reject with icmp type host-unreachable +# reject with icmp host-unreachable ip test-ip4 output [ reject type 0 code 1 ] -# reject with icmp type net-unreachable +# reject with icmp net-unreachable ip test-ip4 output [ reject type 0 code 0 ] -# reject with icmp type prot-unreachable +# reject with icmp prot-unreachable ip test-ip4 output [ reject type 0 code 2 ] -# reject with icmp type port-unreachable +# reject with icmp port-unreachable ip test-ip4 output [ reject type 0 code 3 ] -# reject with icmp type net-prohibited +# reject with icmp net-prohibited ip test-ip4 output [ reject type 0 code 9 ] -# reject with icmp type host-prohibited +# reject with icmp host-prohibited ip test-ip4 output [ reject type 0 code 10 ] -# reject with icmp type admin-prohibited +# reject with icmp admin-prohibited ip test-ip4 output [ reject type 0 code 13 ] +# reject with icmp 3 +ip test-ip4 output + [ reject type 0 code 3 ] + # mark 0x80000000 reject with tcp reset ip test-ip4 output [ meta load l4proto => reg 1 ] diff --git a/tests/py/ip/sets.t b/tests/py/ip/sets.t index 7b7e0722..ad2c8316 100644 --- a/tests/py/ip/sets.t +++ b/tests/py/ip/sets.t @@ -1,9 +1,10 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress !w type ipv4_addr;ok !x type inet_proto;ok @@ -51,6 +52,19 @@ ip saddr != @set33 drop;fail ip saddr . ip daddr @set5 drop;ok add @set5 { ip saddr . ip daddr };ok +!map1 type ipv4_addr . ipv4_addr : mark;ok +add @map1 { ip saddr . ip daddr : meta mark };ok + # test nested anonymous sets ip saddr { { 1.1.1.0, 3.3.3.0 }, 2.2.2.0 };ok;ip saddr { 1.1.1.0, 2.2.2.0, 3.3.3.0 } ip saddr { { 1.1.1.0/24, 3.3.3.0/24 }, 2.2.2.0/24 };ok;ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 } + +!set6 type ipv4_addr;ok +?set6 192.168.3.5, *;ok +ip saddr @set6 drop;ok + +ip saddr vmap { 1.1.1.1 : drop, * : accept };ok +meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 };ok + +!map2 type ipv4_addr . ipv4_addr . inet_service : ipv4_addr . inet_service;ok +add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 };ok diff --git a/tests/py/ip/sets.t.json b/tests/py/ip/sets.t.json index 65d2df87..f2637d93 100644 --- a/tests/py/ip/sets.t.json +++ b/tests/py/ip/sets.t.json @@ -188,3 +188,155 @@ } ] +# ip saddr @set6 drop +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "@set6" + } + }, + { + "drop": null + } +] + +# ip saddr vmap { 1.1.1.1 : drop, * : accept } +[ + { + "vmap": { + "data": { + "set": [ + [ + "1.1.1.1", + { + "drop": null + } + ], + [ + "*", + { + "accept": null + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + } +] + +# meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 } +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": { + "set": [ + [ + "1.1.1.1", + 1 + ], + [ + "*", + 2 + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + } + } + } +] + +# add @map1 { ip saddr . ip daddr : meta mark } +[ + { + "map": { + "data": { + "meta": { + "key": "mark" + } + }, + "elem": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + } + ] + }, + "map": "@map1", + "op": "add" + } + } +] + +# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 } +[ + { + "map": { + "data": { + "concat": [ + "10.0.0.1", + 80 + ] + }, + "elem": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "th" + } + } + ] + }, + "map": "@map2", + "op": "add" + } + } +] diff --git a/tests/py/ip/sets.t.payload.inet b/tests/py/ip/sets.t.payload.inet index fa956c0c..cc04b43d 100644 --- a/tests/py/ip/sets.t.payload.inet +++ b/tests/py/ip/sets.t.payload.inet @@ -66,3 +66,52 @@ inet test-inet input [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] [ lookup reg 1 set __set%d ] + +# ip saddr @set6 drop +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set6 ] + [ immediate reg 0 drop ] + +# add @map1 { ip saddr . ip daddr : meta mark } +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ meta load mark => reg 10 ] + [ dynset add reg_key 1 set map1 sreg_data 10 ] + +# ip saddr vmap { 1.1.1.1 : drop, * : accept } +__map%d test-inet b +__map%d test-inet 0 + element 01010101 : drop 0 [end] element : accept 2 [end] +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 } +__map%d test-inet b +__map%d test-inet 0 + element 01010101 : 00000001 0 [end] element : 00000002 2 [end] +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 } +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 2b @ transport header + 2 => reg 10 ] + [ immediate reg 11 0x0100000a ] + [ immediate reg 2 0x00005000 ] + [ dynset add reg_key 1 set map2 sreg_data 11 ] diff --git a/tests/py/ip/sets.t.payload.ip b/tests/py/ip/sets.t.payload.ip index ca3b5ade..f9ee1f98 100644 --- a/tests/py/ip/sets.t.payload.ip +++ b/tests/py/ip/sets.t.payload.ip @@ -50,3 +50,42 @@ __set%d test-ip4 0 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] [ lookup reg 1 set __set%d ] + +# ip saddr @set6 drop +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set6 ] + [ immediate reg 0 drop ] + +# ip saddr vmap { 1.1.1.1 : drop, * : accept } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 : drop 0 [end] element : accept 2 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 : 00000001 0 [end] element : 00000002 2 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# add @map1 { ip saddr . ip daddr : meta mark } +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ meta load mark => reg 10 ] + [ dynset add reg_key 1 set map1 sreg_data 10 ] + +# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 } +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 2b @ transport header + 2 => reg 10 ] + [ immediate reg 11 0x0100000a ] + [ immediate reg 2 0x00005000 ] + [ dynset add reg_key 1 set map2 sreg_data 11 ] diff --git a/tests/py/ip/sets.t.payload.netdev b/tests/py/ip/sets.t.payload.netdev