diff options
Diffstat (limited to 'tests/py')
273 files changed, 13623 insertions, 8041 deletions
diff --git a/tests/py/README b/tests/py/README index ed5dc58b..864a966e 100644 --- a/tests/py/README +++ b/tests/py/README @@ -163,4 +163,35 @@ G) Acknowledgements Thanks to the Outreach Program for Women (OPW) for sponsoring this test infrastructure and my mentor Pablo Neira. +H) JSON (-j) Mode + +This mode is supposed to repeat the same tests using JSON syntax. For each test +file example.t, there is supposed to be a file example.t.json holding the JSON +equivalents of each rule in example.t. The file's syntax is similar to payload +files: An initial comment identifies the rule belonging to the following JSON +equivalent. Pairs of comment and JSON are separated by a single blank line. + +If the example.t.json file does not exist, the test script will warn and create +(or append to) example.t.json.got. The JSON equivalent written is generated by +applying the rule in standard syntax and listing the ruleset in JSON format. +After thorough review, it may be renamed to example.t.json. + +One common case for editing the content in example.t.json.got is expected +differences between input and output. The generated content will match the +output while it is supposed to match the input. + +If a rule is expected to differ in output, the expected output must be recorded +in example.t.json.output. Its syntax is identical to example.t.json, i.e. pairs +of comment identifying the rule (in standard syntax) and JSON (output) format +separated by blank lines. Note: the comment states the rule as in input, not +output. + +If the example.t.json.output file does not exist and output differs from input, +the file example.t.json.output.got is created with the actual output recorded. + +JSON mode will also check the payload created for the rule in JSON syntax by +comparing it to the recorded one in example.t.payload. Should it differ, it +will be recorded in example.t.json.payload.got. This is always a bug: A rule's +JSON equivalent must turn into the same bytecode as the rule itself. + -EOF- diff --git a/tests/py/any/counter.t b/tests/py/any/counter.t new file mode 100644 index 00000000..1c72742c --- /dev/null +++ b/tests/py/any/counter.t @@ -0,0 +1,14 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 + +*ip;test-ip4;input +*ip6;test-ip6;input +*inet;test-inet;input +*arp;test-arp;input +*bridge;test-bridge;input +*netdev;test-netdev;ingress + +counter;ok +counter packets 0 bytes 0;ok;counter +counter packets 2 bytes 1;ok;counter +counter bytes 1024 packets 1;ok;counter diff --git a/tests/py/any/counter.t.json b/tests/py/any/counter.t.json new file mode 100644 index 00000000..2d1eaa99 --- /dev/null +++ b/tests/py/any/counter.t.json @@ -0,0 +1,39 @@ +# counter +[ + { + "counter": { + "bytes": 0, + "packets": 0 + } + } +] + +# counter packets 0 bytes 0 +[ + { + "counter": { + "bytes": 0, + "packets": 0 + } + } +] + +# counter packets 2 bytes 1 +[ + { + "counter": { + "bytes": 1, + "packets": 2 + } + } +] + +# counter bytes 1024 packets 1 +[ + { + "counter": { + "bytes": 1024, + "packets": 1 + } + } +] diff --git a/tests/py/any/counter.t.json.output b/tests/py/any/counter.t.json.output new file mode 100644 index 00000000..6a62ffb0 --- /dev/null +++ b/tests/py/any/counter.t.json.output @@ -0,0 +1,28 @@ +# counter +[ + { + "counter": null + } +] + +# counter packets 0 bytes 0 +[ + { + "counter": null + } +] + +# counter packets 2 bytes 1 +[ + { + "counter": null + } +] + +# counter bytes 1024 packets 1 +[ + { + "counter": null + } +] + diff --git a/tests/py/any/counter.t.payload b/tests/py/any/counter.t.payload new file mode 100644 index 00000000..23e96bae --- /dev/null +++ b/tests/py/any/counter.t.payload @@ -0,0 +1,15 @@ +# counter +ip + [ counter pkts 0 bytes 0 ] + +# counter packets 0 bytes 0 +ip + [ counter pkts 0 bytes 0 ] + +# counter packets 2 bytes 1 +ip + [ counter pkts 2 bytes 1 ] + +# counter bytes 1024 packets 1 +ip + [ counter pkts 1 bytes 1024 ] diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t index cc09aebc..f73fa4e7 100644 --- a/tests/py/any/ct.t +++ b/tests/py/any/ct.t @@ -26,9 +26,11 @@ ct status != expected;ok ct status seen-reply;ok ct status != seen-reply;ok ct status {expected, seen-reply, assured, confirmed, dying};ok +ct status != {expected, seen-reply, assured, confirmed, dying};ok ct status expected,seen-reply,assured,confirmed,snat,dnat,dying;ok ct status snat;ok ct status dnat;ok +ct status ! dnat;ok ct status xxx;fail ct mark 0;ok;ct mark 0x00000000 @@ -67,7 +69,7 @@ ct event set {new, related, destroy, label};fail ct expiration 30s;ok ct expiration 30000ms;ok;ct expiration 30s -ct expiration 1m-1h;ok +ct expiration 1m-1h;ok;ct expiration 60s-3600s ct expiration 1d-1h;fail ct expiration > 4d23h59m59s;ok ct expiration != 233;ok;ct expiration != 3m53s @@ -75,8 +77,8 @@ ct expiration 33-45;ok;ct expiration 33s-45s ct expiration != 33-45;ok;ct expiration != 33s-45s ct expiration {33, 55, 67, 88};ok;ct expiration { 1m7s, 33s, 55s, 1m28s} ct expiration != {33, 55, 67, 88};ok;ct expiration != { 1m7s, 33s, 55s, 1m28s} -ct expiration {33-55, 66-88};ok;ct expiration { 33s-55s, 1m6s-1m28s} -ct expiration != {33-55, 66-88};ok;ct expiration != { 33s-55s, 1m6s-1m28s} +ct expiration {33-55, 66-88};ok;ct expiration { 33s-55s, 66s-88s} +ct expiration != {33-55, 66-88};ok;ct expiration != { 33s-55s, 66s-88s} ct helper "ftp";ok ct helper "12345678901234567";fail @@ -142,3 +144,6 @@ ct set invalid original 42;fail ct set invalid 42;fail notrack;ok + +ct count 3;ok +ct count over 3;ok diff --git a/tests/py/any/ct.t.json b/tests/py/any/ct.t.json index 59ac27c3..a2a06025 100644 --- a/tests/py/any/ct.t.json +++ b/tests/py/any/ct.t.json @@ -311,6 +311,29 @@ } ] +# ct status != {expected, seen-reply, assured, confirmed, dying} +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "!=", + "right": { + "set": [ + "expected", + "seen-reply", + "assured", + "confirmed", + "dying" + ] + } + } + } +] + # ct status expected,seen-reply,assured,confirmed,snat,dnat,dying [ { @@ -364,6 +387,21 @@ } ] +# ct status ! dnat +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "!", + "right": "dnat" + } + } +] + # ct mark 0 [ { @@ -989,39 +1027,6 @@ } ] -# ct state . ct mark { new . 0x12345678} -[ - { - "match": { - "left": { - "concat": [ - { - "ct": { - "key": "state" - } - }, - { - "ct": { - "key": "mark" - } - } - ] - }, - "op": "==", - "right": { - "set": [ - { - "concat": [ - "new", - "0x12345678" - ] - } - ] - } - } - } -] - # ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634} [ { @@ -1449,6 +1454,21 @@ } ] +# ct id 12345 +[ + { + "match": { + "left": { + "ct": { + "key": "id" + } + }, + "op": "==", + "right": 12345 + } + } +] + # ct zone set mark map { 1 : 1, 2 : 2 } [ { @@ -1482,3 +1502,22 @@ } ] +# ct count 3 +[ + { + "ct count": { + "val": 3 + } + } +] + +# ct count over 3 +[ + { + "ct count": { + "inv": true, + "val": 3 + } + } +] + diff --git a/tests/py/any/ct.t.json.output b/tests/py/any/ct.t.json.output index aced3817..70ade7e3 100644 --- a/tests/py/any/ct.t.json.output +++ b/tests/py/any/ct.t.json.output @@ -527,14 +527,14 @@ "set": [ { "concat": [ - "established", - 309876276 + "new", + 305419896 ] }, { "concat": [ - "new", - 305419896 + "established", + 309876276 ] }, { @@ -611,23 +611,23 @@ [ { "concat": [ - "established", - 2271560481 + "new", + 305419896 ] }, { - "accept": null + "drop": null } ], [ { "concat": [ - "new", - 305419896 + "established", + 2271560481 ] }, { - "drop": null + "accept": null } ] ] diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload index ccbddc89..ed868e53 100644 --- a/tests/py/any/ct.t.payload +++ b/tests/py/any/ct.t.payload @@ -1,7 +1,7 @@ # ct state new,established, related, untracked ip test-ip4 output [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000004e ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000004e ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct state != related @@ -28,21 +28,21 @@ ip test-ip4 output # ct state invalid drop ip test-ip4 output [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ immediate reg 0 drop ] # ct state established accept ip test-ip4 output [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ immediate reg 0 accept ] # ct state 8 ip test-ip4 output [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000008 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000008 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct direction original @@ -84,7 +84,7 @@ ip test-ip4 output # ct status expected ip test-ip4 output [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct status != expected @@ -95,7 +95,7 @@ ip test-ip4 output # ct status seen-reply ip test-ip4 output [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct status != seen-reply @@ -127,25 +127,25 @@ ip test-ip4 output # ct mark or 0x23 == 0x11 ip test-ip4 output [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffdc ) ^ 0x00000023 ] + [ bitwise reg 1 = ( reg 1 & 0xffffffdc ) ^ 0x00000023 ] [ cmp eq reg 1 0x00000011 ] # ct mark or 0x3 != 0x1 ip test-ip4 output [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffc ) ^ 0x00000003 ] [ cmp neq reg 1 0x00000001 ] # ct mark and 0x23 == 0x11 ip test-ip4 output [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000023 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000023 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000011 ] # ct mark and 0x3 != 0x1 ip test-ip4 output [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000001 ] # ct mark xor 0x23 == 0x11 @@ -306,15 +306,6 @@ ip test-ip4 output [ ct load helper => reg 1 ] [ cmp eq reg 1 0x00707466 0x00000000 0x00000000 0x00000000 ] -# ct state . ct mark { new . 0x12345678} -__set%d test 3 -__set%d test 0 - element 00000008 12345678 : 0 [end] -ip test-ip4 output - [ ct load state => reg 1 ] - [ ct load mark => reg 9 ] - [ lookup reg 1 set __set%d ] - # ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634} __set%d test-ip4 3 __set%d test-ip4 0 @@ -330,23 +321,9 @@ ip test-ip4 output [ ct set mark with reg 1 ] # ct mark set (meta mark | 0x10) << 8 -ip test-ip4 output - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffef ) ^ 0x00000010 ] - [ bitwise reg 1 = ( reg 1 << 0x00000008 ) ] - [ ct set mark with reg 1 ] - -# ct mark set (meta mark | 0x10) << 8 -ip6 test-ip6 output - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffef ) ^ 0x00000010 ] - [ bitwise reg 1 = ( reg 1 << 0x00000008 ) ] - [ ct set mark with reg 1 ] - -# ct mark set (meta mark | 0x10) << 8 inet test-inet output [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffef ) ^ 0x00000010 ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] [ bitwise reg 1 = ( reg 1 << 0x00000008 ) ] [ ct set mark with reg 1 ] @@ -392,19 +369,19 @@ ip test-ip4 output # ct status expected,seen-reply,assured,confirmed,snat,dnat,dying ip test-ip4 output [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000023f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000023f ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct status snat ip test-ip4 output [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct status dnat ip test-ip4 output [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000020 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # ct event set new @@ -440,7 +417,7 @@ ip test-ip4 output # ct label 127 ip test-ip4 output [ ct load label => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000000 0x00000000 0x00000000 0x80000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000000 0x00000000 0x00000000 0x80000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] [ cmp neq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] # ct label set 127 @@ -508,7 +485,7 @@ ip test-ip4 output # ct state . ct mark vmap { new . 0x12345678 : drop, established . 0x87654321 : accept} __map%d test-ip4 b size 2 __map%d test-ip4 0 - element 00000008 12345678 : 0 [end] element 00000002 87654321 : 0 [end] + element 00000008 12345678 : drop 0 [end] element 00000002 87654321 : accept 0 [end] ip test-ip4 output [ ct load state => reg 1 ] [ ct load mark => reg 9 ] @@ -517,7 +494,7 @@ ip test-ip4 output # ct mark set ct mark or 0x00000001 ip test-ip4 output [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffe ) ^ 0x00000001 ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffe ) ^ 0x00000001 ] [ ct set mark with reg 1 ] # ct id 12345 @@ -525,3 +502,17 @@ ip test-ip4 output [ ct load unknown => reg 1 ] [ cmp eq reg 1 0x39300000 ] +# ct status ! dnat +ip6 + [ ct load status => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# ct count 3 +ip test-ip4 output + [ connlimit count 3 flags 0 ] + +# ct count over 3 +ip test-ip4 output + [ connlimit count 3 flags 1 ] + diff --git a/tests/py/any/icmpX.t.netdev b/tests/py/any/icmpX.t.netdev index a327ce6a..cf402428 100644 --- a/tests/py/any/icmpX.t.netdev +++ b/tests/py/any/icmpX.t.netdev @@ -1,6 +1,7 @@ :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress ip protocol icmp icmp type echo-request;ok;icmp type echo-request icmp type echo-request;ok diff --git a/tests/py/any/last.t b/tests/py/any/last.t new file mode 100644 index 00000000..5c530461 --- /dev/null +++ b/tests/py/any/last.t @@ -0,0 +1,13 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 + +*ip;test-ip4;input +*ip6;test-ip6;input +*inet;test-inet;input +*arp;test-arp;input +*bridge;test-bridge;input +*netdev;test-netdev;ingress + +last;ok +last used 300s;ok;last +last used foo;fail diff --git a/tests/py/any/last.t.json b/tests/py/any/last.t.json new file mode 100644 index 00000000..2a2b9e72 --- /dev/null +++ b/tests/py/any/last.t.json @@ -0,0 +1,16 @@ +# last +[ + { + "last": null + } +] + +# last used 300s +[ + { + "last": { + "used": 300000 + } + } +] + diff --git a/tests/py/any/last.t.json.output b/tests/py/any/last.t.json.output new file mode 100644 index 00000000..e8ec4f47 --- /dev/null +++ b/tests/py/any/last.t.json.output @@ -0,0 +1,7 @@ +# last used 300s +[ + { + "last": null + } +] + diff --git a/tests/py/any/last.t.payload b/tests/py/any/last.t.payload new file mode 100644 index 00000000..ed47d0f3 --- /dev/null +++ b/tests/py/any/last.t.payload @@ -0,0 +1,8 @@ +# last +ip + [ last never ] + +# last used 300s +ip + [ last 300000 ] + diff --git a/tests/py/any/limit.t b/tests/py/any/limit.t index ef7f9313..2a84e3f5 100644 --- a/tests/py/any/limit.t +++ b/tests/py/any/limit.t @@ -1,18 +1,19 @@ :output;type filter hook output priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;output *ip6;test-ip6;output *inet;test-inet;output *arp;test-arp;output *bridge;test-bridge;output -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress -limit rate 400/minute;ok -limit rate 20/second;ok -limit rate 400/hour;ok -limit rate 40/day;ok -limit rate 400/week;ok +limit rate 400/minute;ok;limit rate 400/minute burst 5 packets +limit rate 20/second;ok;limit rate 20/second burst 5 packets +limit rate 400/hour;ok;limit rate 400/hour burst 5 packets +limit rate 40/day;ok;limit rate 40/day burst 5 packets +limit rate 400/week;ok;limit rate 400/week burst 5 packets limit rate 1023/second burst 10 packets;ok limit rate 1023/second burst 10 bytes;fail @@ -21,19 +22,22 @@ limit rate 2 kbytes/second;ok limit rate 1025 kbytes/second;ok limit rate 1023 mbytes/second;ok limit rate 10230 mbytes/second;ok -limit rate 1023000 mbytes/second;ok limit rate 512 kbytes/second burst 5 packets;fail +limit rate 1 bytes / second;ok;limit rate 1 bytes/second +limit rate 1 kbytes / second;ok;limit rate 1 kbytes/second +limit rate 1 mbytes / second;ok;limit rate 1 mbytes/second +limit rate 1 gbytes / second;fail + limit rate 1025 bytes/second burst 512 bytes;ok limit rate 1025 kbytes/second burst 1023 kbytes;ok limit rate 1025 mbytes/second burst 1025 kbytes;ok -limit rate 1025000 mbytes/second burst 1023 mbytes;ok -limit rate over 400/minute;ok -limit rate over 20/second;ok -limit rate over 400/hour;ok -limit rate over 40/day;ok -limit rate over 400/week;ok +limit rate over 400/minute;ok;limit rate over 400/minute burst 5 packets +limit rate over 20/second;ok;limit rate over 20/second burst 5 packets +limit rate over 400/hour;ok;limit rate over 400/hour burst 5 packets +limit rate over 40/day;ok;limit rate over 40/day burst 5 packets +limit rate over 400/week;ok;limit rate over 400/week burst 5 packets limit rate over 1023/second burst 10 packets;ok limit rate over 1 kbytes/second;ok @@ -41,9 +45,7 @@ limit rate over 2 kbytes/second;ok limit rate over 1025 kbytes/second;ok limit rate over 1023 mbytes/second;ok limit rate over 10230 mbytes/second;ok -limit rate over 1023000 mbytes/second;ok limit rate over 1025 bytes/second burst 512 bytes;ok limit rate over 1025 kbytes/second burst 1023 kbytes;ok limit rate over 1025 mbytes/second burst 1025 kbytes;ok -limit rate over 1025000 mbytes/second burst 1023 mbytes;ok diff --git a/tests/py/any/limit.t.json b/tests/py/any/limit.t.json index 8bab7e3d..73160b27 100644 --- a/tests/py/any/limit.t.json +++ b/tests/py/any/limit.t.json @@ -114,12 +114,40 @@ } ] -# limit rate 1023000 mbytes/second +# limit rate 1 bytes / second [ { "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 1, + "rate_unit": "bytes" + } + } +] + +# limit rate 1 kbytes / second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 1, + "rate_unit": "kbytes" + } + } +] + +# limit rate 1 mbytes / second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", "per": "second", - "rate": 1023000, + "rate": 1, "rate_unit": "mbytes" } } @@ -164,19 +192,6 @@ } ] -# limit rate 1025000 mbytes/second burst 1023 mbytes -[ - { - "limit": { - "burst": 1023, - "burst_unit": "mbytes", - "per": "second", - "rate": 1025000, - "rate_unit": "mbytes" - } - } -] - # limit rate over 400/minute [ { @@ -304,18 +319,6 @@ } ] -# limit rate over 1023000 mbytes/second -[ - { - "limit": { - "inv": true, - "per": "second", - "rate": 1023000, - "rate_unit": "mbytes" - } - } -] - # limit rate over 1025 bytes/second burst 512 bytes [ { @@ -357,18 +360,3 @@ } } ] - -# limit rate over 1025000 mbytes/second burst 1023 mbytes -[ - { - "limit": { - "burst": 1023, - "burst_unit": "mbytes", - "inv": true, - "per": "second", - "rate": 1025000, - "rate_unit": "mbytes" - } - } -] - diff --git a/tests/py/any/limit.t.json.output b/tests/py/any/limit.t.json.output new file mode 100644 index 00000000..2c94d2de --- /dev/null +++ b/tests/py/any/limit.t.json.output @@ -0,0 +1,249 @@ +# limit rate 400/minute +[ + { + "limit": { + "burst": 5, + "per": "minute", + "rate": 400 + } + } +] + +# limit rate 20/second +[ + { + "limit": { + "burst": 5, + "per": "second", + "rate": 20 + } + } +] + +# limit rate 400/hour +[ + { + "limit": { + "burst": 5, + "per": "hour", + "rate": 400 + } + } +] + +# limit rate 40/day +[ + { + "limit": { + "burst": 5, + "per": "day", + "rate": 40 + } + } +] + +# limit rate 400/week +[ + { + "limit": { + "burst": 5, + "per": "week", + "rate": 400 + } + } +] + +# limit rate 1 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 1, + "rate_unit": "kbytes" + } + } +] + +# limit rate 2 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 2, + "rate_unit": "kbytes" + } + } +] + +# limit rate 1025 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 1025, + "rate_unit": "kbytes" + } + } +] + +# limit rate 1023 mbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 1023, + "rate_unit": "mbytes" + } + } +] + +# limit rate 10230 mbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "per": "second", + "rate": 10230, + "rate_unit": "mbytes" + } + } +] + +# limit rate over 400/minute +[ + { + "limit": { + "burst": 5, + "inv": true, + "per": "minute", + "rate": 400 + } + } +] + +# limit rate over 20/second +[ + { + "limit": { + "burst": 5, + "inv": true, + "per": "second", + "rate": 20 + } + } +] + +# limit rate over 400/hour +[ + { + "limit": { + "burst": 5, + "inv": true, + "per": "hour", + "rate": 400 + } + } +] + +# limit rate over 40/day +[ + { + "limit": { + "burst": 5, + "inv": true, + "per": "day", + "rate": 40 + } + } +] + +# limit rate over 400/week +[ + { + "limit": { + "burst": 5, + "inv": true, + "per": "week", + "rate": 400 + } + } +] + +# limit rate over 1 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 1, + "rate_unit": "kbytes" + } + } +] + +# limit rate over 2 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 2, + "rate_unit": "kbytes" + } + } +] + +# limit rate over 1025 kbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 1025, + "rate_unit": "kbytes" + } + } +] + +# limit rate over 1023 mbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 1023, + "rate_unit": "mbytes" + } + } +] + +# limit rate over 10230 mbytes/second +[ + { + "limit": { + "burst": 0, + "burst_unit": "bytes", + "inv": true, + "per": "second", + "rate": 10230, + "rate_unit": "mbytes" + } + } +] diff --git a/tests/py/any/limit.t.payload b/tests/py/any/limit.t.payload index b0cc84b4..dc6701b3 100644 --- a/tests/py/any/limit.t.payload +++ b/tests/py/any/limit.t.payload @@ -1,22 +1,22 @@ # limit rate 400/minute ip test-ip4 output - [ limit rate 400/minute burst 0 type packets flags 0x0 ] + [ limit rate 400/minute burst 5 type packets flags 0x0 ] # limit rate 20/second ip test-ip4 output - [ limit rate 20/second burst 0 type packets flags 0x0 ] + [ limit rate 20/second burst 5 type packets flags 0x0 ] # limit rate 400/hour ip test-ip4 output - [ limit rate 400/hour burst 0 type packets flags 0x0 ] + [ limit rate 400/hour burst 5 type packets flags 0x0 ] # limit rate 400/week ip test-ip4 output - [ limit rate 400/week burst 0 type packets flags 0x0 ] + [ limit rate 400/week burst 5 type packets flags 0x0 ] # limit rate 40/day ip test-ip4 output - [ limit rate 40/day burst 0 type packets flags 0x0 ] + [ limit rate 40/day burst 5 type packets flags 0x0 ] # limit rate 1023/second burst 10 packets ip test-ip4 output @@ -42,9 +42,18 @@ ip test-ip4 output ip test-ip4 output [ limit rate 10726932480/second burst 0 type bytes flags 0x0 ] -# limit rate 1023000 mbytes/second -ip test-ip4 output - [ limit rate 1072693248000/second burst 0 type bytes flags 0x0 ] +# limit rate 1 bytes / second +ip + [ limit rate 1/second burst 0 type bytes flags 0x0 ] + +# limit rate 1 kbytes / second +ip + [ limit rate 1024/second burst 0 type bytes flags 0x0 ] + +# limit rate 1 mbytes / second +ip + [ limit rate 1048576/second burst 0 type bytes flags 0x0 ] + # limit rate 1025 bytes/second burst 512 bytes ip test-ip4 output @@ -58,29 +67,25 @@ ip test-ip4 output ip test-ip4 output [ limit rate 1074790400/second burst 1049600 type bytes flags 0x0 ] -# limit rate 1025000 mbytes/second burst 1023 mbytes -ip test-ip4 output - [ limit rate 1074790400000/second burst 1072693248 type bytes flags 0x0 ] - # limit rate over 400/minute ip test-ip4 output - [ limit rate 400/minute burst 0 type packets flags 0x1 ] + [ limit rate 400/minute burst 5 type packets flags 0x1 ] # limit rate over 20/second ip test-ip4 output - [ limit rate 20/second burst 0 type packets flags 0x1 ] + [ limit rate 20/second burst 5 type packets flags 0x1 ] # limit rate over 400/hour ip test-ip4 output - [ limit rate 400/hour burst 0 type packets flags 0x1 ] + [ limit rate 400/hour burst 5 type packets flags 0x1 ] # limit rate over 400/week ip test-ip4 output - [ limit rate 400/week burst 0 type packets flags 0x1 ] + [ limit rate 400/week burst 5 type packets flags 0x1 ] # limit rate over 40/day ip test-ip4 output - [ limit rate 40/day burst 0 type packets flags 0x1 ] + [ limit rate 40/day burst 5 type packets flags 0x1 ] # limit rate over 1023/second burst 10 packets ip test-ip4 output @@ -106,10 +111,6 @@ ip test-ip4 output ip test-ip4 output [ limit rate 10726932480/second burst 0 type bytes flags 0x1 ] -# limit rate over 1023000 mbytes/second -ip test-ip4 output - [ limit rate 1072693248000/second burst 0 type bytes flags 0x1 ] - # limit rate over 1025 bytes/second burst 512 bytes ip test-ip4 output [ limit rate 1025/second burst 512 type bytes flags 0x1 ] @@ -121,8 +122,3 @@ ip test-ip4 output # limit rate over 1025 mbytes/second burst 1025 kbytes ip test-ip4 output [ limit rate 1074790400/second burst 1049600 type bytes flags 0x1 ] - -# limit rate over 1025000 mbytes/second burst 1023 mbytes -ip test-ip4 output - [ limit rate 1074790400000/second burst 1072693248 type bytes flags 0x1 ] - diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t index 327f973f..bd10c56d 100644 --- a/tests/py/any/meta.t +++ b/tests/py/any/meta.t @@ -1,12 +1,13 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input *arp;test-arp;input *bridge;test-bridge;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress meta length 1000;ok meta length 22;ok @@ -20,8 +21,8 @@ meta length != { 33, 55, 67, 88};ok meta length { 33-55, 66-88};ok meta length != { 33-55, 66-88};ok -meta protocol { ip, arp, ip6, vlan };ok;meta protocol { ip6, ip, vlan, arp} -meta protocol != {ip, arp, ip6, vlan};ok +meta protocol { ip, arp, ip6, vlan };ok;meta protocol { ip6, ip, 8021q, arp} +meta protocol != {ip, arp, ip6, 8021q};ok meta protocol ip;ok meta protocol != ip;ok @@ -29,7 +30,7 @@ meta l4proto 22;ok meta l4proto != 233;ok meta l4proto 33-45;ok meta l4proto != 33-45;ok -meta l4proto { 33, 55, 67, 88};ok;meta l4proto { 33, 55, 67, 88} +meta l4proto { 33, 55, 67, 88};ok meta l4proto != { 33, 55, 67, 88};ok meta l4proto { 33-55, 66-88};ok meta l4proto != { 33-55, 66-88};ok @@ -55,6 +56,7 @@ meta mark and 0x03 == 0x01;ok;meta mark & 0x00000003 == 0x00000001 meta mark and 0x03 != 0x01;ok;meta mark & 0x00000003 != 0x00000001 meta mark 0x10;ok;meta mark 0x00000010 meta mark != 0x10;ok;meta mark != 0x00000010 +meta mark 0xffffff00/24;ok;meta mark & 0xffffff00 == 0xffffff00 meta mark or 0x03 == 0x01;ok;meta mark | 0x00000003 == 0x00000001 meta mark or 0x03 != 0x01;ok;meta mark | 0x00000003 != 0x00000001 @@ -101,10 +103,10 @@ meta skuid != "root";ok;meta skuid != 0 meta skuid lt 3000 accept;ok;meta skuid < 3000 accept meta skuid gt 3000 accept;ok;meta skuid > 3000 accept meta skuid eq 3000 accept;ok;meta skuid 3000 accept -meta skuid 3001-3005 accept;ok;meta skuid 3001-3005 accept -meta skuid != 2001-2005 accept;ok;meta skuid != 2001-2005 accept -meta skuid { 2001-2005, 3001-3005} accept;ok;meta skuid { 2001-2005, 3001-3005} accept -meta skuid != { 2001-2005, 3001-3005} accept;ok;meta skuid != { 2001-2005, 3001-3005} accept +meta skuid 3001-3005 accept;ok +meta skuid != 2001-2005 accept;ok +meta skuid { 2001-2005, 3001-3005} accept;ok +meta skuid != { 2001-2005, 3001-3005} accept;ok meta skgid {"bin", "root", "daemon"} accept;ok;meta skgid { 0, 1, 2} accept meta skgid != {"bin", "root", "daemon"} accept;ok;meta skgid != { 1, 0, 2} accept @@ -113,10 +115,8 @@ meta skgid != "root";ok;meta skgid != 0 meta skgid lt 3000 accept;ok;meta skgid < 3000 accept meta skgid gt 3000 accept;ok;meta skgid > 3000 accept meta skgid eq 3000 accept;ok;meta skgid 3000 accept -meta skgid 2001-2005 accept;ok;meta skgid 2001-2005 accept -meta skgid != 2001-2005 accept;ok;meta skgid != 2001-2005 accept -meta skgid { 2001-2005} accept;ok;meta skgid { 2001-2005} accept -meta skgid != { 2001-2005} accept;ok;meta skgid != { 2001-2005} accept +meta skgid 2001-2005 accept;ok +meta skgid != 2001-2005 accept;ok # BUG: meta nftrace 2 and meta nftrace 1 # $ sudo nft add rule ip test input meta nftrace 2 @@ -188,14 +188,12 @@ meta oifgroup {11-33, 44-55};ok;oifgroup {11-33, 44-55} meta oifgroup != { 11,33};ok;oifgroup != { 11,33} meta oifgroup != {11-33, 44-55};ok;oifgroup != {11-33, 44-55} -meta cgroup 1048577;ok;meta cgroup 1048577 -meta cgroup != 1048577;ok;meta cgroup != 1048577 -meta cgroup { 1048577, 1048578 };ok;meta cgroup { 1048577, 1048578} -meta cgroup != { 1048577, 1048578};ok;meta cgroup != { 1048577, 1048578} -meta cgroup 1048577-1048578;ok;meta cgroup 1048577-1048578 -meta cgroup != 1048577-1048578;ok;meta cgroup != 1048577-1048578 -meta cgroup {1048577-1048578};ok;meta cgroup { 1048577-1048578} -meta cgroup != { 1048577-1048578};ok;meta cgroup != { 1048577-1048578} +meta cgroup 1048577;ok +meta cgroup != 1048577;ok +meta cgroup { 1048577, 1048578 };ok +meta cgroup != { 1048577, 1048578};ok +meta cgroup 1048577-1048578;ok +meta cgroup != 1048577-1048578;ok meta iif . meta oif { "lo" . "lo" };ok;iif . oif { "lo" . "lo" } meta iif . meta oif . meta mark { "lo" . "lo" . 0x0000000a };ok;iif . oif . meta mark { "lo" . "lo" . 0x0000000a } @@ -210,6 +208,8 @@ meta time "2019-06-21 17:00:00" drop;ok meta time "2019-07-01 00:00:00" drop;ok meta time "2019-07-01 00:01:00" drop;ok meta time "2019-07-01 00:00:01" drop;ok +meta time < "2022-07-01 11:00:00" accept;ok +meta time > "2022-07-01 11:00:00" accept;ok meta day "Saturday" drop;ok meta day 6 drop;ok;meta day "Saturday" drop meta day "Satturday" drop;fail @@ -218,7 +218,13 @@ meta hour "17:00:00" drop;ok;meta hour "17:00" drop meta hour "17:00:01" drop;ok meta hour "00:00" drop;ok meta hour "00:01" drop;ok +time < "2022-07-01 11:00:00" accept;ok;meta time < "2022-07-01 11:00:00" accept +time > "2022-07-01 11:00:00" accept;ok;meta time > "2022-07-01 11:00:00" accept meta time "meh";fail meta hour "24:00" drop;fail meta day 7 drop;fail + +meta mark set vlan id map { 1 : 0x00000001, 4095 : 0x00004095 };ok +!map1 typeof vlan id : meta mark;ok +meta mark set vlan id map @map1;ok diff --git a/tests/py/any/meta.t.json b/tests/py/any/meta.t.json index 47dc0724..676affea 100644 --- a/tests/py/any/meta.t.json +++ b/tests/py/any/meta.t.json @@ -199,7 +199,7 @@ } ] -# meta protocol != {ip, arp, ip6, vlan} +# meta protocol != {ip, arp, ip6, 8021q} [ { "match": { @@ -212,7 +212,7 @@ "ip", "arp", "ip6", - "vlan" + "8021q" ] } } @@ -662,6 +662,26 @@ } ] +# meta mark 0xffffff00/24 +[ + { + "match": { + "left": { + "&": [ + { + "meta": { + "key": "mark" + } + }, + 4294967040 + ] + }, + "op": "==", + "right": 4294967040 + } + } +] + # meta mark or 0x03 == 0x01 [ { @@ -1476,46 +1496,6 @@ } ] -# meta skgid { 2001-2005} accept -[ - { - "match": { - "left": { - "meta": { "key": "skgid" } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 2001, 2005 ] } - ] - } - } - }, - { - "accept": null - } -] - -# meta skgid != { 2001-2005} accept -[ - { - "match": { - "left": { - "meta": { "key": "skgid" } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 2001, 2005 ] } - ] - } - } - }, - { - "accept": null - } -] - # meta mark set 0xffffffc8 xor 0x16 [ { @@ -2581,6 +2561,42 @@ } ] +# meta time < "2022-07-01 11:00:00" accept +[ + { + "match": { + "left": { + "meta": { + "key": "time" + } + }, + "op": "<", + "right": "2022-07-01 11:00:00" + } + }, + { + "accept": null + } +] + +# meta time > "2022-07-01 11:00:00" accept +[ + { + "match": { + "left": { + "meta": { + "key": "time" + } + }, + "op": ">", + "right": "2022-07-01 11:00:00" + } + }, + { + "accept": null + } +] + # meta day "Saturday" drop [ { @@ -2645,7 +2661,7 @@ } }, "op": "==", - "right": "17:00" + "right": "17:00:00" } }, { @@ -2706,3 +2722,99 @@ "drop": null } ] + +# time < "2022-07-01 11:00:00" accept +[ + { + "match": { + "left": { + "meta": { + "key": "time" + } + }, + "op": "<", + "right": "2022-07-01 11:00:00" + } + }, + { + "accept": null + } +] + +# time > "2022-07-01 11:00:00" accept +[ + { + "match": { + "left": { + "meta": { + "key": "time" + } + }, + "op": ">", + "right": "2022-07-01 11:00:00" + } + }, + { + "accept": null + } +] + +# meta mark set vlan id map { 1 : 0x00000001, 4095 : 0x00004095 } +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": { + "set": [ + [ + 1, + 1 + ], + [ + 4095, + 16533 + ] + ] + }, + "key": { + "payload": { + "field": "id", + "protocol": "vlan" + } + } + } + } + } + } +] + +# meta mark set vlan id map @map1 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": "@map1", + "key": { + "payload": { + "field": "id", + "protocol": "vlan" + } + } + } + } + } + } +] + diff --git a/tests/py/any/meta.t.json.output b/tests/py/any/meta.t.json.output index 74b934b8..d46935de 100644 --- a/tests/py/any/meta.t.json.output +++ b/tests/py/any/meta.t.json.output @@ -10,7 +10,7 @@ "set": [ "ip", "arp", - "vlan", + "8021q", "ip6" ] } @@ -18,7 +18,7 @@ } ] -# meta protocol != {ip, arp, ip6, vlan} +# meta protocol != {ip, arp, ip6, 8021q} [ { "match": { @@ -30,7 +30,7 @@ "set": [ "ip", "arp", - "vlan", + "8021q", "ip6" ] } @@ -592,24 +592,6 @@ } ] -# meta time "1970-05-23 21:07:14" drop -[ - { - "match": { - "left": { - "meta": { - "key": "time" - } - }, - "op": "==", - "right": "1970-05-23 21:07:14" - } - }, - { - "drop": null - } -] - # meta time 12341234 drop [ { @@ -628,96 +610,6 @@ } ] -# meta time "2019-06-21 17:00:00" drop -[ - { - "match": { - "left": { - "meta": { - "key": "time" - } - }, - "op": "==", - "right": "2019-06-21 17:00:00" - } - }, - { - "drop": null - } -] - -# meta time "2019-07-01 00:00:00" drop -[ - { - "match": { - "left": { - "meta": { - "key": "time" - } - }, - "op": "==", - "right": "2019-07-01 00:00:00" - } - }, - { - "drop": null - } -] - -# meta time "2019-07-01 00:01:00" drop -[ - { - "match": { - "left": { - "meta": { - "key": "time" - } - }, - "op": "==", - "right": "2019-07-01 00:01:00" - } - }, - { - "drop": null - } -] - -# meta time "2019-07-01 00:00:01" drop -[ - { - "match": { - "left": { - "meta": { - "key": "time" - } - }, - "op": "==", - "right": "2019-07-01 00:00:01" - } - }, - { - "drop": null - } -] - -# meta day "Saturday" drop -[ - { - "match": { - "left": { - "meta": { - "key": "day" - } - }, - "op": "==", - "right": "Saturday" - } - }, - { - "drop": null - } -] - # meta day 6 drop [ { @@ -736,24 +628,6 @@ } ] -# meta hour "17:00" drop -[ - { - "match": { - "left": { - "meta": { - "key": "hour" - } - }, - "op": "==", - "right": "17:00" - } - }, - { - "drop": null - } -] - # meta hour "17:00:00" drop [ { @@ -772,57 +646,3 @@ } ] -# meta hour "17:00:01" drop -[ - { - "match": { - "left": { - "meta": { - "key": "hour" - } - }, - "op": "==", - "right": "17:00:01" - } - }, - { - "drop": null - } -] - -# meta hour "00:00" drop -[ - { - "match": { - "left": { - "meta": { - "key": "hour" - } - }, - "op": "==", - "right": "00:00" - } - }, - { - "drop": null - } -] - -# meta hour "00:01" drop -[ - { - "match": { - "left": { - "meta": { - "key": "hour" - } - }, - "op": "==", - "right": "00:01" - } - }, - { - "drop": null - } -] - diff --git a/tests/py/any/meta.t.payload b/tests/py/any/meta.t.payload index 2af244a9..49dd729b 100644 --- a/tests/py/any/meta.t.payload +++ b/tests/py/any/meta.t.payload @@ -68,7 +68,7 @@ ip test-ip4 input [ meta load protocol => reg 1 ] [ lookup reg 1 set __set%d ] -# meta protocol != {ip, arp, ip6, vlan} +# meta protocol != {ip, arp, ip6, 8021q} __set%d test-ip4 3 __set%d test-ip4 0 element 00000008 : 0 [end] element 00000608 : 0 [end] element 0000dd86 : 0 [end] element 00000081 : 0 [end] @@ -136,13 +136,13 @@ ip test-ip4 input # meta mark and 0x03 == 0x01 ip test-ip4 input [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000001 ] # meta mark and 0x03 != 0x01 ip test-ip4 input [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000001 ] # meta mark 0x10 @@ -155,16 +155,22 @@ ip test-ip4 input [ meta load mark => reg 1 ] [ cmp neq reg 1 0x00000010 ] +# meta mark 0xffffff00/24 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0xffffff00 ) ^ 0x00000000 ] + [ cmp eq reg 1 0xffffff00 ] + # meta mark or 0x03 == 0x01 ip test-ip4 input [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffc ) ^ 0x00000003 ] [ cmp eq reg 1 0x00000001 ] # meta mark or 0x03 != 0x01 ip test-ip4 input [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffc ) ^ 0x00000003 ] [ cmp neq reg 1 0x00000001 ] # meta mark xor 0x03 == 0x01 @@ -631,22 +637,6 @@ ip test-ip4 input [ meta load iifgroup => reg 1 ] [ cmp neq reg 1 0x00000000 ] -# meta iifgroup {"default"} -__set%d test-ip4 3 -__set%d test-ip4 0 - element 00000000 : 0 [end] -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ lookup reg 1 set __set%d ] - -# meta iifgroup != {"default"} -__set%d test-ip4 3 -__set%d test-ip4 0 - element 00000000 : 0 [end] -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # meta iifgroup { 11,33} __set%d test-ip4 3 __set%d test-ip4 0 @@ -744,7 +734,7 @@ ip test-ip4 output # meta iif . meta oif vmap { "lo" . "lo" : drop } __map%d test-ip4 b __map%d test-ip4 0 - element 00000001 00000001 : 0 [end] + element 00000001 00000001 : drop 0 [end] ip test-ip4 output [ meta load iif => reg 1 ] [ meta load oif => reg 9 ] @@ -977,72 +967,6 @@ ip test-ip4 input [ meta load oifgroup => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# meta iif . meta oif { "lo" . "lo" , "dummy0" . "dummy0" } -__set%d test-ip4 3 size 2 -__set%d test-ip4 0 - element 00000001 00000001 : 0 [end] element 00000005 00000005 : 0 [end] -ip test-ip4 input - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ lookup reg 1 set __set%d ] - -# meta iif . meta oif . meta mark { "lo" . "lo" . 0x0000000a, "dummy0" . "dummy0" . 0x0000000b } -__set%d test-ip4 3 size 2 -__set%d test-ip4 0 - element 00000001 00000001 0000000a : 0 [end] element 00000005 00000005 0000000b : 0 [end] -ip test-ip4 input - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ meta load mark => reg 10 ] - [ lookup reg 1 set __set%d ] - -# meta iif . meta oif vmap { "lo" . "lo" : drop, "dummy0" . "dummy0" : accept } -__map%d test-ip4 b size 2 -__map%d test-ip4 0 - element 00000001 00000001 : 0 [end] element 00000005 00000005 : 0 [end] -ip test-ip4 input - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ lookup reg 1 set __map%d dreg 0 ] - -# meta skgid { 2001-2005} accept -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set __set%d ] - [ immediate reg 0 accept ] - -# meta skgid != { 2001-2005} accept -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set __set%d 0x1 ] - [ immediate reg 0 accept ] - -# meta cgroup {1048577-1048578} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 01001000 : 0 [end] element 03001000 : 1 [end] -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set __set%d ] - -# meta cgroup != { 1048577-1048578} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 01001000 : 0 [end] element 03001000 : 1 [end] -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set __set%d 0x1 ] - # meta time "1970-05-23 21:07:14" drop ip meta-test input [ meta load time => reg 1 ] @@ -1079,6 +1003,20 @@ ip meta-test input [ cmp eq reg 1 0x22eb8a00 0x15ad18e1 ] [ immediate reg 0 drop ] +# meta time < "2022-07-01 11:00:00" accept +ip test-ip4 input + [ meta load time => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 8, 8) ] + [ cmp lt reg 1 0xf3a8fd16 0x00a07719 ] + [ immediate reg 0 accept ] + +# meta time > "2022-07-01 11:00:00" accept +ip test-ip4 input + [ meta load time => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 8, 8) ] + [ cmp gt reg 1 0xf3a8fd16 0x00a07719 ] + [ immediate reg 0 accept ] + # meta day "Saturday" drop ip test-ip4 input [ meta load day => reg 1 ] @@ -1120,3 +1058,42 @@ ip meta-test input [ meta load hour => reg 1 ] [ cmp eq reg 1 0x0001359c ] [ immediate reg 0 drop ] + +# time < "2022-07-01 11:00:00" accept +ip test-ip4 input + [ meta load time => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 8, 8) ] + [ cmp lt reg 1 0xf3a8fd16 0x00a07719 ] + [ immediate reg 0 accept ] + +# time > "2022-07-01 11:00:00" accept +ip test-ip4 input + [ meta load time => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 8, 8) ] + [ cmp gt reg 1 0xf3a8fd16 0x00a07719 ] + [ immediate reg 0 accept ] + +# meta mark set vlan id map { 1 : 0x00000001, 4095 : 0x00004095 } +__map%d test-ip4 b size 2 +__map%d test-ip4 0 + element 00000100 : 00000001 0 [end] element 0000ff0f : 00004095 0 [end] +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# meta mark set vlan id map @map1 +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set map1 dreg 1 ] + [ meta set mark with reg 1 ] diff --git a/tests/py/any/meta.t.payload.bridge b/tests/py/any/meta.t.payload.bridge new file mode 100644 index 00000000..5997ccc7 --- /dev/null +++ b/tests/py/any/meta.t.payload.bridge @@ -0,0 +1,20 @@ +# meta mark set vlan id map { 1 : 0x00000001, 4095 : 0x00004095 } +__map%d test-bridge b size 2 +__map%d test-bridge 0 + element 00000100 : 00000001 0 [end] element 0000ff0f : 00004095 0 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# meta mark set vlan id map @map1 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set map1 dreg 1 ] + [ meta set mark with reg 1 ] diff --git a/tests/py/any/objects.t b/tests/py/any/objects.t index 89a9545f..7b51f918 100644 --- a/tests/py/any/objects.t +++ b/tests/py/any/objects.t @@ -1,12 +1,13 @@ :output;type filter hook output priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;output *ip6;test-ip6;output *inet;test-inet;output *arp;test-arp;output *bridge;test-bridge;output -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress %cnt1 type counter;ok %qt1 type quota 25 mbytes;ok diff --git a/tests/py/any/queue.t b/tests/py/any/queue.t index 75c071dd..2e511362 100644 --- a/tests/py/any/queue.t +++ b/tests/py/any/queue.t @@ -3,16 +3,31 @@ *ip;test-ip4;output *ip6;test-ip6;output *inet;test-inet;output -*arp;test-arp;output *bridge;test-bridge;output -queue;ok;queue num 0 -queue num 2;ok -queue num 65535;ok +queue;ok;queue to 0 +queue num 2;ok;queue to 2 +queue num 65535;ok;queue to 65535 queue num 65536;fail -queue num 2-3;ok -queue num 1-65535;ok -- queue num {3, 4, 6};ok -queue num 4-5 fanout bypass;ok;queue num 4-5 bypass,fanout -queue num 4-5 fanout;ok -queue num 4-5 bypass;ok +queue num 2-3;ok;queue to 2-3 +queue num 1-65535;ok;queue to 1-65535 +queue num 4-5 fanout bypass;ok;queue flags bypass,fanout to 4-5 +queue num 4-5 fanout;ok;queue flags fanout to 4-5 +queue num 4-5 bypass;ok;queue flags bypass to 4-5 + +queue to symhash mod 2 offset 65536;fail +queue num symhash mod 65536;fail +queue to symhash mod 65536;ok +queue flags fanout to symhash mod 65536;fail +queue flags bypass,fanout to symhash mod 65536;fail +queue flags bypass to numgen inc mod 65536;ok +queue to jhash oif . meta mark mod 32;ok +queue to 2;ok +queue to 65535;ok +queue flags bypass to 65535;ok +queue flags bypass to 1-65535;ok +queue flags bypass,fanout to 1-65535;ok +queue to 1-65535;ok +queue to oif;fail +queue num oif;fail +queue flags bypass to oifname map { "eth0" : 0, "ppp0" : 2, "eth1" : 2 };ok diff --git a/tests/py/any/queue.t.json b/tests/py/any/queue.t.json index 48e86727..5f7f9014 100644 --- a/tests/py/any/queue.t.json +++ b/tests/py/any/queue.t.json @@ -84,3 +84,168 @@ } ] +# queue to symhash mod 65536 +[ + { + "queue": { + "num": { + "symhash": { + "mod": 65536 + } + } + } + } +] + +# queue flags bypass to numgen inc mod 65536 +[ + { + "queue": { + "flags": "bypass", + "num": { + "numgen": { + "mod": 65536, + "mode": "inc", + "offset": 0 + } + } + } + } +] + +# queue to jhash oif . meta mark mod 32 +[ + { + "queue": { + "num": { + "jhash": { + "expr": { + "concat": [ + { + "meta": { + "key": "oif" + } + }, + { + "meta": { + "key": "mark" + } + } + ] + }, + "mod": 32 + } + } + } + } +] + +# queue flags bypass to oifname map { "eth0" : 0, "ppp0" : 2, "eth1" : 2 } +[ + { + "queue": { + "flags": "bypass", + "num": { + "map": { + "data": { + "set": [ + [ + "eth0", + 0 + ], + [ + "ppp0", + 2 + ], + [ + "eth1", + 2 + ] + ] + }, + "key": { + "meta": { + "key": "oifname" + } + } + } + } + } + } +] + +# queue to 2 +[ + { + "queue": { + "num": 2 + } + } +] + +# queue to 65535 +[ + { + "queue": { + "num": 65535 + } + } +] + +# queue flags bypass to 65535 +[ + { + "queue": { + "flags": "bypass", + "num": 65535 + } + } +] + +# queue flags bypass to 1-65535 +[ + { + "queue": { + "flags": "bypass", + "num": { + "range": [ + 1, + 65535 + ] + } + } + } +] + +# queue flags bypass,fanout to 1-65535 +[ + { + "queue": { + "flags": [ + "bypass", + "fanout" + ], + "num": { + "range": [ + 1, + 65535 + ] + } + } + } +] + +# queue to 1-65535 +[ + { + "queue": { + "num": { + "range": [ + 1, + 65535 + ] + } + } + } +] + diff --git a/tests/py/any/queue.t.payload b/tests/py/any/queue.t.payload index 78d939c6..2f221930 100644 --- a/tests/py/any/queue.t.payload +++ b/tests/py/any/queue.t.payload @@ -30,3 +30,52 @@ ip test-ip4 output ip test-ip4 output [ queue num 4-5 bypass ] +# queue to symhash mod 65536 +ip + [ hash reg 1 = symhash() % mod 65536 ] + [ queue sreg_qnum 1 ] + +# queue to jhash oif . meta mark mod 32 +ip + [ meta load oif => reg 2 ] + [ meta load mark => reg 13 ] + [ hash reg 1 = jhash(reg 2, 8, 0x0) % mod 32 ] + [ queue sreg_qnum 1 ] + +# queue flags bypass to numgen inc mod 65536 +ip + [ numgen reg 1 = inc mod 65536 ] + [ queue sreg_qnum 1 bypass ] + +# queue flags bypass to oifname map { "eth0" : 0, "ppp0" : 2, "eth1" : 2 } +__map%d test-ip4 b size 3 +__map%d test-ip4 0 + element 30687465 00000000 00000000 00000000 : 00000000 0 [end] element 30707070 00000000 00000000 00000000 : 00000002 0 [end] element 31687465 00000000 00000000 00000000 : 00000002 0 [end] +ip + [ meta load oifname => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ queue sreg_qnum 1 bypass ] + +# queue to 2 +ip + [ queue num 2 ] + +# queue to 65535 +ip + [ queue num 65535 ] + +# queue flags bypass to 65535 +ip + [ queue num 65535 bypass ] + +# queue flags bypass to 1-65535 +ip + [ queue num 1-65535 bypass ] + +# queue flags bypass,fanout to 1-65535 +ip + [ queue num 1-65535 bypass fanout ] + +# queue to 1-65535 +ip + [ queue num 1-65535 ] diff --git a/tests/py/any/quota.t b/tests/py/any/quota.t index 9a8db114..79dd7654 100644 --- a/tests/py/any/quota.t +++ b/tests/py/any/quota.t @@ -1,12 +1,13 @@ :output;type filter hook output priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;output *ip6;test-ip6;output *inet;test-inet;output *arp;test-arp;output *bridge;test-bridge;output -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress quota 1025 bytes;ok quota 1 kbytes;ok diff --git a/tests/py/any/rawpayload.t b/tests/py/any/rawpayload.t index c3382a96..5bc9d35f 100644 --- a/tests/py/any/rawpayload.t +++ b/tests/py/any/rawpayload.t @@ -1,19 +1,24 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress meta l4proto { tcp, udp, sctp} @th,16,16 { 22, 23, 80 };ok;meta l4proto { 6, 17, 132} th dport { 22, 23, 80} meta l4proto tcp @th,16,16 { 22, 23, 80};ok;tcp dport { 22, 23, 80} -@nh,8,8 255;ok -@nh,8,16 0;ok +@nh,8,8 0xff;ok +@nh,8,16 0x0;ok # out of range (0-1) @th,16,1 2;fail @ll,0,0 2;fail @ll,0,1;fail -@ll,0,1 1;ok;@ll,0,8 & 128 == 128 -@ll,0,8 and 0x80 eq 0x80;ok;@ll,0,8 & 128 == 128 -@ll,0,128 0xfedcba987654321001234567890abcde;ok;@ll,0,128 338770000845734292516042252062074518750 +@ll,0,1 1;ok;@ll,0,8 & 0x80 == 0x80 +@ll,0,8 & 0x80 == 0x80;ok +@ll,0,128 0xfedcba987654321001234567890abcde;ok + +meta l4proto 91 @th,400,16 0x0 accept;ok + +@ih,32,32 0x14000000;ok diff --git a/tests/py/any/rawpayload.t.json b/tests/py/any/rawpayload.t.json index 22028ad8..4cae4d49 100644 --- a/tests/py/any/rawpayload.t.json +++ b/tests/py/any/rawpayload.t.json @@ -66,7 +66,7 @@ } ] -# @nh,8,8 255 +# @nh,8,8 0xff [ { "match": { @@ -78,12 +78,12 @@ } }, "op": "==", - "right": 255 + "right": "0xff" } } ] -# @nh,8,16 0 +# @nh,8,16 0x0 [ { "match": { @@ -117,7 +117,7 @@ } ] -# @ll,0,8 and 0x80 eq 0x80 +# @ll,0,8 & 0x80 == 0x80 [ { "match": { @@ -156,3 +156,51 @@ } ] +# meta l4proto 91 @th,400,16 0x0 accept +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 91 + } + }, + { + "match": { + "left": { + "payload": { + "base": "th", + "len": 16, + "offset": 400 + } + }, + "op": "==", + "right": 0 + } + }, + { + "accept": null + } +] + +# @ih,32,32 0x14000000 +[ + { + "match": { + "left": { + "payload": { + "base": "ih", + "len": 32, + "offset": 32 + } + }, + "op": "==", + "right": 335544320 + } + } +] + diff --git a/tests/py/any/rawpayload.t.json.output b/tests/py/any/rawpayload.t.json.output index ccadbc57..291b237a 100644 --- a/tests/py/any/rawpayload.t.json.output +++ b/tests/py/any/rawpayload.t.json.output @@ -79,7 +79,7 @@ } ] -# @ll,0,8 and 0x80 eq 0x80 +# @ll,0,8 & 0x80 == 0x80 [ { "match": { @@ -101,3 +101,19 @@ } ] +# @nh,8,8 0xff +[ + { + "match": { + "left": { + "payload": { + "base": "nh", + "len": 8, + "offset": 8 + } + }, + "op": "==", + "right": 255 + } + } +] diff --git a/tests/py/any/rawpayload.t.payload b/tests/py/any/rawpayload.t.payload index a2cc6635..fe2377e6 100644 --- a/tests/py/any/rawpayload.t.payload +++ b/tests/py/any/rawpayload.t.payload @@ -21,12 +21,12 @@ inet test-inet input [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] -# @nh,8,8 255 +# @nh,8,8 0xff inet test-inet input [ payload load 1b @ network header + 1 => reg 1 ] [ cmp eq reg 1 0x000000ff ] -# @nh,8,16 0 +# @nh,8,16 0x0 inet test-inet input [ payload load 2b @ network header + 1 => reg 1 ] [ cmp eq reg 1 0x00000000 ] @@ -34,16 +34,30 @@ inet test-inet input # @ll,0,1 1 inet test-inet input [ payload load 1b @ link header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000080 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000080 ] -# @ll,0,8 and 0x80 eq 0x80 +# @ll,0,8 & 0x80 == 0x80 inet test-inet input [ payload load 1b @ link header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000080 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000080 ] # @ll,0,128 0xfedcba987654321001234567890abcde inet test-inet input [ payload load 16b @ link header + 0 => reg 1 ] [ cmp eq reg 1 0x98badcfe 0x10325476 0x67452301 0xdebc0a89 ] + +# meta l4proto 91 @th,400,16 0x0 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000005b ] + [ payload load 2b @ transport header + 50 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + [ immediate reg 0 accept ] + +# @ih,32,32 0x14000000 +inet test-inet input + [ payload load 4b @ inner header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000014 ] + diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t index 08b1dcb3..177f01c4 100644 --- a/tests/py/any/tcpopt.t +++ b/tests/py/any/tcpopt.t @@ -4,17 +4,16 @@ *ip6;test-ip6;input *inet;test-inet;input -tcp option eol kind 1;ok -tcp option noop kind 1;ok -tcp option maxseg kind 1;ok +tcp option eol exists;ok +tcp option nop exists;ok +tcp option maxseg exists;ok tcp option maxseg length 1;ok tcp option maxseg size 1;ok -tcp option window kind 1;ok tcp option window length 1;ok tcp option window count 1;ok -tcp option sack-permitted kind 1;ok -tcp option sack-permitted length 1;ok -tcp option sack kind 1;ok +tcp option sack-perm exists;ok +tcp option sack-perm length 1;ok +tcp option sack exists;ok tcp option sack length 1;ok tcp option sack left 1;ok tcp option sack0 left 1;ok;tcp option sack left 1 @@ -26,20 +25,38 @@ tcp option sack0 right 1;ok;tcp option sack right 1 tcp option sack1 right 1;ok tcp option sack2 right 1;ok tcp option sack3 right 1;ok -tcp option timestamp kind 1;ok +tcp option timestamp exists;ok tcp option timestamp length 1;ok tcp option timestamp tsval 1;ok tcp option timestamp tsecr 1;ok +tcp option 255 missing;ok +tcp option 6 exists;ok +tcp option @255,8,8 255;ok tcp option foobar;fail tcp option foo bar;fail tcp option eol left;fail tcp option eol left 1;fail -tcp option eol left 1;fail tcp option sack window;fail tcp option sack window 1;fail +tcp option 256 exists;fail +tcp option @255,8,8 256;fail tcp option window exists;ok tcp option window missing;ok tcp option maxseg size set 1360;ok + +tcp option md5sig exists;ok +tcp option fastopen exists;ok +tcp option mptcp exists;ok + +tcp option mptcp subtype 0;ok +tcp option mptcp subtype 1;ok +tcp option mptcp subtype { 0, 2};ok + +reset tcp option mptcp;ok +reset tcp option 2;ok;reset tcp option maxseg +reset tcp option 123;ok +reset tcp option meh;fail +reset tcp option 256;fail diff --git a/tests/py/any/tcpopt.t.json b/tests/py/any/tcpopt.t.json index 48eb339c..87074b9d 100644 --- a/tests/py/any/tcpopt.t.json +++ b/tests/py/any/tcpopt.t.json @@ -1,47 +1,44 @@ -# tcp option eol kind 1 +# tcp option eol exists [ { "match": { "left": { "tcp option": { - "field": "kind", "name": "eol" } }, "op": "==", - "right": 1 + "right": true } } ] -# tcp option noop kind 1 +# tcp option nop exists [ { "match": { "left": { "tcp option": { - "field": "kind", - "name": "noop" + "name": "nop" } }, "op": "==", - "right": 1 + "right": true } } ] -# tcp option maxseg kind 1 +# tcp option maxseg exists [ { "match": { "left": { "tcp option": { - "field": "kind", "name": "maxseg" } }, "op": "==", - "right": 1 + "right": true } } ] @@ -78,22 +75,6 @@ } ] -# tcp option window kind 1 -[ - { - "match": { - "left": { - "tcp option": { - "field": "kind", - "name": "window" - } - }, - "op": "==", - "right": 1 - } - } -] - # tcp option window length 1 [ { @@ -126,30 +107,29 @@ } ] -# tcp option sack-permitted kind 1 +# tcp option sack-perm exists [ { "match": { "left": { "tcp option": { - "field": "kind", - "name": "sack-permitted" + "name": "sack-perm" } }, "op": "==", - "right": 1 + "right": true } } ] -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 [ { "match": { "left": { "tcp option": { "field": "length", - "name": "sack-permitted" + "name": "sack-perm" } }, "op": "==", @@ -158,18 +138,17 @@ } ] -# tcp option sack kind 1 +# tcp option sack exists [ { "match": { "left": { "tcp option": { - "field": "kind", "name": "sack" } }, "op": "==", - "right": 1 + "right": true } } ] @@ -350,18 +329,17 @@ } ] -# tcp option timestamp kind 1 +# tcp option timestamp exists [ { "match": { "left": { "tcp option": { - "field": "kind", "name": "timestamp" } }, "op": "==", - "right": 1 + "right": true } } ] @@ -414,6 +392,57 @@ } ] +# tcp option 255 missing +[ + { + "match": { + "left": { + "tcp option": { + "base": 255, + "len": 8, + "offset": 0 + } + }, + "op": "==", + "right": false + } + } +] + +# tcp option 6 exists +[ + { + "match": { + "left": { + "tcp option": { + "base": 6, + "len": 8, + "offset": 0 + } + }, + "op": "==", + "right": true + } + } +] + +# tcp option @255,8,8 255 +[ + { + "match": { + "left": { + "tcp option": { + "base": 255, + "len": 8, + "offset": 8 + } + }, + "op": "==", + "right": 255 + } + } +] + # tcp option window exists [ { @@ -459,3 +488,135 @@ } ] +# tcp option md5sig exists +[ + { + "match": { + "left": { + "tcp option": { + "name": "md5sig" + } + }, + "op": "==", + "right": true + } + } +] + +# tcp option fastopen exists +[ + { + "match": { + "left": { + "tcp option": { + "name": "fastopen" + } + }, + "op": "==", + "right": true + } + } +] + +# tcp option mptcp exists +[ + { + "match": { + "left": { + "tcp option": { + "name": "mptcp" + } + }, + "op": "==", + "right": true + } + } +] + +# tcp option mptcp subtype 0 +[ + { + "match": { + "left": { + "tcp option": { + "field": "subtype", + "name": "mptcp" + } + }, + "op": "==", + "right": 0 + } + } +] + +# tcp option mptcp subtype 1 +[ + { + "match": { + "left": { + "tcp option": { + "field": "subtype", + "name": "mptcp" + } + }, + "op": "==", + "right": 1 + } + } +] + +# tcp option mptcp subtype { 0, 2} +[ + { + "match": { + "left": { + "tcp option": { + "field": "subtype", + "name": "mptcp" + } + }, + "op": "==", + "right": { + "set": [ + 0, + 2 + ] + } + } + } +] + +# reset tcp option mptcp +[ + { + "reset": { + "tcp option": { + "name": "mptcp" + } + } + } +] + +# reset tcp option 2 +[ + { + "reset": { + "tcp option": { + "name": "maxseg" + } + } + } +] + +# reset tcp option 123 +[ + { + "reset": { + "tcp option": { + "base": 123, + "len": 0, + "offset": 0 + } + } + } +] diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload index 63751cf2..99b8985f 100644 --- a/tests/py/any/tcpopt.t.payload +++ b/tests/py/any/tcpopt.t.payload @@ -1,603 +1,202 @@ -# tcp option eol kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option eol kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option eol kind 1 +# tcp option eol exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option noop kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option noop kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ] + [ exthdr load tcpopt 1b @ 0 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option noop kind 1 +# tcp option nop exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ] + [ exthdr load tcpopt 1b @ 1 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option maxseg kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg kind 1 +# tcp option maxseg exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg length 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option maxseg length 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 2 + 1 => reg 1 ] + [ exthdr load tcpopt 1b @ 2 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option maxseg length 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 2 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option maxseg size 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] - -# tcp option maxseg size 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] - -# tcp option maxseg size 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ] [ cmp eq reg 1 0x00000100 ] -# tcp option window kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window kind 1 -inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window length 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window length 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - # tcp option window length 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option window count 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window count 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option window count 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack-permitted kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack-permitted kind 1 +# tcp option sack-perm exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] + [ exthdr load tcpopt 1b @ 4 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted length 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack-permitted length 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack kind 1 +# tcp option sack exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack length 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option sack length 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 5 + 1 => reg 1 ] + [ exthdr load tcpopt 1b @ 5 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option sack length 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 5 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option sack left 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack left 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack left 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack0 left 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack0 left 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack0 left 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack1 left 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 10 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack1 left 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 10 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack1 left 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 10 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack2 left 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 18 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack2 left 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 18 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack2 left 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 18 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack3 left 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 26 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack3 left 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 26 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack3 left 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 26 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack right 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack right 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack right 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack0 right 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack0 right 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack0 right 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack1 right 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 14 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack1 right 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 14 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack1 right 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 14 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack2 right 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 22 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack2 right 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 22 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack2 right 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 22 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option sack3 right 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack3 right 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option sack3 right 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ] [ cmp eq reg 1 0x01000000 ] -# tcp option timestamp kind 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option timestamp kind 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option timestamp kind 1 +# tcp option timestamp exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option timestamp length 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# tcp option timestamp length 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 8 + 1 => reg 1 ] + [ exthdr load tcpopt 1b @ 8 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option timestamp length 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 8 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option timestamp tsval 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 8 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option timestamp tsval 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 8 + 2 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option timestamp tsval 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 8 + 2 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # tcp option timestamp tsecr 1 -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 8 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option timestamp tsecr 1 -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 4b @ 8 + 6 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# tcp option timestamp tsecr 1 inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 4b @ 8 + 6 => reg 1 ] [ cmp eq reg 1 0x01000000 ] -# tcp option window exists -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] - [ cmp eq reg 1 0x00000001 ] +# tcp option 255 missing +inet + [ exthdr load tcpopt 1b @ 255 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000000 ] -# tcp option window exists -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] +# tcp option 6 exists +inet + [ exthdr load tcpopt 1b @ 6 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] +# tcp option @255,8,8 255 +inet + [ exthdr load tcpopt 1b @ 255 + 1 => reg 1 ] + [ cmp eq reg 1 0x000000ff ] + # tcp option window exists inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000001 ] # tcp option window missing -ip - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# tcp option window missing -ip6 - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# tcp option window missing inet - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000000 ] # tcp option maxseg size set 1360 -ip +inet [ immediate reg 1 0x00005005 ] [ exthdr write tcpopt reg 1 => 2b @ 2 + 2 ] -# tcp option maxseg size set 1360 -ip6 - [ immediate reg 1 0x00005005 ] - [ exthdr write tcpopt reg 1 => 2b @ 2 + 2 ] +# tcp option md5sig exists +inet + [ exthdr load tcpopt 1b @ 19 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] -# tcp option maxseg size set 1360 -inet - [ immediate reg 1 0x00005005 ] - [ exthdr write tcpopt reg 1 => 2b @ 2 + 2 ] +# tcp option fastopen exists +inet + [ exthdr load tcpopt 1b @ 34 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# tcp option mptcp exists +inet + [ exthdr load tcpopt 1b @ 30 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# tcp option mptcp subtype 0 +inet + [ exthdr load tcpopt 1b @ 30 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] +# tcp option mptcp subtype 1 +inet + [ exthdr load tcpopt 1b @ 30 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000010 ] + +# tcp option mptcp subtype { 0, 2} +__set%d test-inet 3 size 2 +__set%d test-inet 0 + element 00000000 : 0 [end] element 00000020 : 0 [end] +inet + [ exthdr load tcpopt 1b @ 30 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] + [ lookup reg 1 set __set%d ] + +# reset tcp option mptcp +ip test-ip4 input + [ exthdr reset tcpopt 30 ] + +# reset tcp option 2 +ip test-ip4 input + [ exthdr reset tcpopt 2 ] + +# reset tcp option 123 +ip test-ip4 input + [ exthdr reset tcpopt 123 ] diff --git a/tests/py/arp/arp.t b/tests/py/arp/arp.t index 2540c0a7..222b91cf 100644 --- a/tests/py/arp/arp.t +++ b/tests/py/arp/arp.t @@ -1,9 +1,10 @@ # filter chains available are: input, output, forward :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *arp;test-arp;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress arp htype 1;ok arp htype != 1;ok @@ -13,8 +14,6 @@ arp htype 33-45;ok arp htype != 33-45;ok arp htype { 33, 55, 67, 88};ok arp htype != { 33, 55, 67, 88};ok -arp htype { 33-55};ok -arp htype != { 33-55};ok arp ptype 0x0800;ok;arp ptype ip @@ -24,8 +23,6 @@ arp hlen 33-45;ok arp hlen != 33-45;ok arp hlen { 33, 55, 67, 88};ok arp hlen != { 33, 55, 67, 88};ok -arp hlen { 33-55};ok -arp hlen != { 33-55};ok arp plen 22;ok arp plen != 233;ok @@ -33,8 +30,6 @@ arp plen 33-45;ok arp plen != 33-45;ok arp plen { 33, 55, 67, 88};ok arp plen != { 33, 55, 67, 88};ok -arp plen { 33-55};ok -arp plen != {33-55};ok arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request};ok arp operation != {nak, inreply, inrequest, rreply, rrequest, reply, request};ok @@ -46,7 +41,6 @@ arp operation rreply;ok arp operation inrequest;ok arp operation inreply;ok arp operation nak;ok -arp operation reply;ok arp operation != request;ok arp operation != reply;ok arp operation != rrequest;ok @@ -54,11 +48,13 @@ arp operation != rreply;ok arp operation != inrequest;ok arp operation != inreply;ok arp operation != nak;ok -arp operation != reply;ok arp saddr ip 1.2.3.4;ok arp daddr ip 4.3.2.1;ok arp saddr ether aa:bb:cc:aa:bb:cc;ok arp daddr ether aa:bb:cc:aa:bb:cc;ok +arp saddr ip 192.168.1.1 arp daddr ether fe:ed:00:c0:ff:ee;ok +arp daddr ether fe:ed:00:c0:ff:ee arp saddr ip 192.168.1.1;ok;arp saddr ip 192.168.1.1 arp daddr ether fe:ed:00:c0:ff:ee + meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566;ok;iifname "invalid" arp htype 1 arp ptype ip arp hlen 6 arp plen 4 arp daddr ip 192.168.143.16 arp daddr ether set 11:22:33:44:55:66 diff --git a/tests/py/arp/arp.t.json b/tests/py/arp/arp.t.json index 5f2f6cd8..7ce76095 100644 --- a/tests/py/arp/arp.t.json +++ b/tests/py/arp/arp.t.json @@ -144,46 +144,6 @@ } ] -# arp htype { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "htype", - "protocol": "arp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# arp htype != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "htype", - "protocol": "arp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # arp ptype 0x0800 [ { @@ -314,46 +274,6 @@ } ] -# arp hlen { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "hlen", - "protocol": "arp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# arp hlen != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "hlen", - "protocol": "arp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # arp plen 22 [ { @@ -468,46 +388,6 @@ } ] -# arp plen { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "plen", - "protocol": "arp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# arp plen != {33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "plen", - "protocol": "arp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request} [ { @@ -693,22 +573,6 @@ } ] -# arp operation reply -[ - { - "match": { - "left": { - "payload": { - "field": "operation", - "protocol": "arp" - } - }, - "op": "==", - "right": "reply" - } - } -] - # arp operation != request [ { @@ -821,61 +685,61 @@ } ] -# arp operation != reply +# arp saddr ip 1.2.3.4 [ { "match": { "left": { "payload": { - "field": "operation", + "field": "saddr ip", "protocol": "arp" } }, - "op": "!