index 9772d756..3d0dc79a 100644 --- a/tests/py/ip/sets.t.payload.netdev +++ b/tests/py/ip/sets.t.payload.netdev @@ -66,3 +66,52 @@ netdev test-netdev ingress [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] [ lookup reg 1 set __set%d ] + +# ip saddr @set6 drop +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set6 ] + [ immediate reg 0 drop ] + +# ip saddr vmap { 1.1.1.1 : drop, * : accept } +__map%d test-netdev b +__map%d test-netdev 0 + element 01010101 : drop 0 [end] element : accept 2 [end] +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 } +__map%d test-netdev b +__map%d test-netdev 0 + element 01010101 : 00000001 0 [end] element : 00000002 2 [end] +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# add @map1 { ip saddr . ip daddr : meta mark } +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ meta load mark => reg 10 ] + [ dynset add reg_key 1 set map1 sreg_data 10 ] + +# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 } +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 2b @ transport header + 2 => reg 10 ] + [ immediate reg 11 0x0100000a ] + [ immediate reg 2 0x00005000 ] + [ dynset add reg_key 1 set map2 sreg_data 11 ] diff --git a/tests/py/ip/snat.t b/tests/py/ip/snat.t index 7281bf5f..d4b0d2cb 100644 --- a/tests/py/ip/snat.t +++ b/tests/py/ip/snat.t @@ -6,5 +6,16 @@ iifname "eth0" tcp dport 80-90 snat to 192.168.3.2;ok iifname "eth0" tcp dport != 80-90 snat to 192.168.3.2;ok iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2;ok iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2;ok +iifname "eth0" tcp dport 80-90 snat to 192.168.3.0-192.168.3.255;ok;iifname "eth0" tcp dport 80-90 snat to 192.168.3.0/24 +iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240;ok iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2;ok + +meta l4proto 17 snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };ok +snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 };ok +snat ip to ip saddr map { 10.141.12.14 : 192.168.2.0/24 };ok +snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 };ok + +meta l4proto { 6, 17} snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80};ok +snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };fail +snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80 };fail diff --git a/tests/py/ip/snat.t.json b/tests/py/ip/snat.t.json index e87b524e..967560e6 100644 --- a/tests/py/ip/snat.t.json +++ b/tests/py/ip/snat.t.json @@ -166,3 +166,365 @@ } ] +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.0-192.168.3.255 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": { + "range": [ + 80, + 90 + ] + } + } + }, + { + "snat": { + "addr": { + "prefix": { + "addr": "192.168.3.0", + "len": 24 + } + } + } + } +] + +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": { + "range": [ + 80, + 90 + ] + } + } + }, + { + "snat": { + "addr": { + "range": [ + "192.168.3.15", + "192.168.3.240" + ] + } + } + } +] + +# snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip", + "type_flags": "concat" + } + } +] + +# snat ip interval to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "range": [ + "192.168.2.2", + "192.168.2.4" + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip", + "type_flags": "interval" + } + } +] + +# snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "prefix": { + "addr": "10.141.11.0", + "len": 24 + } + }, + { + "prefix": { + "addr": "192.168.2.0", + "len": 24 + } + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip", + "flags": "netmap", + "type_flags": [ + "interval", + "prefix" + ] + } + } +] + +# meta l4proto 17 snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": "udp" + } + }, + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip" + } + } +] + +# snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "range": [ + "192.168.2.2", + "192.168.2.4" + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip" + } + } +] + +# snat ip to ip saddr map { 10.141.12.14 : 192.168.2.0/24 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.12.14", + { + "prefix": { + "addr": "192.168.2.0", + "len": 24 + } + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip" + } + } +] + +# meta l4proto { 6, 17} snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80} +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": { + "set": [ + "tcp", + "udp" + ] + } + } + }, + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "10.141.11.4", + 20 + ] + }, + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "th" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + diff --git a/tests/py/ip/snat.t.json.output b/tests/py/ip/snat.t.json.output index 1365316c..2a997801 100644 --- a/tests/py/ip/snat.t.json.output +++ b/tests/py/ip/snat.t.json.output @@ -70,3 +70,180 @@ } ] +# snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip" + } + } +] + +# meta l4proto 17 snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 17 + } + }, + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip" + } + } +] + +# meta l4proto { 6, 17} snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80} +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": { + "set": [ + 6, + 17 + ] + } + } + }, + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "10.141.11.4", + 20 + ] + }, + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "th" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + +# snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "prefix": { + "addr": "10.141.11.0", + "len": 24 + } + }, + { + "prefix": { + "addr": "192.168.2.0", + "len": 24 + } + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip", + "flags": "netmap", + "type_flags": "prefix" + } + } +] + diff --git a/tests/py/ip/snat.t.payload