=", - "right": "reply" + "op": "==", + "right": "1.2.3.4" } } ] -# arp saddr ip 1.2.3.4 +# arp daddr ip 4.3.2.1 [ { "match": { "left": { "payload": { - "field": "saddr ip", + "field": "daddr ip", "protocol": "arp" } }, "op": "==", - "right": "1.2.3.4" + "right": "4.3.2.1" } } ] -# arp daddr ip 4.3.2.1 +# arp saddr ether aa:bb:cc:aa:bb:cc [ { "match": { "left": { "payload": { - "field": "daddr ip", + "field": "saddr ether", "protocol": "arp" } }, "op": "==", - "right": "4.3.2.1" + "right": "aa:bb:cc:aa:bb:cc" } } ] -# arp saddr ether aa:bb:cc:aa:bb:cc +# arp daddr ether aa:bb:cc:aa:bb:cc [ { "match": { "left": { "payload": { - "field": "saddr ether", + "field": "daddr ether", "protocol": "arp" } }, @@ -885,18 +749,58 @@ } ] -# arp daddr ether aa:bb:cc:aa:bb:cc +# arp saddr ip 192.168.1.1 arp daddr ether fe:ed:00:c0:ff:ee [ { "match": { "left": { "payload": { + "field": "saddr ip", + "protocol": "arp" + } + }, + "op": "==", + "right": "192.168.1.1" + } + }, + { + "match": { + "left": { + "payload": { "field": "daddr ether", "protocol": "arp" } }, "op": "==", - "right": "aa:bb:cc:aa:bb:cc" + "right": "fe:ed:00:c0:ff:ee" + } + } +] + +# arp daddr ether fe:ed:00:c0:ff:ee arp saddr ip 192.168.1.1 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr ether", + "protocol": "arp" + } + }, + "op": "==", + "right": "fe:ed:00:c0:ff:ee" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr ip", + "protocol": "arp" + } + }, + "op": "==", + "right": "192.168.1.1" } } ] diff --git a/tests/py/arp/arp.t.json.output b/tests/py/arp/arp.t.json.output index b8507bff..afa75b2e 100644 --- a/tests/py/arp/arp.t.json.output +++ b/tests/py/arp/arp.t.json.output @@ -66,6 +66,34 @@ } ] +# arp daddr ether fe:ed:00:c0:ff:ee arp saddr ip 192.168.1.1 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr ip", + "protocol": "arp" + } + }, + "op": "==", + "right": "192.168.1.1" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr ether", + "protocol": "arp" + } + }, + "op": "==", + "right": "fe:ed:00:c0:ff:ee" + } + } +] + # meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566 [ { diff --git a/tests/py/arp/arp.t.payload b/tests/py/arp/arp.t.payload index 52c99329..d56927b5 100644 --- a/tests/py/arp/arp.t.payload +++ b/tests/py/arp/arp.t.payload @@ -45,22 +45,6 @@ arp test-arp input [ payload load 2b @ network header + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# arp htype { 33-55} -__set%d test-arp 7 -__set%d test-arp 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# arp htype != { 33-55} -__set%d test-arp 7 -__set%d test-arp 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # arp ptype 0x0800 arp test-arp input [ payload load 2b @ network header + 2 => reg 1 ] @@ -103,22 +87,6 @@ arp test-arp input [ payload load 1b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# arp hlen { 33-55} -__set%d test-arp 7 -__set%d test-arp 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# arp hlen != { 33-55} -__set%d test-arp 7 -__set%d test-arp 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # arp plen 22 arp test-arp input [ payload load 1b @ network header + 5 => reg 1 ] @@ -156,22 +124,6 @@ arp test-arp input [ payload load 1b @ network header + 5 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# arp plen { 33-55} -__set%d test-arp 7 -__set%d test-arp 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# arp plen != {33-55} -__set%d test-arp 7 -__set%d test-arp 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request} __set%d test-arp 3 __set%d test-arp 0 @@ -229,11 +181,6 @@ arp test-arp input [ payload load 2b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000a00 ] -# arp operation reply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000200 ] - # arp operation != request arp test-arp input [ payload load 2b @ network header + 6 => reg 1 ] @@ -269,11 +216,6 @@ arp test-arp input [ payload load 2b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x00000a00 ] -# arp operation != reply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000200 ] - # meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566 arp test-arp input [ meta load iifname => reg 1 ] @@ -307,3 +249,13 @@ arp test-arp input [ payload load 6b @ network header + 18 => reg 1 ] [ cmp eq reg 1 0xaaccbbaa 0x0000ccbb ] +# arp saddr ip 192.168.1.1 arp daddr ether fe:ed:00:c0:ff:ee +arp + [ payload load 10b @ network header + 14 => reg 1 ] + [ cmp eq reg 1 0x0101a8c0 0xc000edfe 0x0000eeff ] + +# arp daddr ether fe:ed:00:c0:ff:ee arp saddr ip 192.168.1.1 +arp + [ payload load 10b @ network header + 14 => reg 1 ] + [ cmp eq reg 1 0x0101a8c0 0xc000edfe 0x0000eeff ] + diff --git a/tests/py/arp/arp.t.payload.netdev b/tests/py/arp/arp.t.payload.netdev index 667691ff..92df2400 100644 --- a/tests/py/arp/arp.t.payload.netdev +++ b/tests/py/arp/arp.t.payload.netdev @@ -61,26 +61,6 @@ netdev test-netdev ingress [ payload load 2b @ network header + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# arp htype { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000608 ] - [ payload load 2b @ network header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# arp htype != { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000608 ] - [ payload load 2b @ network header + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # arp ptype 0x0800 netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -137,26 +117,6 @@ netdev test-netdev ingress [ payload load 1b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# arp hlen { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000608 ] - [ payload load 1b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# arp hlen != { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000608 ] - [ payload load 1b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # arp plen 22 netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -206,26 +166,6 @@ netdev test-netdev ingress [ payload load 1b @ network header + 5 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# arp plen { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000608 ] - [ payload load 1b @ network header + 5 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# arp plen != {33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000608 ] - [ payload load 1b @ network header + 5 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request} __set%d test-netdev 3 __set%d test-netdev 0 @@ -303,13 +243,6 @@ netdev test-netdev ingress [ payload load 2b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000a00 ] -# arp operation reply -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000608 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000200 ] - # arp operation != request netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -359,13 +292,6 @@ netdev test-netdev ingress [ payload load 2b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x00000a00 ] -# arp operation != reply -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000608 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000200 ] - # meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566 netdev test-netdev ingress [ meta load iifname => reg 1 ] @@ -409,3 +335,17 @@ netdev test-netdev ingress [ payload load 6b @ network header + 18 => reg 1 ] [ cmp eq reg 1 0xaaccbbaa 0x0000ccbb ] +# arp saddr ip 192.168.1.1 arp daddr ether fe:ed:00:c0:ff:ee +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000608 ] + [ payload load 10b @ network header + 14 => reg 1 ] + [ cmp eq reg 1 0x0101a8c0 0xc000edfe 0x0000eeff ] + +# arp daddr ether fe:ed:00:c0:ff:ee arp saddr ip 192.168.1.1 +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000608 ] + [ payload load 10b @ network header + 14 => reg 1 ] + [ cmp eq reg 1 0x0101a8c0 0xc000edfe 0x0000eeff ] + diff --git a/tests/py/bridge/meta.t b/tests/py/bridge/meta.t index 94525f29..171aa610 100644 --- a/tests/py/bridge/meta.t +++ b/tests/py/bridge/meta.t @@ -4,5 +4,10 @@ meta obrname "br0";ok meta ibrname "br0";ok -meta ibrvproto vlan;ok +meta ibrvproto vlan;ok;meta ibrvproto 8021q meta ibrpvid 100;ok + +meta protocol ip udp dport 67;ok +meta protocol ip6 udp dport 67;ok + +meta broute set 1;fail diff --git a/tests/py/bridge/meta.t.json b/tests/py/bridge/meta.t.json index a7a180c2..d7dc9d7b 100644 --- a/tests/py/bridge/meta.t.json +++ b/tests/py/bridge/meta.t.json @@ -32,7 +32,7 @@ "meta": { "key": "ibrvproto" } }, "op": "==", - "right": "vlan" + "right": "8021q" } } ] @@ -49,3 +49,57 @@ } } ] + +# meta protocol ip udp dport 67 +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] + +# meta protocol ip6 udp dport 67 +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] diff --git a/tests/py/bridge/meta.t.payload b/tests/py/bridge/meta.t.payload index aa8c994b..0a39842a 100644 --- a/tests/py/bridge/meta.t.payload +++ b/tests/py/bridge/meta.t.payload @@ -17,3 +17,21 @@ bridge test-bridge input bridge test-bridge input [ meta load bri_iifpvid => reg 1 ] [ cmp eq reg 1 0x00000064 ] + +# meta protocol ip udp dport 67 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00004300 ] + +# meta protocol ip6 udp dport 67 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00004300 ] diff --git a/tests/py/bridge/redirect.t b/tests/py/bridge/redirect.t new file mode 100644 index 00000000..5181e799 --- /dev/null +++ b/tests/py/bridge/redirect.t @@ -0,0 +1,5 @@ +:prerouting;type filter hook prerouting priority 0 + +*bridge;test-bridge;prerouting + +meta broute set 1;ok diff --git a/tests/py/bridge/redirect.t.json b/tests/py/bridge/redirect.t.json new file mode 100644 index 00000000..7e32b329 --- /dev/null +++ b/tests/py/bridge/redirect.t.json @@ -0,0 +1,12 @@ +# meta broute set 1 +[ + { + "mangle": { + "key": { + "meta": { "key": "broute" } + }, + "value": 1 + } + } +] + diff --git a/tests/py/bridge/redirect.t.payload b/tests/py/bridge/redirect.t.payload new file mode 100644 index 00000000..1fcfa5f1 --- /dev/null +++ b/tests/py/bridge/redirect.t.payload @@ -0,0 +1,4 @@ +# meta broute set 1 +bridge test-bridge prerouting + [ immediate reg 1 0x00000001 ] + [ meta set broute with reg 1 ] diff --git a/tests/py/bridge/reject.t b/tests/py/bridge/reject.t index f5ed2038..336b51bb 100644 --- a/tests/py/bridge/reject.t +++ b/tests/py/bridge/reject.t @@ -3,40 +3,40 @@ *bridge;test-bridge;input # The output is specific for bridge family -reject with icmp type host-unreachable;ok -reject with icmp type net-unreachable;ok -reject with icmp type prot-unreachable;ok -reject with icmp type port-unreachable;ok -reject with icmp type net-prohibited;ok -reject with icmp type host-prohibited;ok -reject with icmp type admin-prohibited;ok - -reject with icmpv6 type no-route;ok -reject with icmpv6 type admin-prohibited;ok -reject with icmpv6 type addr-unreachable;ok -reject with icmpv6 type port-unreachable;ok +reject with icmp host-unreachable;ok +reject with icmp net-unreachable;ok +reject with icmp prot-unreachable;ok +reject with icmp port-unreachable;ok +reject with icmp net-prohibited;ok +reject with icmp host-prohibited;ok +reject with icmp admin-prohibited;ok + +reject with icmpv6 no-route;ok +reject with icmpv6 admin-prohibited;ok +reject with icmpv6 addr-unreachable;ok +reject with icmpv6 port-unreachable;ok mark 12345 ip protocol tcp reject with tcp reset;ok;meta mark 0x00003039 ip protocol 6 reject with tcp reset reject;ok -ether type ip reject;ok;reject with icmp type port-unreachable -ether type ip6 reject;ok;reject with icmpv6 type port-unreachable - -reject with icmpx type host-unreachable;ok -reject with icmpx type no-route;ok -reject with icmpx type admin-prohibited;ok -reject with icmpx type port-unreachable;ok;reject - -ether type ipv6 reject with icmp type host-unreachable;fail -ether type ip6 reject with icmp type host-unreachable;fail -ether type ip reject with icmpv6 type no-route;fail -ether type vlan reject;ok +ether type ip reject;ok;reject with icmp port-unreachable +ether type ip6 reject;ok;reject with icmpv6 port-unreachable + +reject with icmpx host-unreachable;ok +reject with icmpx no-route;ok +reject with icmpx admin-prohibited;ok +reject with icmpx port-unreachable;ok;reject + +ether type ipv6 reject with icmp host-unreachable;fail +ether type ip6 reject with icmp host-unreachable;fail +ether type ip reject with icmpv6 no-route;fail +ether type vlan reject;ok;ether type 8021q reject ether type arp reject;fail -ether type vlan reject with tcp reset;ok +ether type vlan reject with tcp reset;ok;meta l4proto 6 ether type 8021q reject with tcp reset ether type arp reject with tcp reset;fail ip protocol udp reject with tcp reset;fail -ether type ip reject with icmpx type admin-prohibited;ok -ether type ip6 reject with icmpx type admin-prohibited;ok -ether type vlan reject with icmpx type admin-prohibited;ok -ether type arp reject with icmpx type admin-prohibited;fail +ether type ip reject with icmpx admin-prohibited;ok +ether type ip6 reject with icmpx admin-prohibited;ok +ether type 8021q reject with icmpx admin-prohibited;ok +ether type arp reject with icmpx admin-prohibited;fail diff --git a/tests/py/bridge/reject.t.json b/tests/py/bridge/reject.t.json index d20a1d8b..9f9e6c1e 100644 --- a/tests/py/bridge/reject.t.json +++ b/tests/py/bridge/reject.t.json @@ -1,4 +1,4 @@ -# reject with icmp type host-unreachable +# reject with icmp host-unreachable [ { "reject": { @@ -8,7 +8,7 @@ } ] -# reject with icmp type net-unreachable +# reject with icmp net-unreachable [ { "reject": { @@ -18,7 +18,7 @@ } ] -# reject with icmp type prot-unreachable +# reject with icmp prot-unreachable [ { "reject": { @@ -28,7 +28,7 @@ } ] -# reject with icmp type port-unreachable +# reject with icmp port-unreachable [ { "reject": { @@ -38,7 +38,7 @@ } ] -# reject with icmp type net-prohibited +# reject with icmp net-prohibited [ { "reject": { @@ -48,7 +48,7 @@ } ] -# reject with icmp type host-prohibited +# reject with icmp host-prohibited [ { "reject": { @@ -58,7 +58,7 @@ } ] -# reject with icmp type admin-prohibited +# reject with icmp admin-prohibited [ { "reject": { @@ -68,7 +68,7 @@ } ] -# reject with icmpv6 type no-route +# reject with icmpv6 no-route [ { "reject": { @@ -78,7 +78,7 @@ } ] -# reject with icmpv6 type admin-prohibited +# reject with icmpv6 admin-prohibited [ { "reject": { @@ -88,7 +88,7 @@ } ] -# reject with icmpv6 type addr-unreachable +# reject with icmpv6 addr-unreachable [ { "reject": { @@ -98,7 +98,7 @@ } ] -# reject with icmpv6 type port-unreachable +# reject with icmpv6 port-unreachable [ { "reject": { @@ -183,7 +183,7 @@ } ] -# reject with icmpx type host-unreachable +# reject with icmpx host-unreachable [ { "reject": { @@ -193,7 +193,7 @@ } ] -# reject with icmpx type no-route +# reject with icmpx no-route [ { "reject": { @@ -203,7 +203,7 @@ } ] -# reject with icmpx type admin-prohibited +# reject with icmpx admin-prohibited [ { "reject": { @@ -213,7 +213,7 @@ } ] -# reject with icmpx type port-unreachable +# reject with icmpx port-unreachable [ { "reject": { @@ -223,7 +223,7 @@ } ] -# ether type ip reject with icmpx type admin-prohibited +# ether type ip reject with icmpx admin-prohibited [ { "match": { @@ -245,7 +245,7 @@ } ] -# ether type ip6 reject with icmpx type admin-prohibited +# ether type ip6 reject with icmpx admin-prohibited [ { "match": { @@ -267,3 +267,75 @@ } ] +# ether type vlan reject with tcp reset +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 6 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021q" + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + +# ether type vlan reject +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "vlan" + } + }, + { + "reject": null + } +] + +# ether type 8021q reject with icmpx admin-prohibited +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021q" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] diff --git a/tests/py/bridge/reject.t.json.output b/tests/py/bridge/reject.t.json.output index 4f83f803..b8a44f0e 100644 --- a/tests/py/bridge/reject.t.json.output +++ b/tests/py/bridge/reject.t.json.output @@ -1,103 +1,3 @@ -# reject with icmp type host-unreachable -[ - { - "reject": { - "expr": "host-unreachable", - "type": "icmp" - } - } -] - -# reject with icmp type net-unreachable -[ - { - "reject": { - "expr": "net-unreachable", - "type": "icmp" - } - } -] - -# reject with icmp type prot-unreachable -[ - { - "reject": { - "expr": "prot-unreachable", - "type": "icmp" - } - } -] - -# reject with icmp type net-prohibited -[ - { - "reject": { - "expr": "net-prohibited", - "type": "icmp" - } - } -] - -# reject with icmp type host-prohibited -[ - { - "reject": { - "expr": "host-prohibited", - "type": "icmp" - } - } -] - -# reject with icmp type admin-prohibited -[ - { - "reject": { - "expr": "admin-prohibited", - "type": "icmp" - } - } -] - -# reject with icmpv6 type no-route -[ - { - "reject": { - "expr": "no-route", - "type": "icmpv6" - } - } -] - -# reject with icmpv6 type admin-prohibited -[ - { - "reject": { - "expr": "admin-prohibited", - "type": "icmpv6" - } - } -] - -# reject with icmpv6 type addr-unreachable -[ - { - "reject": { - "expr": "addr-unreachable", - "type": "icmpv6" - } - } -] - -# reject with icmpv6 type port-unreachable -[ - { - "reject": { - "expr": "port-unreachable", - "type": "icmpv6" - } - } -] - # mark 12345 ip protocol tcp reject with tcp reset [ { @@ -130,10 +30,13 @@ } ] -# reject with icmpx type port-unreachable +# reject [ { - "reject": null + "reject": { + "expr": "port-unreachable", + "type": "icmpx" + } } ] @@ -156,3 +59,25 @@ } } ] + +# ether type vlan reject +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021q" + } + }, + { + "reject": { + "expr": "port-unreachable", + "type": "icmpx" + } + } +] diff --git a/tests/py/bridge/reject.t.payload b/tests/py/bridge/reject.t.payload index 7deb6fbf..bad9adc0 100644 --- a/tests/py/bridge/reject.t.payload +++ b/tests/py/bridge/reject.t.payload @@ -1,64 +1,64 @@ -# reject with icmp type host-unreachable +# reject with icmp host-unreachable bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ reject type 0 code 1 ] -# reject with icmp type net-unreachable +# reject with icmp net-unreachable bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ reject type 0 code 0 ] -# reject with icmp type prot-unreachable +# reject with icmp prot-unreachable bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ reject type 0 code 2 ] -# reject with icmp type port-unreachable +# reject with icmp port-unreachable bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ reject type 0 code 3 ] -# reject with icmp type net-prohibited +# reject with icmp net-prohibited bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ reject type 0 code 9 ] -# reject with icmp type host-prohibited +# reject with icmp host-prohibited bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ reject type 0 code 10 ] -# reject with icmp type admin-prohibited +# reject with icmp admin-prohibited bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ reject type 0 code 13 ] -# reject with icmpv6 type no-route +# reject with icmpv6 no-route bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] [ reject type 0 code 0 ] -# reject with icmpv6 type admin-prohibited +# reject with icmpv6 admin-prohibited bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] [ reject type 0 code 1 ] -# reject with icmpv6 type addr-unreachable +# reject with icmpv6 addr-unreachable bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] [ reject type 0 code 3 ] -# reject with icmpv6 type port-unreachable +# reject with icmpv6 port-unreachable bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -90,29 +90,29 @@ bridge test-bridge input [ cmp eq reg 1 0x0000dd86 ] [ reject type 0 code 4 ] -# reject with icmpx type host-unreachable +# reject with icmpx host-unreachable bridge test-bridge input [ reject type 2 code 2 ] -# reject with icmpx type no-route +# reject with icmpx no-route bridge test-bridge input [ reject type 2 code 0 ] -# reject with icmpx type admin-prohibited +# reject with icmpx admin-prohibited bridge test-bridge input [ reject type 2 code 3 ] -# reject with icmpx type port-unreachable +# reject with icmpx port-unreachable bridge test-bridge input [ reject type 2 code 1 ] -# ether type ip reject with icmpx type admin-prohibited +# ether type ip reject with icmpx admin-prohibited bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ reject type 2 code 3 ] -# ether type ip6 reject with icmpx type admin-prohibited +# ether type ip6 reject with icmpx admin-prohibited bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -132,7 +132,7 @@ bridge [ cmp eq reg 1 0x00000081 ] [ reject type 1 code 0 ] -# ether type vlan reject with icmpx type admin-prohibited +# ether type 8021q reject with icmpx admin-prohibited bridge [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] diff --git a/tests/py/bridge/vlan.t b/tests/py/bridge/vlan.t index 7a52a502..8fa90dac 100644 --- a/tests/py/bridge/vlan.t +++ b/tests/py/bridge/vlan.t @@ -1,27 +1,29 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *bridge;test-bridge;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress vlan id 4094;ok vlan id 0;ok # bad vlan id vlan id 4096;fail -vlan id 4094 vlan cfi 0;ok -vlan id 4094 vlan cfi != 1;ok -vlan id 4094 vlan cfi 1;ok -# bad cfi -vlan id 4094 vlan cfi 2;fail -vlan id 4094 vlan cfi 1 vlan pcp 8;fail -vlan id 4094 vlan cfi 1 vlan pcp 7;ok -vlan id 4094 vlan cfi 1 vlan pcp 3;ok +vlan id 4094 vlan dei 0;ok +vlan id 4094 vlan dei 1;ok +vlan id 4094 vlan dei != 1;ok +vlan id 4094 vlan cfi 1;ok;vlan id 4094 vlan dei 1 +# bad dei +vlan id 4094 vlan dei 2;fail +vlan id 4094 vlan dei 1 vlan pcp 8;fail +vlan id 4094 vlan dei 1 vlan pcp 7;ok +vlan id 4094 vlan dei 1 vlan pcp 3;ok ether type vlan vlan id 4094;ok;vlan id 4094 ether type vlan vlan id 0;ok;vlan id 0 -ether type vlan vlan id 4094 vlan cfi 0;ok;vlan id 4094 vlan cfi 0 -ether type vlan vlan id 4094 vlan cfi 1;ok;vlan id 4094 vlan cfi 1 -ether type vlan vlan id 4094 vlan cfi 2;fail +ether type vlan vlan id 4094 vlan dei 0;ok;vlan id 4094 vlan dei 0 +ether type vlan vlan id 4094 vlan dei 1;ok;vlan id 4094 vlan dei 1 +ether type vlan vlan id 4094 vlan dei 2;fail vlan id 4094 tcp dport 22;ok vlan id 1 ip saddr 10.0.0.1;ok @@ -32,8 +34,23 @@ ether type vlan vlan id 1 ip saddr 10.0.0.0/23 udp dport 53;ok;vlan id 1 ip sadd vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3;ok vlan id { 1, 2, 4, 100, 4096 };fail -ether type vlan ip protocol 1 accept;ok +ether type vlan ip protocol 1 accept;ok;ether type 8021q ip protocol 1 accept + +# IEEE 802.1AD +ether type 8021ad vlan id 1 ip protocol 6 accept;ok +ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 vlan type ip counter;ok +ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 vlan type ip ip protocol 6;ok;ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 ip protocol 6 # illegal dependencies ether type ip vlan id 1;fail ether type ip vlan id 1 ip saddr 10.0.0.1;fail + +# mangling +vlan id 1 vlan id set 2;ok + +ether saddr 00:01:02:03:04:05 vlan id 1;ok +vlan id 2 ether saddr 0:1:2:3:4:6;ok;ether saddr 00:01:02:03:04:06 vlan id 2 + +ether saddr . vlan id { 0a:0b:0c:0d:0e:0f . 42, 0a:0b:0c:0d:0e:0f . 4095 };ok + +ether saddr 00:11:22:33:44:55 counter ether type 8021q;ok diff --git a/tests/py/bridge/vlan.t.json b/tests/py/bridge/vlan.t.json index 3fb2e4f7..7dfcdb4b 100644 --- a/tests/py/bridge/vlan.t.json +++ b/tests/py/bridge/vlan.t.json @@ -30,7 +30,7 @@ } ] -# vlan id 4094 vlan cfi 0 +# vlan id 4094 vlan dei 0 [ { "match": { @@ -48,7 +48,7 @@ "match": { "left": { "payload": { - "field": "cfi", + "field": "dei", "protocol": "vlan" } }, @@ -58,7 +58,7 @@ } ] -# vlan id 4094 vlan cfi != 1 +# vlan id 4094 vlan dei 1 [ { "match": { @@ -76,7 +76,35 @@ "match": { "left": { "payload": { - "field": "cfi", + "field": "dei", + "protocol": "vlan" + } + }, + "op": "==", + "right": 1 + } + } +] + +# vlan id 4094 vlan dei != 1 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 4094 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dei", "protocol": "vlan" } }, @@ -104,7 +132,7 @@ "match": { "left": { "payload": { - "field": "cfi", + "field": "dei", "protocol": "vlan" } }, @@ -114,7 +142,7 @@ } ] -# vlan id 4094 vlan cfi 1 vlan pcp 7 +# vlan id 4094 vlan dei 1 vlan pcp 7 [ { "match": { @@ -132,7 +160,7 @@ "match": { "left": { "payload": { - "field": "cfi", + "field": "dei", "protocol": "vlan" } }, @@ -154,7 +182,7 @@ } ] -# vlan id 4094 vlan cfi 1 vlan pcp 3 +# vlan id 4094 vlan dei 1 vlan pcp 3 [ { "match": { @@ -172,7 +200,7 @@ "match": { "left": { "payload": { - "field": "cfi", + "field": "dei", "protocol": "vlan" } }, @@ -226,7 +254,7 @@ } ] -# ether type vlan vlan id 4094 vlan cfi 0 +# ether type vlan vlan id 4094 vlan dei 0 [ { "match": { @@ -244,7 +272,7 @@ "match": { "left": { "payload": { - "field": "cfi", + "field": "dei", "protocol": "vlan" } }, @@ -254,7 +282,7 @@ } ] -# ether type vlan vlan id 4094 vlan cfi 1 +# ether type vlan vlan id 4094 vlan dei 1 [ { "match": { @@ -272,7 +300,7 @@ "match": { "left": { "payload": { - "field": "cfi", + "field": "dei", "protocol": "vlan" } }, @@ -530,3 +558,337 @@ } ] +# ether type 8021ad vlan id 1 ip protocol 6 accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021ad" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "protocol", + "protocol": "ip" + } + }, + "op": "==", + "right": "tcp" + } + }, + { + "accept": null + } +] + +# ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 vlan type ip counter +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021ad" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "vlan" + } + }, + "op": "==", + "right": "8021q" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 2 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "vlan" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "counter": { + "bytes": 0, + "packets": 0 + } + } +] + +# ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 vlan type ip ip protocol 6 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021ad" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "vlan" + } + }, + "op": "==", + "right": "8021q" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 2 + } + }, + { + "match": { + "left": { + "payload": { + "field": "protocol", + "protocol": "ip" + } + }, + "op": "==", + "right": "tcp" + } + } +] + +# vlan id 1 vlan id set 2 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 1 + } + }, + { + "mangle": { + "key": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "value": 2 + } + } +] + +# ether saddr 00:01:02:03:04:05 vlan id 1 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + "op": "==", + "right": "00:01:02:03:04:05" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 1 + } + } +] + +# vlan id 2 ether saddr 0:1:2:3:4:6 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + "op": "==", + "right": "00:01:02:03:04:06" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 2 + } + } +] + +# ether saddr . vlan id { 0a:0b:0c:0d:0e:0f . 42, 0a:0b:0c:0d:0e:0f . 4095 } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + { + "payload": { + "field": "id", + "protocol": "vlan" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "0a:0b:0c:0d:0e:0f", + 42 + ] + }, + { + "concat": [ + "0a:0b:0c:0d:0e:0f", + 4095 + ] + } + ] + } + } + } +] + +# ether saddr 00:11:22:33:44:55 counter ether type 8021q +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + "op": "==", + "right": "00:11:22:33:44:55" + } + }, + { + "counter": { + "bytes": 0, + "packets": 0 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021q" + } + } +] diff --git a/tests/py/bridge/vlan.t.json.output b/tests/py/bridge/vlan.t.json.output index 8f27ec0e..eea2d411 100644 --- a/tests/py/bridge/vlan.t.json.output +++ b/tests/py/bridge/vlan.t.json.output @@ -9,7 +9,7 @@ } }, "op": "==", - "right": "vlan" + "right": "8021q" } }, { @@ -29,3 +29,207 @@ } ] +# ether type 8021ad vlan id 1 ip protocol 6 accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021ad" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "protocol", + "protocol": "ip" + } + }, + "op": "==", + "right": 6 + } + }, + { + "accept": null + } +] + +# ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 vlan type ip counter +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021ad" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "vlan" + } + }, + "op": "==", + "right": "8021q" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 2 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "vlan" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "counter": null + } +] + +# ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 vlan type ip ip protocol 6 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021ad" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "vlan" + } + }, + "op": "==", + "right": "8021q" + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 2 + } + }, + { + "match": { + "left": { + "payload": { + "field": "protocol", + "protocol": "ip" + } + }, + "op": "==", + "right": 6 + } + } +] + +# ether saddr 00:11:22:33:44:55 counter ether type 8021q +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + "op": "==", + "right": "00:11:22:33:44:55" + } + }, + { + "counter": null + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "ether" + } + }, + "op": "==", + "right": "8021q" + } + } +] diff --git a/tests/py/bridge/vlan.t.payload b/tests/py/bridge/vlan.t.payload index bb8925e3..2592bb96 100644 --- a/tests/py/bridge/vlan.t.payload +++ b/tests/py/bridge/vlan.t.payload @@ -3,7 +3,7 @@ bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] # vlan id 0 @@ -11,40 +11,51 @@ bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] -# vlan id 4094 vlan cfi 0 +# vlan id 4094 vlan cfi 1 +bridge + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000010 ] + +# vlan id 4094 vlan dei 0 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] -# vlan id 4094 vlan cfi != 1 +# vlan id 4094 vlan dei != 1 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000010 ] -# vlan id 4094 vlan cfi 1 +# vlan id 4094 vlan dei 1 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000010 ] # ether type vlan vlan id 4094 @@ -52,7 +63,7 @@ bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] # ether type vlan vlan id 0 @@ -60,29 +71,29 @@ bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] -# ether type vlan vlan id 4094 vlan cfi 0 +# ether type vlan vlan id 4094 vlan dei 0 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] -# ether type vlan vlan id 4094 vlan cfi 1 +# ether type vlan vlan id 4094 vlan dei 1 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000010 ] # vlan id 4094 tcp dport 22 @@ -90,7 +101,7 @@ bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -102,7 +113,7 @@ bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000100 ] [ payload load 2b @ link header + 16 => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -114,12 +125,12 @@ bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000100 ] [ payload load 2b @ link header + 16 => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00feffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000a ] # vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 @@ -127,12 +138,12 @@ bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000100 ] [ payload load 2b @ link header + 16 => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00feffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000a ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000011 ] @@ -144,44 +155,44 @@ bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000100 ] [ payload load 2b @ link header + 16 => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00feffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000a ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] -# vlan id 4094 vlan cfi 1 vlan pcp 7 +# vlan id 4094 vlan dei 1 vlan pcp 7 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000010 ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000e0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000e0 ] -# vlan id 4094 vlan cfi 1 vlan pcp 3 +# vlan id 4094 vlan dei 1 vlan pcp 3 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000010 ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000e0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000060 ] # vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3 @@ -192,10 +203,10 @@ bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000e0 ) ^ 0x00000000 ] [ cmp gte reg 1 0x00000020 ] [ cmp lte reg 1 0x00000060 ] @@ -209,3 +220,95 @@ bridge test-bridge input [ cmp eq reg 1 0x00000001 ] [ immediate reg 0 accept ] +# ether type 8021ad vlan id 1 ip protocol 6 accept +bridge + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000a888 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 0 accept ] + +# ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 vlan type ip counter +bridge + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000a888 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 18 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000200 ] + [ payload load 2b @ link header + 20 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ counter pkts 0 bytes 0 ] + +# ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 vlan type ip ip protocol 6 +bridge + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000a888 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 18 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000200 ] + [ payload load 2b @ link header + 20 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + +# vlan id 1 vlan id set 2 +bridge + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000200 ] + [ payload write reg 1 => 2b @ link header + 14 csum_type 0 csum_off 0 csum_flags 0x0 ] + +# ether saddr 00:01:02:03:04:05 vlan id 1 +bridge test-bridge input + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x03020100 0x00810504 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + +# vlan id 2 ether saddr 0:1:2:3:4:6 +bridge test-bridge input + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x03020100 0x00810604 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000200 ] + +# ether saddr . vlan id { 0a:0b:0c:0d:0e:0f . 42, 0a:0b:0c:0d:0e:0f . 4095 } +__set%d test-bridge 3 size 2 +__set%d test-bridge 0 + element 0d0c0b0a 00000f0e 00002a00 : 0 [end] element 0d0c0b0a 00000f0e 0000ff0f : 0 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ payload load 2b @ link header + 14 => reg 10 ] + [ bitwise reg 10 = ( reg 10 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set __set%d ] + +# ether saddr 00:11:22:33:44:55 counter ether type 8021q +bridge test-bridge input + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x33221100 0x00005544 ] + [ counter pkts 0 bytes 0 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] diff --git a/tests/py/bridge/vlan.t.payload.netdev b/tests/py/bridge/vlan.t.payload.netdev index 0a3f90a5..f3341947 100644 --- a/tests/py/bridge/vlan.t.payload.netdev +++ b/tests/py/bridge/vlan.t.payload.netdev @@ -5,7 +5,7 @@ netdev test-netdev ingress [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] # vlan id 0 @@ -15,46 +15,59 @@ netdev test-netdev ingress [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] -# vlan id 4094 vlan cfi 0 +# vlan id 4094 vlan dei 0 netdev test-netdev ingress [ meta load iiftype => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] -# vlan id 4094 vlan cfi != 1 +# vlan id 4094 vlan dei != 1 netdev test-netdev ingress [ meta load iiftype => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000010 ] # vlan id 4094 vlan cfi 1 +netdev + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000010 ] + +# vlan id 4094 vlan dei 1 netdev test-netdev ingress [ meta load iiftype => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000010 ] # ether type vlan vlan id 4094 @@ -64,7 +77,7 @@ netdev test-netdev ingress [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] # ether type vlan vlan id 0 @@ -74,33 +87,33 @@ netdev test-netdev ingress [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] -# ether type vlan vlan id 4094 vlan cfi 0 +# ether type vlan vlan id 4094 vlan dei 0 netdev test-netdev ingress [ meta load iiftype => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] -# ether type vlan vlan id 4094 vlan cfi 1 +# ether type vlan vlan id 4094 vlan dei 1 netdev test-netdev ingress [ meta load iiftype => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000010 ] # vlan id 4094 tcp dport 22 @@ -110,7 +123,7 @@ netdev test-netdev ingress [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -124,7 +137,7 @@ netdev test-netdev ingress [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000100 ] [ payload load 2b @ link header + 16 => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -138,12 +151,12 @@ netdev test-netdev ingress [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000100 ] [ payload load 2b @ link header + 16 => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00feffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000a ] # vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 @@ -153,12 +166,12 @@ netdev test-netdev ingress [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000100 ] [ payload load 2b @ link header + 16 => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00feffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000a ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000011 ] @@ -172,48 +185,48 @@ netdev test-netdev ingress [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000100 ] [ payload load 2b @ link header + 16 => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00feffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000a ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] -# vlan id 4094 vlan cfi 1 vlan pcp 7 +# vlan id 4094 vlan dei 1 vlan pcp 7 netdev test-netdev ingress [ meta load iiftype => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000010 ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000e0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000e0 ] -# vlan id 4094 vlan cfi 1 vlan pcp 3 +# vlan id 4094 vlan dei 1 vlan pcp 3 netdev test-netdev ingress [ meta load iiftype => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000fe0f ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000010 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000010 ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000e0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000060 ] # vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3 @@ -226,10 +239,10 @@ netdev test-netdev ingress [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000e0 ) ^ 0x00000000 ] [ cmp gte reg 1 0x00000020 ] [ cmp lte reg 1 0x00000060 ] @@ -245,3 +258,111 @@ netdev test-netdev ingress [ cmp eq reg 1 0x00000001 ] [ immediate reg 0 accept ] +# ether type 8021ad vlan id 1 ip protocol 6 accept +netdev + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000a888 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 0 accept ] + +# ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 vlan type ip counter +netdev + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000a888 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 18 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000200 ] + [ payload load 2b @ link header + 20 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ counter pkts 0 bytes 0 ] + +# ether type 8021ad vlan id 1 vlan type 8021q vlan id 2 vlan type ip ip protocol 6 +netdev + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000a888 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 18 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000200 ] + [ payload load 2b @ link header + 20 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + +# vlan id 1 vlan id set 2 +netdev + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000200 ] + [ payload write reg 1 => 2b @ link header + 14 csum_type 0 csum_off 0 csum_flags 0x0 ] + +# vlan id 2 ether saddr 0:1:2:3:4:6 +netdev test-netdev ingress + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x03020100 0x00810604 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000200 ] + +# ether saddr 00:01:02:03:04:05 vlan id 1 +netdev test-netdev ingress + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x03020100 0x00810504 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + +# ether saddr . vlan id { 0a:0b:0c:0d:0e:0f . 42, 0a:0b:0c:0d:0e:0f . 4095 } +__set%d test-netdev 3 size 2 +__set%d test-netdev 0 + element 0d0c0b0a 00000f0e 00002a00 : 0 [end] element 0d0c0b0a 00000f0e 0000ff0f : 0 [end] +netdev test-netdev ingress + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ payload load 2b @ link header + 14 => reg 10 ] + [ bitwise reg 10 = ( reg 10 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set __set%d ] + +# ether saddr 00:11:22:33:44:55 counter ether type 8021q +bridge test-bridge input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x33221100 0x00005544 ] + [ counter pkts 0 bytes 0 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] diff --git a/tests/py/inet/ah.t b/tests/py/inet/ah.t index 8544d9dd..83b6202b 100644 --- a/tests/py/inet/ah.t +++ b/tests/py/inet/ah.t @@ -1,12 +1,11 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input -*netdev;test-netdev;ingress - -# nexthdr Bug to list table. +*netdev;test-netdev;ingress,egress - ah nexthdr esp;ok - ah nexthdr ah;ok @@ -22,8 +21,6 @@ ah hdrlength 11-23;ok ah hdrlength != 11-23;ok -ah hdrlength { 11-23};ok -ah hdrlength != { 11-23};ok ah hdrlength {11, 23, 44 };ok ah hdrlength != {11, 23, 44 };ok @@ -33,8 +30,6 @@ ah reserved 33-45;ok ah reserved != 33-45;ok ah reserved {23, 100};ok ah reserved != {23, 100};ok -ah reserved { 33-55};ok -ah reserved != { 33-55};ok ah spi 111;ok ah spi != 111;ok @@ -42,15 +37,11 @@ ah spi 111-222;ok ah spi != 111-222;ok ah spi {111, 122};ok ah spi != {111, 122};ok -ah spi { 111-122};ok -ah spi != { 111-122};ok # sequence ah sequence 123;ok ah sequence != 123;ok ah sequence {23, 25, 33};ok ah sequence != {23, 25, 33};ok -ah sequence { 23-33};ok -ah sequence != { 23-33};ok ah sequence 23-33;ok ah sequence != 23-33;ok diff --git a/tests/py/inet/ah.t.json b/tests/py/inet/ah.t.json index 4efdb0dd..217280b6 100644 --- a/tests/py/inet/ah.t.json +++ b/tests/py/inet/ah.t.json @@ -34,46 +34,6 @@ } ] -# ah hdrlength { 11-23} -[ - { - "match": { - "left": { - "payload": { - "field": "hdrlength", - "protocol": "ah" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 11, 23 ] } - ] - } - } - } -] - -# ah hdrlength != { 11-23} -[ - { - "match": { - "left": { - "payload": { - "field": "hdrlength", - "protocol": "ah" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 11, 23 ] } - ] - } - } - } -] - # ah hdrlength {11, 23, 44 } [ { @@ -228,46 +188,6 @@ } ] -# ah reserved { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "reserved", - "protocol": "ah" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# ah reserved != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "reserved", - "protocol": "ah" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # ah spi 111 [ { @@ -378,46 +298,6 @@ } ] -# ah spi { 111-122} -[ - { - "match": { - "left": { - "payload": { - "field": "spi", - "protocol": "ah" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 111, 122 ] } - ] - } - } - } -] - -# ah spi != { 111-122} -[ - { - "match": { - "left": { - "payload": { - "field": "spi", - "protocol": "ah" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 111, 122 ] } - ] - } - } - } -] - # ah sequence 123 [ { @@ -494,46 +374,6 @@ } ] -# ah sequence { 23-33} -[ - { - "match": { - "left": { - "payload": { - "field": "sequence", - "protocol": "ah" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 23, 33 ] } - ] - } - } - } -] - -# ah sequence != { 23-33} -[ - { - "match": { - "left": { - "payload": { - "field": "sequence", - "protocol": "ah" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 23, 33 ] } - ] - } - } - } -] - # ah sequence 23-33 [ { diff --git a/tests/py/inet/ah.t.payload b/tests/py/inet/ah.t.payload index 5ec5fba1..7ddd72d5 100644 --- a/tests/py/inet/ah.t.payload +++ b/tests/py/inet/ah.t.payload @@ -13,26 +13,6 @@ inet test-inet input [ payload load 1b @ transport header + 1 => reg 1 ] [ range neq reg 1 0x0000000b 0x00000017 ] -# ah hdrlength { 11-23} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ah hdrlength != { 11-23} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ah hdrlength {11, 23, 44 } __set%d test-inet 3 __set%d test-inet 0 @@ -102,26 +82,6 @@ inet test-inet input [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ah reserved { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ah reserved != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ah spi 111 inet test-inet input [ meta load l4proto => reg 1 ] @@ -171,26 +131,6 @@ inet test-inet input [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ah spi { 111-122} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ah spi != { 111-122} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ah sequence 123 inet test-inet input [ meta load l4proto => reg 1 ] @@ -225,26 +165,6 @@ inet test-inet input [ payload load 4b @ transport header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ah sequence { 23-33} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ah sequence != { 23-33} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ah sequence 23-33 inet test-inet input [ meta load l4proto => reg 1 ] diff --git a/tests/py/inet/comp.t b/tests/py/inet/comp.t index 0df18139..2ef53820 100644 --- a/tests/py/inet/comp.t +++ b/tests/py/inet/comp.t @@ -1,10 +1,11 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress # BUG: nft: payload.c:88: payload_expr_pctx_update: Assertion `left->payload.base + 1 <= (__PROTO_BASE_MAX - 1)' failed. - comp nexthdr esp;ok;comp nexthdr 50 @@ -20,8 +21,6 @@ comp flags 0x33-0x45;ok comp flags != 0x33-0x45;ok comp flags {0x33, 0x55, 0x67, 0x88};ok comp flags != {0x33, 0x55, 0x67, 0x88};ok -comp flags { 0x33-0x55};ok -comp flags != { 0x33-0x55};ok comp cpi 22;ok comp cpi != 233;ok @@ -29,5 +28,3 @@ comp cpi 33-45;ok comp cpi != 33-45;ok comp cpi {33, 55, 67, 88};ok comp cpi != {33, 55, 67, 88};ok -comp cpi { 33-55};ok -comp cpi != { 33-55};ok diff --git a/tests/py/inet/comp.t.json b/tests/py/inet/comp.t.json index b9b24f98..c9f6fcac 100644 --- a/tests/py/inet/comp.t.json +++ b/tests/py/inet/comp.t.json @@ -128,46 +128,6 @@ } ] -# comp flags { 0x33-0x55} -[ - { - "match": { - "left": { - "payload": { - "field": "flags", - "protocol": "comp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ "0x33", "0x55" ] } - ] - } - } - } -] - -# comp flags != { 0x33-0x55} -[ - { - "match": { - "left": { - "payload": { - "field": "flags", - "protocol": "comp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ "0x33", "0x55" ] } - ] - } - } - } -] - # comp cpi 22 [ { @@ -282,43 +242,3 @@ } ] -# comp cpi { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "cpi", - "protocol": "comp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# comp cpi != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "cpi", - "protocol": "comp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - diff --git a/tests/py/inet/comp.t.payload b/tests/py/inet/comp.t.payload index dec38aea..024e47cd 100644 --- a/tests/py/inet/comp.t.payload +++ b/tests/py/inet/comp.t.payload @@ -54,26 +54,6 @@ inet test-inet input [ payload load 1b @ transport header + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# comp flags { 0x33-0x55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# comp flags != { 0x33-0x55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # comp cpi 22 inet test-inet input [ meta load l4proto => reg 1 ] @@ -123,23 +103,3 @@ inet test-inet input [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# comp cpi { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# comp cpi != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - diff --git a/tests/py/inet/ct.t b/tests/py/inet/ct.t index 3d0dffad..5312b328 100644 --- a/tests/py/inet/ct.t +++ b/tests/py/inet/ct.t @@ -6,7 +6,7 @@ meta nfproto ipv4 ct original saddr 1.2.3.4;ok;ct original ip saddr 1.2.3.4 ct original ip6 saddr ::1;ok -ct original ip daddr {1.2.3.4} accept;ok +ct original ip daddr 1.2.3.4 accept;ok # missing protocol context ct original saddr ::1;fail diff --git a/tests/py/inet/ct.t.json b/tests/py/inet/ct.t.json index e7f928ca..223ac9e7 100644 --- a/tests/py/inet/ct.t.json +++ b/tests/py/inet/ct.t.json @@ -39,7 +39,7 @@ } ] -# ct original ip daddr {1.2.3.4} accept +# ct original ip daddr 1.2.3.4 accept [ { "match": { @@ -50,11 +50,7 @@ } }, "op": "==", - "right": { - "set": [ - "1.2.3.4" - ] - } + "right": "1.2.3.4" } }, { diff --git a/tests/py/inet/ct.t.payload b/tests/py/inet/ct.t.payload index 3b274f8c..f7a2ef27 100644 --- a/tests/py/inet/ct.t.payload +++ b/tests/py/inet/ct.t.payload @@ -10,11 +10,8 @@ inet test-inet input [ ct load src_ip6 => reg 1 , dir original ] [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x01000000 ] -# ct original ip daddr {1.2.3.4} accept -__set%d test-inet 3 size 1 -__set%d test-inet 0 - element 04030201 : 0 [end] +# ct original ip daddr 1.2.3.4 accept inet test-inet input [ ct load dst_ip => reg 1 , dir original ] - [ lookup reg 1 set __set%d ] + [ cmp eq reg 1 0x04030201 ] [ immediate reg 0 accept ] diff --git a/tests/py/inet/dccp.t b/tests/py/inet/dccp.t index 9a81bb2e..99cddbe7 100644 --- a/tests/py/inet/dccp.t +++ b/tests/py/inet/dccp.t @@ -1,29 +1,30 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress dccp sport 21-35;ok dccp sport != 21-35;ok dccp sport {23, 24, 25};ok dccp sport != {23, 24, 25};ok -dccp sport { 20-50 };ok dccp sport 20-50;ok -dccp sport { 20-50};ok -dccp sport != { 20-50};ok # dccp dport 21-35;ok # dccp dport != 21-35;ok dccp dport {23, 24, 25};ok dccp dport != {23, 24, 25};ok -dccp dport { 20-50};ok -dccp dport != { 20-50};ok dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok dccp type != {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok dccp type request;ok dccp type != request;ok + +dccp option 0 exists;ok +dccp option 43 missing;ok +dccp option 255 exists;ok +dccp option 256 exists;fail diff --git a/tests/py/inet/dccp.t.json b/tests/py/inet/dccp.t.json index 9260fbc5..9f47e97b 100644 --- a/tests/py/inet/dccp.t.json +++ b/tests/py/inet/dccp.t.json @@ -78,44 +78,6 @@ } ] -# dccp sport { 20-50 } -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "dccp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 20, 50 ] } - ] - } - } - } -] - -# dccp sport ftp-data - re-mail-ck -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "dccp" - } - }, - "op": "==", - "right": { - "range": [ "ftp-data", "re-mail-ck" ] - } - } - } -] - # dccp sport 20-50 [ { @@ -134,46 +96,6 @@ } ] -# dccp sport { 20-50} -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "dccp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 20, 50 ] } - ] - } - } - } -] - -# dccp sport != { 20-50} -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "dccp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 20, 50 ] } - ] - } - } - } -] - # dccp dport {23, 24, 25} [ { @@ -218,46 +140,6 @@ } ] -# dccp dport { 20-50} -[ - { - "match": { - "left": { - "payload": { - "field": "dport", - "protocol": "dccp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 20, 50 ] } - ] - } - } - } -] - -# dccp dport != { 20-50} -[ - { - "match": { - "left": { - "payload": { - "field": "dport", - "protocol": "dccp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 20, 50 ] } - ] - } - } - } -] - # dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack} [ { @@ -348,3 +230,47 @@ } ] +# dccp option 0 exists +[ + { + "match": { + "left": { + "dccp option": { + "type": 0 + } + }, + "op": "==", + "right": true + } + } +] + +# dccp option 43 missing +[ + { + "match": { + "left": { + "dccp option": { + "type": 43 + } + }, + "op": "==", + "right": false + } + } +] + +# dccp option 255 exists +[ + { + "match": { + "left": { + "dccp option": { + "type": 255 + } + }, + "op": "==", + "right": true + } + } +] diff --git a/tests/py/inet/dccp.t.payload b/tests/py/inet/dccp.t.payload index b5a48f40..c0b87be1 100644 --- a/tests/py/inet/dccp.t.payload +++ b/tests/py/inet/dccp.t.payload @@ -33,24 +33,6 @@ inet test-inet input [ payload load 2b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# dccp sport { 20-50 } -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# dccp sport ftp-data - re-mail-ck -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - # dccp sport 20-50 inet test-inet input [ meta load l4proto => reg 1 ] @@ -59,26 +41,6 @@ inet test-inet input [ cmp gte reg 1 0x00001400 ] [ cmp lte reg 1 0x00003200 ] -# dccp sport { 20-50} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# dccp sport != { 20-50} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # dccp dport {23, 24, 25} __set%d test-ip4 3 __set%d test-ip4 0 @@ -99,26 +61,6 @@ inet test-inet input [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# dccp dport { 20-50} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# dccp dport != { 20-50} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack} __set%d test-inet 3 __set%d test-inet 0 @@ -127,7 +69,7 @@ inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000021 ] [ payload load 1b @ transport header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000001e ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # dccp type != {request, response, data, ack, dataack, closereq, close, reset, sync, syncack} @@ -138,7 +80,7 @@ inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000021 ] [ payload load 1b @ transport header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000001e ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] # dccp type request @@ -146,7 +88,7 @@ inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000021 ] [ payload load 1b @ transport header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000001e ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # dccp type != request @@ -154,6 +96,20 @@ inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000021 ] [ payload load 1b @ transport header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000001e ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] +# dccp option 0 exists +ip test-inet input + [ exthdr load 1b @ 0 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# dccp option 43 missing +ip test-inet input + [ exthdr load 1b @ 43 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# dccp option 255 exists +ip test-inet input + [ exthdr load 1b @ 255 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/inet/dnat.t b/tests/py/inet/dnat.t index fcdf9436..e4e169f2 100644 --- a/tests/py/inet/dnat.t +++ b/tests/py/inet/dnat.t @@ -6,6 +6,7 @@ iifname "foo" tcp dport 80 redirect to :8080;ok iifname "eth0" tcp dport 443 dnat ip to 192.168.3.2;ok iifname "eth0" tcp dport 443 dnat ip6 to [dead::beef]:4443;ok +meta l4proto tcp dnat to :80;ok;meta l4proto 6 dnat to :80 dnat ip to ct mark map { 0x00000014 : 1.2.3.4};ok dnat ip to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok @@ -14,3 +15,8 @@ dnat ip6 to 1.2.3.4;fail dnat to 1.2.3.4;fail dnat ip6 to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};fail ip6 daddr dead::beef dnat to 10.1.2.3;fail + +meta l4proto { tcp, udp } dnat ip to 1.1.1.1:80;ok;meta l4proto { 6, 17} dnat ip to 1.1.1.1:80 +ip protocol { tcp, udp } dnat ip to 1.1.1.1:80;ok;ip protocol { 6, 17} dnat ip to 1.1.1.1:80 +meta l4proto { tcp, udp } tcp dport 20 dnat to 1.1.1.1:80;fail +ip protocol { tcp, udp } tcp dport 20 dnat to 1.1.1.1:80;fail diff --git a/tests/py/inet/dnat.t.json b/tests/py/inet/dnat.t.json index ac6dac62..c341a045 100644 --- a/tests/py/inet/dnat.t.json +++ b/tests/py/inet/dnat.t.json @@ -164,3 +164,78 @@ } ] +# meta l4proto { tcp, udp } dnat ip to 1.1.1.1:80 +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": { + "set": [ + 6, + 17 + ] + } + } + }, + { + "dnat": { + "addr": "1.1.1.1", + "family": "ip", + "port": 80 + } + } +] + +# ip protocol { tcp, udp } dnat ip to 1.1.1.1:80 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "protocol": "ip" + } + }, + "op": "==", + "right": { + "set": [ + 6, + 17 + ] + } + } + }, + { + "dnat": { + "addr": "1.1.1.1", + "family": "ip", + "port": 80 + } + } +] + +# meta l4proto tcp dnat to :80 +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 6 + } + }, + { + "dnat": { + "port": 80 + } + } +] + diff --git a/tests/py/inet/dnat.t.payload b/tests/py/inet/dnat.t.payload index 75cf1b77..ce1601ab 100644 --- a/tests/py/inet/dnat.t.payload +++ b/tests/py/inet/dnat.t.payload @@ -18,7 +18,7 @@ inet test-inet prerouting [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x0000bb01 ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport 443 dnat ip6 to [dead::beef]:4443 inet test-inet prerouting @@ -30,7 +30,7 @@ inet test-inet prerouting [ cmp eq reg 1 0x0000bb01 ] [ immediate reg 1 0x0000adde 0x00000000 0x00000000 0xefbe0000 ] [ immediate reg 2 0x00005b11 ] - [ nat dnat ip6 addr_min reg 1 addr_max reg 0 proto_min reg 2 proto_max reg 0 flags 0x2 ] + [ nat dnat ip6 addr_min reg 1 proto_min reg 2 flags 0x2 ] # dnat ip to ct mark map { 0x00000014 : 1.2.3.4} __map%d test-inet b size 1 @@ -39,7 +39,7 @@ __map%d test-inet 0 inet test-inet prerouting [ ct load mark => reg 1 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # dnat ip to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} __map%d test-inet b size 1 @@ -51,4 +51,36 @@ inet test-inet prerouting [ ct load mark => reg 1 ] [ payload load 4b @ network header + 16 => reg 9 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] + +# meta l4proto { tcp, udp } dnat ip to 1.1.1.1:80 +__set%d test-inet 3 +__set%d test-inet 0 + element 00000006 : 0 [end] element 00000011 : 0 [end] +inet + [ meta load l4proto => reg 1 ] + [ lookup reg 1 set __set%d ] + [ immediate reg 1 0x01010101 ] + [ immediate reg 2 0x00005000 ] + [ nat dnat ip addr_min reg 1 proto_min reg 2 flags 0x2 ] + +# ip protocol { tcp, udp } dnat ip to 1.1.1.1:80 +__set%d test-inet 3 +__set%d test-inet 0 + element 00000006 : 0 [end] element 00000011 : 0 [end] +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ lookup reg 1 set __set%d ] + [ immediate reg 1 0x01010101 ] + [ immediate reg 2 0x00005000 ] + [ nat dnat ip addr_min reg 1 proto_min reg 2 flags 0x2 ] + +# meta l4proto tcp dnat to :80 +inet + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00005000 ] + [ nat dnat inet proto_min reg 1 flags 0x2 ] + diff --git a/tests/py/inet/esp.t b/tests/py/inet/esp.t index e79eeada..536260cf 100644 --- a/tests/py/inet/esp.t +++ b/tests/py/inet/esp.t @@ -1,10 +1,11 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress esp spi 100;ok esp spi != 100;ok @@ -12,13 +13,9 @@ esp spi 111-222;ok esp spi != 111-222;ok esp spi { 100, 102};ok esp spi != { 100, 102};ok -esp spi { 100-102};ok -- esp spi {100-102};ok esp sequence 22;ok esp sequence 22-24;ok esp sequence != 22-24;ok esp sequence { 22, 24};ok esp sequence != { 22, 24};ok -esp sequence { 22-25};ok -esp sequence != { 22-25};ok diff --git a/tests/py/inet/esp.t.json b/tests/py/inet/esp.t.json index 84ea9eea..a9dedd6f 100644 --- a/tests/py/inet/esp.t.json +++ b/tests/py/inet/esp.t.json @@ -108,26 +108,6 @@ } ] -# esp spi { 100-102} -[ - { - "match": { - "left": { - "payload": { - "field": "spi", - "protocol": "esp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 100, 102 ] } - ] - } - } - } -] - # esp sequence 22 [ { @@ -222,43 +202,3 @@ } ] -# esp sequence { 22-25} -[ - { - "match": { - "left": { - "payload": { - "field": "sequence", - "protocol": "esp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 22, 25 ] } - ] - } - } - } -] - -# esp sequence != { 22-25} -[ - { - "match": { - "left": { - "payload": { - "field": "sequence", - "protocol": "esp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 22, 25 ] } - ] - } - } - } -] - diff --git a/tests/py/inet/esp.t.payload b/tests/py/inet/esp.t.payload index ad68530b..0353b056 100644 --- a/tests/py/inet/esp.t.payload +++ b/tests/py/inet/esp.t.payload @@ -47,26 +47,6 @@ inet test-inet input [ payload load 4b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# esp spi { 100-102} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# esp spi != { 100-102} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # esp sequence 22 inet test-inet input [ meta load l4proto => reg 1 ] @@ -109,23 +89,3 @@ inet test-inet input [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# esp sequence { 22-25} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# esp sequence != { 22-25} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - diff --git a/tests/py/inet/ether-ip.t b/tests/py/inet/ether-ip.t index 0c8c7f9d..759124de 100644 --- a/tests/py/inet/ether-ip.t +++ b/tests/py/inet/ether-ip.t @@ -1,8 +1,9 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok diff --git a/tests/py/inet/ether-ip.t.payload.netdev b/tests/py/inet/ether-ip.t.payload.netdev index 16b09212..b0fa6d84 100644 --- a/tests/py/inet/ether-ip.t.payload.netdev +++ b/tests/py/inet/ether-ip.t.payload.netdev @@ -13,21 +13,6 @@ netdev test-netdev ingress [ payload load 6b @ link header + 6 => reg 1 ] [ cmp eq reg 1 0x0c540f00 0x00000411 ] -# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 -netdev test-netdev ingress - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - # tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept netdev test-netdev ingress [ meta load l4proto => reg 1 ] diff --git a/tests/py/inet/ether.t b/tests/py/inet/ether.t index afdf8b89..8625f70b 100644 --- a/tests/py/inet/ether.t +++ b/tests/py/inet/ether.t @@ -1,13 +1,20 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input *bridge;test-bridge;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept;ok ether saddr 00:0f:54:0c:11:04 accept;ok + +vlan id 1;ok +ether type vlan vlan id 2;ok;vlan id 2 + +# invalid dependency +ether type ip vlan id 1;fail diff --git a/tests/py/inet/ether.t.json b/tests/py/inet/ether.t.json index 84b184c7..c7a7f886 100644 --- a/tests/py/inet/ether.t.json +++ b/tests/py/inet/ether.t.json @@ -88,3 +88,35 @@ } ] +# vlan id 1 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 1 + } + } +] + +# ether type vlan vlan id 2 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan" + } + }, + "op": "==", + "right": 2 + } + } +] + diff --git a/tests/py/inet/ether.t.payload b/tests/py/inet/ether.t.payload index 53648413..8b74a781 100644 --- a/tests/py/inet/ether.t.payload +++ b/tests/py/inet/ether.t.payload @@ -30,3 +30,23 @@ inet test-inet input [ cmp eq reg 1 0x0c540f00 0x00000411 ] [ immediate reg 0 accept ] +# vlan id 1 +netdev test-netdev ingress + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + +# ether type vlan vlan id 2 +netdev test-netdev ingress + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000200 ] + diff --git a/tests/py/inet/ether.t.payload.bridge b/tests/py/inet/ether.t.payload.bridge index 4a6bccbe..0128d5f0 100644 --- a/tests/py/inet/ether.t.payload.bridge +++ b/tests/py/inet/ether.t.payload.bridge @@ -1,17 +1,3 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - # tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept bridge test-bridge input [ meta load l4proto => reg 1 ] @@ -40,10 +26,19 @@ bridge test-bridge input [ cmp eq reg 1 0x0c540f00 0x00000411 ] [ immediate reg 0 accept ] -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 +# vlan id 1 bridge test-bridge input - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + +# ether type vlan vlan id 2 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000200 ] diff --git a/tests/py/inet/ether.t.payload.ip b/tests/py/inet/ether.t.payload.ip index 196930fd..7c91f412 100644 --- a/tests/py/inet/ether.t.payload.ip +++ b/tests/py/inet/ether.t.payload.ip @@ -1,4 +1,4 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -8,11 +8,9 @@ ip test-ip4 input [ cmp eq reg 1 0x00000001 ] [ payload load 6b @ link header + 6 => reg 1 ] [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] [ immediate reg 0 accept ] -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -24,32 +22,31 @@ ip test-ip4 input [ cmp eq reg 1 0x0c540f00 0x00000411 ] [ immediate reg 0 accept ] -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +# ether saddr 00:0f:54:0c:11:04 accept ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] [ meta load iiftype => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 6b @ link header + 6 => reg 1 ] [ cmp eq reg 1 0x0c540f00 0x00000411 ] [ immediate reg 0 accept ] -# ether saddr 00:0f:54:0c:11:04 accept +# vlan id 1 ip test-ip4 input [ meta load iiftype => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 +# ether type vlan vlan id 2 ip test-ip4 input [ meta load iiftype => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000200 ] diff --git a/tests/py/inet/fib.t.payload b/tests/py/inet/fib.t.payload index 1d4c3d94..050857d9 100644 --- a/tests/py/inet/fib.t.payload +++ b/tests/py/inet/fib.t.payload @@ -16,7 +16,7 @@ ip test-ip prerouting # fib daddr . iif type vmap { blackhole : drop, prohibit : drop, unicast : accept } __map%d test-ip b __map%d test-ip 0 - element 00000006 : 0 [end] element 00000008 : 0 [end] element 00000001 : 0 [end] + element 00000006 : drop 0 [end] element 00000008 : drop 0 [end] element 00000001 : accept 0 [end] ip test-ip prerouting [ fib daddr . iif type => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] diff --git a/tests/py/inet/geneve.t b/tests/py/inet/geneve.t new file mode 100644 index 00000000..101f6dfc --- /dev/null +++ b/tests/py/inet/geneve.t @@ -0,0 +1,23 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 + +*ip;test-ip4;input +*ip6;test-ip6;input +*inet;test-inet;input +*netdev;test-netdev;ingress,egress + +geneve vni 10;fail +udp dport 6081 geneve vni 10;ok +udp dport 6081 geneve ip saddr 10.141.11.2;ok +udp dport 6081 geneve ip saddr 10.141.11.0/24;ok +udp dport 6081 geneve ip protocol 1;ok +udp dport 6081 geneve udp sport 8888;ok +udp dport 6081 geneve icmp type echo-reply;ok +udp dport 6081 geneve ether saddr 62:87:4d:d6:19:05;ok +udp dport 6081 geneve vlan id 10;ok +udp dport 6081 geneve ip dscp 0x02;ok +udp dport 6081 geneve ip dscp 0x02;ok +udp dport 6081 geneve ip saddr . geneve ip daddr { 1.2.3.4 . 4.3.2.1 };ok + +udp dport 6081 geneve ip saddr set 1.2.3.4;fail diff --git a/tests/py/inet/geneve.t.json b/tests/py/inet/geneve.t.json new file mode 100644 index 00000000..a299fcd2 --- /dev/null +++ b/tests/py/inet/geneve.t.json @@ -0,0 +1,344 @@ +# udp dport 6081 geneve vni 10 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "payload": { + "field": "vni", + "protocol": "geneve", + "tunnel": "geneve" + } + }, + "op": "==", + "right": 10 + } + } +] + +# udp dport 6081 geneve ip saddr 10.141.11.2 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "geneve" + } + }, + "op": "==", + "right": "10.141.11.2" + } + } +] + +# udp dport 6081 geneve ip saddr 10.141.11.0/24 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "geneve" + } + }, + "op": "==", + "right": { + "prefix": { + "addr": "10.141.11.0", + "len": 24 + } + } + } + } +] + +# udp dport 6081 geneve ip protocol 1 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "payload": { + "field": "protocol", + "protocol": "ip", + "tunnel": "geneve" + } + }, + "op": "==", + "right": 1 + } + } +] + +# udp dport 6081 geneve udp sport 8888 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "payload": { + "field": "sport", + "protocol": "udp", + "tunnel": "geneve" + } + }, + "op": "==", + "right": 8888 + } + } +] + +# udp dport 6081 geneve icmp type echo-reply +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmp", + "tunnel": "geneve" + } + }, + "op": "==", + "right": "echo-reply" + } + } +] + +# udp dport 6081 geneve ether saddr 62:87:4d:d6:19:05 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether", + "tunnel": "geneve" + } + }, + "op": "==", + "right": "62:87:4d:d6:19:05" + } + } +] + +# udp dport 6081 geneve vlan id 10 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan", + "tunnel": "geneve" + } + }, + "op": "==", + "right": 10 + } + } +] + +# udp dport 6081 geneve ip dscp 0x02 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dscp", + "protocol": "ip", + "tunnel": "geneve" + } + }, + "op": "==", + "right": 2 + } + } +] + +# udp dport 6081 geneve ip dscp 0x02 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dscp", + "protocol": "ip", + "tunnel": "geneve" + } + }, + "op": "==", + "right": 2 + } + } +] + +# udp dport 6081 geneve ip saddr . geneve ip daddr { 1.2.3.4 . 