b/tests/py/ip/snat.t.payload index 789933ff..71a5e2f1 100644 --- a/tests/py/ip/snat.t.payload +++ b/tests/py/ip/snat.t.payload @@ -8,7 +8,7 @@ ip test-ip4 postrouting [ cmp gte reg 1 0x00005000 ] [ cmp lte reg 1 0x00005a00 ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] # iifname "eth0" tcp dport != 80-90 snat to 192.168.3.2 ip test-ip4 postrouting @@ -19,7 +19,7 @@ ip test-ip4 postrouting [ payload load 2b @ transport header + 2 => reg 1 ] [ range neq reg 1 0x00005000 0x00005a00 ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] # iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2 __set%d test-ip4 3 @@ -33,7 +33,7 @@ ip test-ip4 postrouting [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] # iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2 __set%d test-ip4 3 @@ -47,7 +47,7 @@ ip test-ip4 postrouting [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] # iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2 ip test-ip4 postrouting @@ -58,5 +58,97 @@ ip test-ip4 postrouting [ payload load 2b @ transport header + 2 => reg 1 ] [ range neq reg 1 0x00001700 0x00002200 ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] + +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.0-192.168.3.255 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x0003a8c0 ] + [ immediate reg 2 0xff03a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 2 ] + +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x0f03a8c0 ] + [ immediate reg 2 0xf003a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 2 ] + +# meta l4proto 17 snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 040b8d0a : 0302a8c0 00005000 0 [end] +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat snat ip addr_min reg 1 proto_min reg 9 ] + +# snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 } +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 040b8d0a : 0202a8c0 0402a8c0 0 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat snat ip addr_min reg 1 addr_max reg 9 ] + +# snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 } +__map%d test-ip4 f size 3 +__map%d test-ip4 0 + element 00000000 : 1 [end] element 000b8d0a : 0002a8c0 ff02a8c0 0 [end] element 000c8d0a : 1 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat snat ip addr_min reg 1 addr_max reg 9 flags 0x40 ] + +# snat ip to ip saddr map { 10.141.12.14 : 192.168.2.0/24 } +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 0e0c8d0a : 0002a8c0 ff02a8c0 0 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat snat ip addr_min reg 1 addr_max reg 9 ] + +# meta l4proto { 6, 17} snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80} +__set%d test-ip4 3 size 2 +__set%d test-ip4 0 + element 00000006 : 0 [end] element 00000011 : 0 [end] +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 040b8d0a 00001400 : 0302a8c0 00005000 0 [end] +ip + [ meta load l4proto => reg 1 ] + [ lookup reg 1 set __set%d ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 2b @ transport header + 2 => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat snat ip addr_min reg 1 proto_min reg 9 ] + +# ip daddr 192.168.0.1 dnat to tcp dport map { 443 : 10.141.10.4 . 8443, 80 : 10.141.10.4 . 8080 } +__map%d x b size 2 +__map%d x 0 + element 0000bb01 : 040a8d0a 0000fb20 0 [end] element 00005000 : 040a8d0a 0000901f 0 [end] +ip + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 proto_min reg 9 ] diff --git a/tests/py/ip/tcpopt.t b/tests/py/ip/tcpopt.t deleted file mode 100644 index 7ee50a89..00000000 --- a/tests/py/ip/tcpopt.t +++ /dev/null @@ -1,38 +0,0 @@ -:input;type filter hook input priority 0 - -*ip;test-ip;input - -tcp option eol kind 1;ok -tcp option noop kind 1;ok -tcp option maxseg kind 1;ok -tcp option maxseg length 1;ok -tcp option maxseg size 1;ok -tcp option window kind 1;ok -tcp option window length 1;ok -tcp option window count 1;ok -tcp option sack-permitted kind 1;ok -tcp option sack-permitted length 1;ok -tcp option sack kind 1;ok -tcp option sack length 1;ok -tcp option sack left 1;ok -tcp option sack0 left 1;ok;tcp option sack left 1 -tcp option sack1 left 1;ok -tcp option sack2 left 1;ok -tcp option sack3 left 1;ok -tcp option sack right 1;ok -tcp option sack0 right 1;ok;tcp option sack right 1 -tcp option sack1 right 1;ok -tcp option sack2 right 1;ok -tcp option sack3 right 1;ok -tcp option timestamp kind 1;ok -tcp option timestamp length 1;ok -tcp option timestamp tsval 1;ok -tcp option timestamp tsecr 1;ok - -tcp option foobar;fail -tcp option foo bar;fail -tcp option eol left;fail -tcp option eol left 1;fail -tcp option eol left 1;fail -tcp option sack window;fail -tcp option sack window 1;fail diff --git a/tests/py/ip/tcpopt.t.json b/tests/py/ip/tcpopt.t.json deleted file mode 100644 index d573dd1c..00000000 --- a/tests/py/ip/tcpopt.t.json +++ /dev/null @@ -1,416 +0,0 @@ -# tcp option eol kind 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "kind", - "name": "eol" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option noop kind 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "kind", - "name": "noop" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option maxseg kind 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "kind", - "name": "maxseg" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option maxseg length 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "length", - "name": "maxseg" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option maxseg size 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "size", - "name": "maxseg" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option window kind 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "kind", - "name": "window" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option