4.3.2.1 } +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 6081 + } + }, + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "geneve" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip", + "tunnel": "geneve" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.2.3.4", + "4.3.2.1" + ] + } + ] + } + } + } +] + diff --git a/tests/py/inet/geneve.t.payload b/tests/py/inet/geneve.t.payload new file mode 100644 index 00000000..1ce54de6 --- /dev/null +++ b/tests/py/inet/geneve.t.payload @@ -0,0 +1,114 @@ +# udp dport 6081 geneve vni 10 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000c117 ] + [ inner type 2 hdrsize 8 flags f [ payload load 3b @ unknown header + 4 => reg 1 ] ] + [ cmp eq reg 1 0x000a0000 ] + +# udp dport 6081 geneve ip saddr 10.141.11.2 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000c117 ] + [ inner type 2 hdrsize 8 flags f [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 2 hdrsize 8 flags f [ payload load 4b @ network header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x020b8d0a ] + +# udp dport 6081 geneve ip saddr 10.141.11.0/24 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000c117 ] + [ inner type 2 hdrsize 8 flags f [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 2 hdrsize 8 flags f [ payload load 3b @ network header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x000b8d0a ] + +# udp dport 6081 geneve ip protocol 1 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000c117 ] + [ inner type 2 hdrsize 8 flags f [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 2 hdrsize 8 flags f [ payload load 1b @ network header + 9 => reg 1 ] ] + [ cmp eq reg 1 0x00000001 ] + +# udp dport 6081 geneve udp sport 8888 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000c117 ] + [ inner type 2 hdrsize 8 flags f [ meta load l4proto => reg 1 ] ] + [ cmp eq reg 1 0x00000011 ] + [ inner type 2 hdrsize 8 flags f [ payload load 2b @ transport header + 0 => reg 1 ] ] + [ cmp eq reg 1 0x0000b822 ] + +# udp dport 6081 geneve icmp type echo-reply +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000c117 ] + [ inner type 2 hdrsize 8 flags f [ payload load 2b @ link header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 2 hdrsize 8 flags f [ meta load l4proto => reg 1 ] ] + [ cmp eq reg 1 0x00000001 ] + [ inner type 2 hdrsize 8 flags f [ payload load 1b @ transport header + 0 => reg 1 ] ] + [ cmp eq reg 1 0x00000000 ] + +# udp dport 6081 geneve ether saddr 62:87:4d:d6:19:05 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000c117 ] + [ inner type 2 hdrsize 8 flags f [ payload load 6b @ link header + 6 => reg 1 ] ] + [ cmp eq reg 1 0xd64d8762 0x00000519 ] + +# udp dport 6081 geneve vlan id 10 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000c117 ] + [ inner type 2 hdrsize 8 flags f [ payload load 2b @ link header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x00000081 ] + [ inner type 2 hdrsize 8 flags f [ payload load 2b @ link header + 14 => reg 1 ] ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000a00 ] + +# udp dport 6081 geneve ip dscp 0x02 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000c117 ] + [ inner type 2 hdrsize 8 flags f [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 2 hdrsize 8 flags f [ payload load 1b @ network header + 1 => reg 1 ] ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000008 ] + +# udp dport 6081 geneve ip saddr . geneve ip daddr { 1.2.3.4 . 4.3.2.1 } +__set%d test-ip4 3 size 1 +__set%d test-ip4 0 + element 04030201 01020304 : 0 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000c117 ] + [ inner type 2 hdrsize 8 flags f [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 2 hdrsize 8 flags f [ payload load 4b @ network header + 12 => reg 1 ] ] + [ inner type 2 hdrsize 8 flags f [ payload load 4b @ network header + 16 => reg 9 ] ] + [ lookup reg 1 set __set%d ] + diff --git a/tests/py/inet/gre.t b/tests/py/inet/gre.t new file mode 100644 index 00000000..a3e046a1 --- /dev/null +++ b/tests/py/inet/gre.t @@ -0,0 +1,22 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 + +*ip;test-ip4;input +*ip6;test-ip6;input +*inet;test-inet;input +*netdev;test-netdev;ingress,egress + +gre version 0;ok +gre ip saddr 10.141.11.2;ok +gre ip saddr 10.141.11.0/24;ok +gre ip protocol 1;ok +gre udp sport 8888;ok +gre icmp type echo-reply;ok +gre ether saddr 62:87:4d:d6:19:05;fail +gre vlan id 10;fail +gre ip dscp 0x02;ok +gre ip dscp 0x02;ok +gre ip saddr . gre ip daddr { 1.2.3.4 . 4.3.2.1 };ok + +gre ip saddr set 1.2.3.4;fail diff --git a/tests/py/inet/gre.t.json b/tests/py/inet/gre.t.json new file mode 100644 index 00000000..c4431764 --- /dev/null +++ b/tests/py/inet/gre.t.json @@ -0,0 +1,177 @@ +# gre version 0 +[ + { + "match": { + "left": { + "payload": { + "field": "version", + "protocol": "gre" + } + }, + "op": "==", + "right": 0 + } + } +] + +# gre ip saddr 10.141.11.2 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "gre" + } + }, + "op": "==", + "right": "10.141.11.2" + } + } +] + +# gre ip saddr 10.141.11.0/24 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "gre" + } + }, + "op": "==", + "right": { + "prefix": { + "addr": "10.141.11.0", + "len": 24 + } + } + } + } +] + +# gre ip protocol 1 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "protocol": "ip", + "tunnel": "gre" + } + }, + "op": "==", + "right": 1 + } + } +] + +# gre udp sport 8888 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "protocol": "udp", + "tunnel": "gre" + } + }, + "op": "==", + "right": 8888 + } + } +] + +# gre icmp type echo-reply +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmp", + "tunnel": "gre" + } + }, + "op": "==", + "right": "echo-reply" + } + } +] + +# gre ip dscp 0x02 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "protocol": "ip", + "tunnel": "gre" + } + }, + "op": "==", + "right": 2 + } + } +] + +# gre ip dscp 0x02 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "protocol": "ip", + "tunnel": "gre" + } + }, + "op": "==", + "right": 2 + } + } +] + +# gre ip saddr . gre ip daddr { 1.2.3.4 . 4.3.2.1 } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "gre" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip", + "tunnel": "gre" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.2.3.4", + "4.3.2.1" + ] + } + ] + } + } + } +] + diff --git a/tests/py/inet/gre.t.payload b/tests/py/inet/gre.t.payload new file mode 100644 index 00000000..333133ed --- /dev/null +++ b/tests/py/inet/gre.t.payload @@ -0,0 +1,78 @@ +# gre version 0 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000007 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# gre ip saddr 10.141.11.2 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 3 hdrsize 4 flags c [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 3 hdrsize 4 flags c [ payload load 4b @ network header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x020b8d0a ] + +# gre ip saddr 10.141.11.0/24 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 3 hdrsize 4 flags c [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 3 hdrsize 4 flags c [ payload load 3b @ network header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x000b8d0a ] + +# gre ip protocol 1 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 3 hdrsize 4 flags c [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 3 hdrsize 4 flags c [ payload load 1b @ network header + 9 => reg 1 ] ] + [ cmp eq reg 1 0x00000001 ] + +# gre udp sport 8888 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 3 hdrsize 4 flags c [ meta load l4proto => reg 1 ] ] + [ cmp eq reg 1 0x00000011 ] + [ inner type 3 hdrsize 4 flags c [ payload load 2b @ transport header + 0 => reg 1 ] ] + [ cmp eq reg 1 0x0000b822 ] + +# gre icmp type echo-reply +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 3 hdrsize 4 flags c [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 3 hdrsize 4 flags c [ meta load l4proto => reg 1 ] ] + [ cmp eq reg 1 0x00000001 ] + [ inner type 3 hdrsize 4 flags c [ payload load 1b @ transport header + 0 => reg 1 ] ] + [ cmp eq reg 1 0x00000000 ] + +# gre ip dscp 0x02 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 3 hdrsize 4 flags c [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 3 hdrsize 4 flags c [ payload load 1b @ network header + 1 => reg 1 ] ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000008 ] + +# gre ip saddr . gre ip daddr { 1.2.3.4 . 4.3.2.1 } +__set%d test-ip4 3 size 1 +__set%d test-ip4 0 + element 04030201 01020304 : 0 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 3 hdrsize 4 flags c [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 3 hdrsize 4 flags c [ payload load 4b @ network header + 12 => reg 1 ] ] + [ inner type 3 hdrsize 4 flags c [ payload load 4b @ network header + 16 => reg 9 ] ] + [ lookup reg 1 set __set%d ] + diff --git a/tests/py/inet/gretap.t b/tests/py/inet/gretap.t new file mode 100644 index 00000000..cd7ee215 --- /dev/null +++ b/tests/py/inet/gretap.t @@ -0,0 +1,21 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 + +*ip;test-ip4;input +*ip6;test-ip6;input +*inet;test-inet;input +*netdev;test-netdev;ingress,egress + +gretap ip saddr 10.141.11.2;ok +gretap ip saddr 10.141.11.0/24;ok +gretap ip protocol 1;ok +gretap udp sport 8888;ok +gretap icmp type echo-reply;ok +gretap ether saddr 62:87:4d:d6:19:05;ok +gretap vlan id 10;ok +gretap ip dscp 0x02;ok +gretap ip dscp 0x02;ok +gretap ip saddr . gretap ip daddr { 1.2.3.4 . 4.3.2.1 };ok + +gretap ip saddr set 1.2.3.4;fail diff --git a/tests/py/inet/gretap.t.json b/tests/py/inet/gretap.t.json new file mode 100644 index 00000000..36fa9782 --- /dev/null +++ b/tests/py/inet/gretap.t.json @@ -0,0 +1,195 @@ +# gretap ip saddr 10.141.11.2 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "gretap" + } + }, + "op": "==", + "right": "10.141.11.2" + } + } +] + +# gretap ip saddr 10.141.11.0/24 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "gretap" + } + }, + "op": "==", + "right": { + "prefix": { + "addr": "10.141.11.0", + "len": 24 + } + } + } + } +] + +# gretap ip protocol 1 +[ + { + "match": { + "left": { + "payload": { + "field": "protocol", + "protocol": "ip", + "tunnel": "gretap" + } + }, + "op": "==", + "right": 1 + } + } +] + +# gretap udp sport 8888 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "protocol": "udp", + "tunnel": "gretap" + } + }, + "op": "==", + "right": 8888 + } + } +] + +# gretap icmp type echo-reply +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmp", + "tunnel": "gretap" + } + }, + "op": "==", + "right": "echo-reply" + } + } +] + +# gretap ether saddr 62:87:4d:d6:19:05 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether", + "tunnel": "gretap" + } + }, + "op": "==", + "right": "62:87:4d:d6:19:05" + } + } +] + +# gretap vlan id 10 +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan", + "tunnel": "gretap" + } + }, + "op": "==", + "right": 10 + } + } +] + +# gretap ip dscp 0x02 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "protocol": "ip", + "tunnel": "gretap" + } + }, + "op": "==", + "right": 2 + } + } +] + +# gretap ip dscp 0x02 +[ + { + "match": { + "left": { + "payload": { + "field": "dscp", + "protocol": "ip", + "tunnel": "gretap" + } + }, + "op": "==", + "right": 2 + } + } +] + +# gretap ip saddr . gretap ip daddr { 1.2.3.4 . 4.3.2.1 } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "gretap" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip", + "tunnel": "gretap" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.2.3.4", + "4.3.2.1" + ] + } + ] + } + } + } +] + diff --git a/tests/py/inet/gretap.t.payload b/tests/py/inet/gretap.t.payload new file mode 100644 index 00000000..654c71e4 --- /dev/null +++ b/tests/py/inet/gretap.t.payload @@ -0,0 +1,87 @@ +# gretap ip saddr 10.141.11.2 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 4 hdrsize 4 flags e [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 4 hdrsize 4 flags e [ payload load 4b @ network header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x020b8d0a ] + +# gretap ip saddr 10.141.11.0/24 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 4 hdrsize 4 flags e [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 4 hdrsize 4 flags e [ payload load 3b @ network header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x000b8d0a ] + +# gretap ip protocol 1 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 4 hdrsize 4 flags e [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 4 hdrsize 4 flags e [ payload load 1b @ network header + 9 => reg 1 ] ] + [ cmp eq reg 1 0x00000001 ] + +# gretap udp sport 8888 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 4 hdrsize 4 flags e [ meta load l4proto => reg 1 ] ] + [ cmp eq reg 1 0x00000011 ] + [ inner type 4 hdrsize 4 flags e [ payload load 2b @ transport header + 0 => reg 1 ] ] + [ cmp eq reg 1 0x0000b822 ] + +# gretap icmp type echo-reply +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 4 hdrsize 4 flags e [ payload load 2b @ link header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 4 hdrsize 4 flags e [ meta load l4proto => reg 1 ] ] + [ cmp eq reg 1 0x00000001 ] + [ inner type 4 hdrsize 4 flags e [ payload load 1b @ transport header + 0 => reg 1 ] ] + [ cmp eq reg 1 0x00000000 ] + +# gretap ether saddr 62:87:4d:d6:19:05 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 4 hdrsize 4 flags e [ payload load 6b @ link header + 6 => reg 1 ] ] + [ cmp eq reg 1 0xd64d8762 0x00000519 ] + +# gretap vlan id 10 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 4 hdrsize 4 flags e [ payload load 2b @ link header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x00000081 ] + [ inner type 4 hdrsize 4 flags e [ payload load 2b @ link header + 14 => reg 1 ] ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000a00 ] + +# gretap ip dscp 0x02 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 4 hdrsize 4 flags e [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 4 hdrsize 4 flags e [ payload load 1b @ network header + 1 => reg 1 ] ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000008 ] + +# gretap ip saddr . gretap ip daddr { 1.2.3.4 . 4.3.2.1 } +__set%d test-ip4 3 size 1 +__set%d test-ip4 0 + element 04030201 01020304 : 0 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000002f ] + [ inner type 4 hdrsize 4 flags e [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 4 hdrsize 4 flags e [ payload load 4b @ network header + 12 => reg 1 ] ] + [ inner type 4 hdrsize 4 flags e [ payload load 4b @ network header + 16 => reg 9 ] ] + [ lookup reg 1 set __set%d ] + diff --git a/tests/py/inet/icmpX.t b/tests/py/inet/icmpX.t index 97ff96d0..9430b3d3 100644 --- a/tests/py/inet/icmpX.t +++ b/tests/py/inet/icmpX.t @@ -7,4 +7,4 @@ icmp type echo-request;ok ip6 nexthdr icmpv6 icmpv6 type echo-request;ok;ip6 nexthdr 58 icmpv6 type echo-request icmpv6 type echo-request;ok # must not remove 'ip protocol' dependency, this explicitly matches icmpv6-in-ipv4. -ip protocol ipv6-icmp meta l4proto ipv6-icmp icmpv6 type 1;ok;ip protocol 58 meta l4proto 58 icmpv6 type destination-unreachable +ip protocol ipv6-icmp meta l4proto ipv6-icmp icmpv6 type 1;ok;ip protocol 58 icmpv6 type destination-unreachable diff --git a/tests/py/inet/icmpX.t.json.output b/tests/py/inet/icmpX.t.json.output index 9b0bf9f7..7765cd90 100644 --- a/tests/py/inet/icmpX.t.json.output +++ b/tests/py/inet/icmpX.t.json.output @@ -71,15 +71,6 @@ { "match": { "left": { - "meta": { "key": "l4proto" } - }, - "op": "==", - "right": 58 - } - }, - { - "match": { - "left": { "payload": { "field": "type", "protocol": "icmpv6" diff --git a/tests/py/inet/ip.t b/tests/py/inet/ip.t index 86604a63..bdb3330c 100644 --- a/tests/py/inet/ip.t +++ b/tests/py/inet/ip.t @@ -1,11 +1,12 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *inet;test-inet;input *bridge;test-bridge;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe };ok ip saddr vmap { 10.0.1.0-10.0.1.255 : accept, 10.0.1.1-10.0.2.255 : drop };fail -ip saddr vmap { 1.1.1.1-1.1.1.255 : accept, 1.1.1.0-1.1.2.1 : drop};fail +ip saddr vmap { 3.3.3.3-3.3.3.4 : accept, 1.1.1.1-1.1.1.255 : accept, 1.1.1.0-1.1.2.1 : drop};fail diff --git a/tests/py/inet/ip.t.payload.bridge b/tests/py/inet/ip.t.payload.bridge index a422ed76..57dbc9eb 100644 --- a/tests/py/inet/ip.t.payload.bridge +++ b/tests/py/inet/ip.t.payload.bridge @@ -3,7 +3,7 @@ __set%d test-bridge 3 __set%d test-bridge 0 element 01010101 02020202 fecafeca 0000feca : 0 [end] bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] + [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] [ payload load 4b @ network header + 16 => reg 9 ] diff --git a/tests/py/inet/ip_tcp.t b/tests/py/inet/ip_tcp.t index f2a28ebd..03bafc09 100644 --- a/tests/py/inet/ip_tcp.t +++ b/tests/py/inet/ip_tcp.t @@ -1,15 +1,16 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *inet;test-inet;input *bridge;test-bridge;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress # must not remove ip dependency -- ONLY ipv4 packets should be matched ip protocol tcp tcp dport 22;ok;ip protocol 6 tcp dport 22 -# can remove it here, ip protocol is implied via saddr. -ip protocol tcp ip saddr 1.2.3.4 tcp dport 22;ok;ip saddr 1.2.3.4 tcp dport 22 +# could in principle remove it here since ipv4 is implied via saddr. +ip protocol tcp ip saddr 1.2.3.4 tcp dport 22;ok;ip protocol 6 ip saddr 1.2.3.4 tcp dport 22 # but not here. ip protocol tcp counter ip saddr 1.2.3.4 tcp dport 22;ok;ip protocol 6 counter ip saddr 1.2.3.4 tcp dport 22 diff --git a/tests/py/inet/ip_tcp.t.json.output b/tests/py/inet/ip_tcp.t.json.output index 4a6a05d7..acad8b1f 100644 --- a/tests/py/inet/ip_tcp.t.json.output +++ b/tests/py/inet/ip_tcp.t.json.output @@ -32,6 +32,18 @@ "match": { "left": { "payload": { + "field": "protocol", + "protocol": "ip" + } + }, + "op": "==", + "right": 6 + } + }, + { + "match": { + "left": { + "payload": { "field": "saddr", "protocol": "ip" } diff --git a/tests/py/inet/ipsec.t b/tests/py/inet/ipsec.t index e924e9bc..b18df395 100644 --- a/tests/py/inet/ipsec.t +++ b/tests/py/inet/ipsec.t @@ -19,3 +19,5 @@ ipsec in ip6 daddr dead::beef;ok ipsec out ip6 saddr dead::feed;ok ipsec in spnum 256 reqid 1;fail + +counter ipsec out ip daddr 192.168.1.2;ok diff --git a/tests/py/inet/ipsec.t.json b/tests/py/inet/ipsec.t.json index d7d3a03c..18a64f35 100644 --- a/tests/py/inet/ipsec.t.json +++ b/tests/py/inet/ipsec.t.json @@ -134,3 +134,24 @@ } } ] + +# counter ipsec out ip daddr 192.168.1.2 +[ + { + "counter": null + }, + { + "match": { + "left": { + "ipsec": { + "dir": "out", + "family": "ip", + "key": "daddr", + "spnum": 0 + } + }, + "op": "==", + "right": "192.168.1.2" + } + } +] diff --git a/tests/py/inet/ipsec.t.payload b/tests/py/inet/ipsec.t.payload index c46a2263..9648255d 100644 --- a/tests/py/inet/ipsec.t.payload +++ b/tests/py/inet/ipsec.t.payload @@ -37,3 +37,9 @@ ip ipsec-ip4 ipsec-forw [ xfrm load out 0 saddr6 => reg 1 ] [ cmp eq reg 1 0x0000adde 0x00000000 0x00000000 0xedfe0000 ] +# counter ipsec out ip daddr 192.168.1.2 +ip ipsec-ip4 ipsec-forw + [ counter pkts 0 bytes 0 ] + [ xfrm load out 0 daddr4 => reg 1 ] + [ cmp eq reg 1 0x0201a8c0 ] + diff --git a/tests/py/inet/map.t b/tests/py/inet/map.t index e83490a8..5a7161b7 100644 --- a/tests/py/inet/map.t +++ b/tests/py/inet/map.t @@ -1,9 +1,10 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress mark set ip saddr map { 10.2.3.2 : 0x0000002a, 10.2.3.1 : 0x00000017};ok;meta mark set ip saddr map { 10.2.3.1 : 0x00000017, 10.2.3.2 : 0x0000002a} mark set ip hdrlength map { 5 : 0x00000017, 4 : 0x00000001};ok;meta mark set ip hdrlength map { 4 : 0x00000001, 5 : 0x00000017} diff --git a/tests/py/inet/map.t.payload b/tests/py/inet/map.t.payload index 16225cbd..50344ada 100644 --- a/tests/py/inet/map.t.payload +++ b/tests/py/inet/map.t.payload @@ -17,7 +17,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 1 ] [ meta set mark with reg 1 ] diff --git a/tests/py/inet/map.t.payload.ip b/tests/py/inet/map.t.payload.ip index 59575749..3e456675 100644 --- a/tests/py/inet/map.t.payload.ip +++ b/tests/py/inet/map.t.payload.ip @@ -13,7 +13,7 @@ __map%d test-ip4 0 element 00000005 : 00000017 0 [end] element 00000004 : 00000001 0 [end] ip test-ip4 input [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 1 ] [ meta set mark with reg 1 ] diff --git a/tests/py/inet/map.t.payload.netdev b/tests/py/inet/map.t.payload.netdev index 501fb8ee..2e60f09d 100644 --- a/tests/py/inet/map.t.payload.netdev +++ b/tests/py/inet/map.t.payload.netdev @@ -17,7 +17,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 1 ] [ meta set mark with reg 1 ] diff --git a/tests/py/inet/meta.t b/tests/py/inet/meta.t index 3638898b..7d2515c9 100644 --- a/tests/py/inet/meta.t +++ b/tests/py/inet/meta.t @@ -12,8 +12,22 @@ meta nfproto ipv4 tcp dport 22;ok meta nfproto ipv4 ip saddr 1.2.3.4;ok;ip saddr 1.2.3.4 meta nfproto ipv6 meta l4proto tcp;ok;meta nfproto ipv6 meta l4proto 6 meta nfproto ipv4 counter ip saddr 1.2.3.4;ok + +meta protocol ip udp dport 67;ok +meta protocol ip6 udp dport 67;ok + meta ipsec exists;ok meta secpath missing;ok;meta ipsec missing meta ibrname "br0";fail meta obrname "br0";fail meta mark set ct mark >> 8;ok + +meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 };ok +ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 1.2.3.6-1.2.3.8 . 0x00000200-0x00000300 };ok +ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 5.6.7.8 . 0x00000200 };ok +ip saddr . ether saddr . meta l4proto { 1.2.3.4 . aa:bb:cc:dd:ee:ff . 