window length 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "length", - "name": "window" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option window count 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "count", - "name": "window" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack-permitted kind 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "kind", - "name": "sack-permitted" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack-permitted length 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "length", - "name": "sack-permitted" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack kind 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "kind", - "name": "sack" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack length 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "length", - "name": "sack" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack left 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "left", - "name": "sack" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack0 left 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "left", - "name": "sack" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack1 left 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "left", - "name": "sack1" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack2 left 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "left", - "name": "sack2" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack3 left 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "left", - "name": "sack3" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack right 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "right", - "name": "sack" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack0 right 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "right", - "name": "sack0" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack1 right 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "right", - "name": "sack1" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack2 right 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "right", - "name": "sack2" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option sack3 right 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "right", - "name": "sack3" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option timestamp kind 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "kind", - "name": "timestamp" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option timestamp length 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "length", - "name": "timestamp" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option timestamp tsval 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "tsval", - "name": "timestamp" - } - }, - "op": "==", - "right": 1 - } - } -] - -# tcp option timestamp tsecr 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "tsecr", - "name": "timestamp" - } - }, - "op": "==", - "right": 1 - } - } -] - diff --git a/tests/py/ip/tcpopt.t.json.output b/tests/py/ip/tcpopt.t.json.output deleted file mode 100644 index 81dd8ad8..00000000 --- a/tests/py/ip/tcpopt.t.json.output +++ /dev/null @@ -1,16 +0,0 @@ -# tcp option sack0 right 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "right", - "name": "sack" - } - }, - "op": "==", - "right": 1 - } - } -] - diff --git a/tests/py/ip/tcpopt.t.payload b/tests/py/ip/tcpopt.t.payload deleted file mode 100644 index b2e5bdb2..00000000 --- a/tests/py/ip/tcpopt.t.payload +++ /dev/null @@ -1,181 +0,0 @@ -# tcp option eol kind 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option noop kind 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg kind 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg length 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg size 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] - -# tcp option window kind 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window length 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window count 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack-permitted kind 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack-permitted length 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack kind 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack length 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack left 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack0 left 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack1 left 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 10 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack2 left 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 18 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack3 left 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 26 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack right 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack0 right 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack1 right 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 14 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack2 right 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 22 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack3 right 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option timestamp kind 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option timestamp length 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option timestamp tsval 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 8 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option timestamp tsecr 1 -ip test-ip input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 8 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] |