6 };ok + +meta mark set ip dscp;ok +meta mark set ip dscp | 0x40;ok +meta mark set ip6 dscp;ok +meta mark set ip6 dscp | 0x40;ok diff --git a/tests/py/inet/meta.t.json b/tests/py/inet/meta.t.json index 5c0e7d2e..0fee165f 100644 --- a/tests/py/inet/meta.t.json +++ b/tests/py/inet/meta.t.json @@ -235,3 +235,335 @@ } } ] + +# meta protocol ip udp dport 67 +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] + +# meta protocol ip6 udp dport 67 +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] + +# meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 } +[ + { + "match": { + "left": { + "concat": [ + { + "meta": { + "key": "mark" + } + }, + { + "payload": { + "field": "dport", + "protocol": "tcp" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + { + "range": [ + 10, + 20 + ] + }, + { + "range": [ + 80, + 90 + ] + } + ] + }, + { + "concat": [ + { + "range": [ + 1048576, + 1048867 + ] + }, + { + "range": [ + 100, + 120 + ] + } + ] + } + ] + } + } + } +] + +# ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 1.2.3.6-1.2.3.8 . 0x00000200-0x00000300 } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "meta": { + "key": "mark" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.2.3.4", + 256 + ] + }, + { + "concat": [ + { + "range": [ + "1.2.3.6", + "1.2.3.8" + ] + }, + { + "range": [ + 512, + 768 + ] + } + ] + } + ] + } + } + } +] + +# ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 5.6.7.8 . 0x00000200 } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "meta": { + "key": "mark" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.2.3.4", + 256 + ] + }, + { + "concat": [ + "5.6.7.8", + 512 + ] + } + ] + } + } + } +] + +# meta mark set ip dscp +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "payload": { + "field": "dscp", + "protocol": "ip" + } + } + } + } +] + +# meta mark set ip dscp | 0x40 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 64 + ] + } + } + } +] + +# meta mark set ip6 dscp +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + } + } + } +] + +# meta mark set ip6 dscp | 0x40 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 64 + ] + } + } + } +] + +# ip saddr . ether saddr . meta l4proto { 1.2.3.4 . aa:bb:cc:dd:ee:ff . 6 } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + { + "meta": { + "key": "l4proto" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.2.3.4", + "aa:bb:cc:dd:ee:ff", + "tcp" + ] + } + ] + } + } + } +] + diff --git a/tests/py/inet/meta.t.json.output b/tests/py/inet/meta.t.json.output index 3e7dd214..8697d5a2 100644 --- a/tests/py/inet/meta.t.json.output +++ b/tests/py/inet/meta.t.json.output @@ -51,3 +51,44 @@ } ] +# ip saddr . ether saddr . meta l4proto { 1.2.3.4 . aa:bb:cc:dd:ee:ff . 6 } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + { + "meta": { + "key": "l4proto" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.2.3.4", + "aa:bb:cc:dd:ee:ff", + 6 + ] + } + ] + } + } + } +] + diff --git a/tests/py/inet/meta.t.payload b/tests/py/inet/meta.t.payload index 6ccf6d24..7184fa0c 100644 --- a/tests/py/inet/meta.t.payload +++ b/tests/py/inet/meta.t.payload @@ -79,3 +79,111 @@ inet test-inet input [ ct load mark => reg 1 ] [ bitwise reg 1 = ( reg 1 >> 0x00000008 ) ] [ meta set mark with reg 1 ] + +# meta protocol ip udp dport 67 +inet test-inet input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00004300 ] + +# meta protocol ip6 udp dport 67 +inet test-inet input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00004300 ] + +# meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 } +__set%d test-inet 87 size 1 +__set%d test-inet 0 + element 0a000000 00005000 - 14000000 00005a00 : 0 [end] element 00001000 00006400 - 23011000 00007800 : 0 [end] +ip test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ meta load mark => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ payload load 2b @ transport header + 2 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 1.2.3.6-1.2.3.8 . 0x00000200-0x00000300 } +__set%d test-inet 87 size 2 +__set%d test-inet 0 + element 04030201 00010000 - 04030201 00010000 : 0 [end] element 06030201 00020000 - 08030201 00030000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ meta load mark => reg 9 ] + [ byteorder reg 9 = hton(reg 9, 4, 4) ] + [ lookup reg 1 set __set%d ] + +# ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 5.6.7.8 . 0x00000200 } +__set%d test-inet 3 size 2 +__set%d test-inet 0 + element 04030201 00000100 : 0 [end] element 08070605 00000200 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ meta load mark => reg 9 ] + [ lookup reg 1 set __set%d ] + +# meta mark set ip dscp +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ meta set mark with reg 1 ] + +# meta mark set ip dscp | 0x40 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ] + [ meta set mark with reg 1 ] + +# meta mark set ip6 dscp +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ meta set mark with reg 1 ] + +# meta mark set ip6 dscp | 0x40 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ] + [ meta set mark with reg 1 ] + +# ip saddr . ether saddr . meta l4proto { 1.2.3.4 . aa:bb:cc:dd:ee:ff . 6 } +__set%d test-inet 3 size 1 +__set%d test-inet 0 + element 04030201 ddccbbaa 0000ffee 00000006 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 6b @ link header + 6 => reg 9 ] + [ meta load l4proto => reg 11 ] + [ lookup reg 1 set __set%d ] + diff --git a/tests/py/inet/osf.t.payload b/tests/py/inet/osf.t.payload index 6f5fba34..6ddab976 100644 --- a/tests/py/inet/osf.t.payload +++ b/tests/py/inet/osf.t.payload @@ -1,80 +1,24 @@ # osf name "Linux" -ip osfip osfchain - [ osf dreg 1 ] - [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ] - -# osf name "Linux" -ip6 osfip6 osfchain - [ osf dreg 1 ] - [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ] - -# osf name "Linux" inet osfinet osfchain [ osf dreg 1 ] [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ] # osf ttl loose name "Linux" -ip osfip osfchain - [ osf dreg 1 ] - [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ] - -# osf ttl loose name "Linux" -ip6 osfip6 osfchain - [ osf dreg 1 ] - [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ] - -# osf ttl loose name "Linux" inet osfinet osfchain [ osf dreg 1 ] [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ] # osf ttl skip name "Linux" -ip osfip osfchain - [ osf dreg 1 ] - [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ] - -# osf ttl skip name "Linux" -ip6 osfip6 osfchain - [ osf dreg 1 ] - [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ] - -# osf ttl skip name "Linux" inet osfinet osfchain [ osf dreg 1 ] [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ] # osf ttl skip version "Linux:3.0" -ip osfip osfchain - [ osf dreg 1 ] - [ cmp eq reg 1 0x756e694c 0x2e333a78 0x00000030 0x00000000 ] - -# osf ttl skip version "Linux:3.0" -ip6 osfip6 osfchain - [ osf dreg 1 ] - [ cmp eq reg 1 0x756e694c 0x2e333a78 0x00000030 0x00000000 ] - -# osf ttl skip version "Linux:3.0" inet osfinet osfchain [ osf dreg 1 ] [ cmp eq reg 1 0x756e694c 0x2e333a78 0x00000030 0x00000000 ] # osf name { "Windows", "MacOs" } -__set%d osfip 3 size 2 -__set%d osfip 0 - element 646e6957 0073776f 00000000 00000000 : 0 [end] element 4f63614d 00000073 00000000 00000000 : 0 [end] -ip osfip osfchain - [ osf dreg 1 ] - [ lookup reg 1 set __set%d ] - -# osf name { "Windows", "MacOs" } -__set%d osfip6 3 size 2 -__set%d osfip6 0 - element 646e6957 0073776f 00000000 00000000 : 0 [end] element 4f63614d 00000073 00000000 00000000 : 0 [end] -ip6 osfip6 osfchain - [ osf dreg 1 ] - [ lookup reg 1 set __set%d ] - -# osf name { "Windows", "MacOs" } __set%d osfinet 3 size 2 __set%d osfinet 0 element 646e6957 0073776f 00000000 00000000 : 0 [end] element 4f63614d 00000073 00000000 00000000 : 0 [end] @@ -83,22 +27,6 @@ inet osfinet osfchain [ lookup reg 1 set __set%d ] # osf version { "Windows:XP", "MacOs:Sierra" } -__set%d osfip 3 size 2 -__set%d osfip 0 - element 646e6957 3a73776f 00005058 00000000 : 0 [end] element 4f63614d 69533a73 61727265 00000000 : 0 [end] -ip osfip osfchain - [ osf dreg 1 ] - [ lookup reg 1 set __set%d ] - -# osf version { "Windows:XP", "MacOs:Sierra" } -__set%d osfip6 3 size 2 -__set%d osfip6 0 - element 646e6957 3a73776f 00005058 00000000 : 0 [end] element 4f63614d 69533a73 61727265 00000000 : 0 [end] -ip6 osfip6 osfchain - [ osf dreg 1 ] - [ lookup reg 1 set __set%d ] - -# osf version { "Windows:XP", "MacOs:Sierra" } __set%d osfinet 3 size 2 __set%d osfinet 0 element 646e6957 3a73776f 00005058 00000000 : 0 [end] element 4f63614d 69533a73 61727265 00000000 : 0 [end] @@ -107,24 +35,6 @@ inet osfinet osfchain [ lookup reg 1 set __set%d ] # ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 } -__map%d osfip b size 2 -__map%d osfip 0 - element 646e6957 0073776f 00000000 00000000 : 00000001 0 [end] element 4f63614d 00000073 00000000 00000000 : 00000002 0 [end] -ip osfip osfchain - [ osf dreg 1 ] - [ lookup reg 1 set __map%d dreg 1 ] - [ ct set mark with reg 1 ] - -# ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 } -__map%d osfip6 b size 2 -__map%d osfip6 0 - element 646e6957 0073776f 00000000 00000000 : 00000001 0 [end] element 4f63614d 00000073 00000000 00000000 : 00000002 0 [end] -ip6 osfip6 osfchain - [ osf dreg 1 ] - [ lookup reg 1 set __map%d dreg 1 ] - [ ct set mark with reg 1 ] - -# ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 } __map%d osfinet b size 2 __map%d osfinet 0 element 646e6957 0073776f 00000000 00000000 : 00000001 0 [end] element 4f63614d 00000073 00000000 00000000 : 00000002 0 [end] @@ -134,24 +44,6 @@ inet osfinet osfchain [ ct set mark with reg 1 ] # ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 } -__map%d osfip b size 2 -__map%d osfip 0 - element 646e6957 3a73776f 00005058 00000000 : 00000003 0 [end] element 4f63614d 69533a73 61727265 00000000 : 00000004 0 [end] -ip osfip osfchain - [ osf dreg 1 ] - [ lookup reg 1 set __map%d dreg 1 ] - [ ct set mark with reg 1 ] - -# ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 } -__map%d osfip6 b size 2 -__map%d osfip6 0 - element 646e6957 3a73776f 00005058 00000000 : 00000003 0 [end] element 4f63614d 69533a73 61727265 00000000 : 00000004 0 [end] -ip6 osfip6 osfchain - [ osf dreg 1 ] - [ lookup reg 1 set __map%d dreg 1 ] - [ ct set mark with reg 1 ] - -# ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 } __map%d osfinet b size 2 __map%d osfinet 0 element 646e6957 3a73776f 00005058 00000000 : 00000003 0 [end] element 4f63614d 69533a73 61727265 00000000 : 00000004 0 [end] diff --git a/tests/py/inet/payloadmerge.t b/tests/py/inet/payloadmerge.t new file mode 100644 index 00000000..04ba1ce6 --- /dev/null +++ b/tests/py/inet/payloadmerge.t @@ -0,0 +1,14 @@ +:input;type filter hook input priority 0 + +*ip;test-ip4;input +*ip6;test-ip6;input +*inet;test-inet;input + +tcp sport 1 tcp dport 2;ok +tcp sport != 1 tcp dport != 2;ok +tcp sport 1 tcp dport != 2;ok +tcp sport != 1 tcp dport 2;ok +meta l4proto != 6 th dport 2;ok +meta l4proto 6 tcp dport 22;ok;tcp dport 22 +tcp sport > 1 tcp dport > 2;ok +tcp sport 1 tcp dport > 2;ok diff --git a/tests/py/inet/payloadmerge.t.json b/tests/py/inet/payloadmerge.t.json new file mode 100644 index 00000000..e5b66cf9 --- /dev/null +++ b/tests/py/inet/payloadmerge.t.json @@ -0,0 +1,211 @@ +# tcp sport 1 tcp dport 2 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 2 + } + } +] + +# tcp sport != 1 tcp dport != 2 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "protocol": "tcp" + } + }, + "op": "!=", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "!=", + "right": 2 + } + } +] + +# tcp sport 1 tcp dport != 2 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "!=", + "right": 2 + } + } +] + +# tcp sport != 1 tcp dport 2 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "protocol": "tcp" + } + }, + "op": "!=", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 2 + } + } +] + +# meta l4proto != 6 th dport 2 +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "!=", + "right": 6 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "th" + } + }, + "op": "==", + "right": 2 + } + } +] + +# meta l4proto 6 tcp dport 22 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 22 + } + } +] + +# tcp sport > 1 tcp dport > 2 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "protocol": "tcp" + } + }, + "op": ">", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": ">", + "right": 2 + } + } +] + +# tcp sport 1 tcp dport > 2 +[ + { + "match": { + "left": { + "payload": { + "field": "sport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": ">", + "right": 2 + } + } +] + diff --git a/tests/py/inet/payloadmerge.t.payload b/tests/py/inet/payloadmerge.t.payload new file mode 100644 index 00000000..a0465cdd --- /dev/null +++ b/tests/py/inet/payloadmerge.t.payload @@ -0,0 +1,66 @@ +# tcp sport 1 tcp dport 2 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x02000100 ] + +# tcp sport != 1 tcp dport != 2 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000100 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00000200 ] + +# tcp sport 1 tcp dport != 2 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00000200 ] + +# tcp sport != 1 tcp dport 2 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000100 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00000200 ] + +# meta l4proto != 6 th dport 2 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp neq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00000200 ] + +# meta l4proto 6 tcp dport 22 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport > 1 tcp dport > 2 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gt reg 1 0x00000100 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gt reg 1 0x00000200 ] + +# tcp sport 1 tcp dport > 2 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gt reg 1 0x00000200 ] + diff --git a/tests/py/inet/reject.t b/tests/py/inet/reject.t index 0e8966c9..61a6d556 100644 --- a/tests/py/inet/reject.t +++ b/tests/py/inet/reject.t @@ -2,38 +2,40 @@ *inet;test-inet;input -# The output is specific for inet family -reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable -reject with icmp type net-unreachable;ok;meta nfproto ipv4 reject with icmp type net-unreachable -reject with icmp type prot-unreachable;ok;meta nfproto ipv4 reject with icmp type prot-unreachable -reject with icmp type port-unreachable;ok;meta nfproto ipv4 reject -reject with icmp type net-prohibited;ok;meta nfproto ipv4 reject with icmp type net-prohibited -reject with icmp type host-prohibited;ok;meta nfproto ipv4 reject with icmp type host-prohibited -reject with icmp type admin-prohibited;ok;meta nfproto ipv4 reject with icmp type admin-prohibited - -reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route -reject with icmpv6 type admin-prohibited;ok;meta nfproto ipv6 reject with icmpv6 type admin-prohibited -reject with icmpv6 type addr-unreachable;ok;meta nfproto ipv6 reject with icmpv6 type addr-unreachable -reject with icmpv6 type port-unreachable;ok;meta nfproto ipv6 reject +reject with icmp host-unreachable;ok +reject with icmp net-unreachable;ok +reject with icmp prot-unreachable;ok +reject with icmp port-unreachable;ok +reject with icmp net-prohibited;ok +reject with icmp host-prohibited;ok +reject with icmp admin-prohibited;ok + +reject with icmpv6 no-route;ok +reject with icmpv6 admin-prohibited;ok +reject with icmpv6 addr-unreachable;ok +reject with icmpv6 port-unreachable;ok mark 12345 reject with tcp reset;ok;meta l4proto 6 meta mark 0x00003039 reject with tcp reset reject;ok -meta nfproto ipv4 reject;ok -meta nfproto ipv6 reject;ok +meta nfproto ipv4 reject;ok;reject with icmp port-unreachable +meta nfproto ipv6 reject;ok;reject with icmpv6 port-unreachable -reject with icmpx type host-unreachable;ok -reject with icmpx type no-route;ok -reject with icmpx type admin-prohibited;ok -reject with icmpx type port-unreachable;ok;reject +reject with icmpx host-unreachable;ok +reject with icmpx no-route;ok +reject with icmpx admin-prohibited;ok +reject with icmpx port-unreachable;ok;reject +reject with icmpx 3;ok;reject with icmpx admin-prohibited -meta nfproto ipv4 reject with icmp type host-unreachable;ok -meta nfproto ipv6 reject with icmpv6 type no-route;ok +meta nfproto ipv4 reject with icmp host-unreachable;ok;reject with icmp host-unreachable +meta nfproto ipv6 reject with icmpv6 no-route;ok;reject with icmpv6 no-route -meta nfproto ipv6 reject with icmp type host-unreachable;fail -meta nfproto ipv4 ip protocol icmp reject with icmpv6 type no-route;fail -meta nfproto ipv6 ip protocol icmp reject with icmp type host-unreachable;fail +meta nfproto ipv6 reject with icmp host-unreachable;fail +meta nfproto ipv4 ip protocol icmp reject with icmpv6 no-route;fail +meta nfproto ipv6 ip protocol icmp reject with icmp host-unreachable;fail meta l4proto udp reject with tcp reset;fail -meta nfproto ipv4 reject with icmpx type admin-prohibited;ok -meta nfproto ipv6 reject with icmpx type admin-prohibited;ok +meta nfproto ipv4 reject with icmpx admin-prohibited;ok +meta nfproto ipv6 reject with icmpx admin-prohibited;ok + +ether saddr aa:bb:cc:dd:ee:ff ip daddr 192.168.0.1 reject;ok;ether saddr aa:bb:cc:dd:ee:ff ip daddr 192.168.0.1 reject with icmp port-unreachable diff --git a/tests/py/inet/reject.t.json b/tests/py/inet/reject.t.json index bfa94f84..02ac9007 100644 --- a/tests/py/inet/reject.t.json +++ b/tests/py/inet/reject.t.json @@ -1,4 +1,4 @@ -# reject with icmp type host-unreachable +# reject with icmp host-unreachable [ { "reject": { @@ -8,7 +8,7 @@ } ] -# reject with icmp type net-unreachable +# reject with icmp net-unreachable [ { "reject": { @@ -18,7 +18,7 @@ } ] -# reject with icmp type prot-unreachable +# reject with icmp prot-unreachable [ { "reject": { @@ -28,7 +28,7 @@ } ] -# reject with icmp type port-unreachable +# reject with icmp port-unreachable [ { "reject": { @@ -38,7 +38,7 @@ } ] -# reject with icmp type net-prohibited +# reject with icmp net-prohibited [ { "reject": { @@ -48,7 +48,7 @@ } ] -# reject with icmp type host-prohibited +# reject with icmp host-prohibited [ { "reject": { @@ -58,7 +58,7 @@ } ] -# reject with icmp type admin-prohibited +# reject with icmp admin-prohibited [ { "reject": { @@ -68,7 +68,7 @@ } ] -# reject with icmpv6 type no-route +# reject with icmpv6 no-route [ { "reject": { @@ -78,7 +78,7 @@ } ] -# reject with icmpv6 type admin-prohibited +# reject with icmpv6 admin-prohibited [ { "reject": { @@ -88,7 +88,7 @@ } ] -# reject with icmpv6 type addr-unreachable +# reject with icmpv6 addr-unreachable [ { "reject": { @@ -98,7 +98,7 @@ } ] -# reject with icmpv6 type port-unreachable +# reject with icmpv6 port-unreachable [ { "reject": { @@ -165,7 +165,7 @@ } ] -# reject with icmpx type host-unreachable +# reject with icmpx host-unreachable [ { "reject": { @@ -175,7 +175,7 @@ } ] -# reject with icmpx type no-route +# reject with icmpx no-route [ { "reject": { @@ -185,7 +185,7 @@ } ] -# reject with icmpx type admin-prohibited +# reject with icmpx admin-prohibited [ { "reject": { @@ -195,7 +195,7 @@ } ] -# reject with icmpx type port-unreachable +# reject with icmpx port-unreachable [ { "reject": { @@ -205,7 +205,17 @@ } ] -# meta nfproto ipv4 reject with icmp type host-unreachable +# reject with icmpx 3 +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + +# meta nfproto ipv4 reject with icmp host-unreachable [ { "match": { @@ -224,7 +234,7 @@ } ] -# meta nfproto ipv6 reject with icmpv6 type no-route +# meta nfproto ipv6 reject with icmpv6 no-route [ { "match": { @@ -243,7 +253,7 @@ } ] -# meta nfproto ipv4 reject with icmpx type admin-prohibited +# meta nfproto ipv4 reject with icmpx admin-prohibited [ { "match": { @@ -264,7 +274,7 @@ } ] -# meta nfproto ipv6 reject with icmpx type admin-prohibited +# meta nfproto ipv6 reject with icmpx admin-prohibited [ { "match": { @@ -285,3 +295,37 @@ } ] +# ether saddr aa:bb:cc:dd:ee:ff ip daddr 192.168.0.1 reject +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + "op": "==", + "right": "aa:bb:cc:dd:ee:ff" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "192.168.0.1" + } + }, + { + "reject": { + "expr": "port-unreachable", + "type": "icmp" + } + } +] + diff --git a/tests/py/inet/reject.t.json.output b/tests/py/inet/reject.t.json.output index 73846fb0..496ce557 100644 --- a/tests/py/inet/reject.t.json.output +++ b/tests/py/inet/reject.t.json.output @@ -1,145 +1,73 @@ -# reject with icmp type host-unreachable +# mark 12345 reject with tcp reset [ { "match": { "left": { - "meta": { "key": "nfproto" } + "meta": { "key": "l4proto" } }, "op": "==", - "right": "ipv4" + "right": 6 } }, { - "reject": { - "expr": "host-unreachable", - "type": "icmp" - } - } -] - -# reject with icmp type net-unreachable -[ - { "match": { "left": { - "meta": { "key": "nfproto" } + "meta": { "key": "mark" } }, "op": "==", - "right": "ipv4" + "right": 12345 } }, { "reject": { - "expr": "net-unreachable", - "type": "icmp" + "type": "tcp reset" } } ] -# reject with icmp type prot-unreachable +# reject [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "prot-unreachable", - "type": "icmp" - } - } -] - -# reject with icmp type port-unreachable -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" + "expr": "port-unreachable", + "type": "icmpx" } - }, - { - "reject": null } ] -# reject with icmp type net-prohibited +# meta nfproto ipv4 reject [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "net-prohibited", + "expr": "port-unreachable", "type": "icmp" } } ] -# reject with icmp type host-prohibited +# meta nfproto ipv6 reject [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "host-prohibited", - "type": "icmp" + "expr": "port-unreachable", + "type": "icmpv6" } } ] -# reject with icmp type admin-prohibited +# meta nfproto ipv4 reject with icmp host-unreachable [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "admin-prohibited", + "expr": "host-unreachable", "type": "icmp" } } ] -# reject with icmpv6 type no-route +# meta nfproto ipv6 reject with icmpv6 no-route [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { "reject": { "expr": "no-route", "type": "icmpv6" @@ -147,91 +75,3 @@ } ] -# reject with icmpv6 type admin-prohibited -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { - "reject": { - "expr": "admin-prohibited", - "type": "icmpv6" - } - } -] - -# reject with icmpv6 type addr-unreachable -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { - "reject": { - "expr": "addr-unreachable", - "type": "icmpv6" - } - } -] - -# reject with icmpv6 type port-unreachable -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { - "reject": null - } -] - -# mark 12345 reject with tcp reset -[ - { - "match": { - "left": { - "meta": { "key": "l4proto" } - }, - "op": "==", - "right": 6 - } - }, - { - "match": { - "left": { - "meta": { "key": "mark" } - }, - "op": "==", - "right": 12345 - } - }, - { - "reject": { - "type": "tcp reset" - } - } -] - -# reject with icmpx type port-unreachable -[ - { - "reject": null - } -] - diff --git a/tests/py/inet/reject.t.payload.inet b/tests/py/inet/reject.t.payload.inet index ee1aae02..828cb839 100644 --- a/tests/py/inet/reject.t.payload.inet +++ b/tests/py/inet/reject.t.payload.inet @@ -1,64 +1,64 @@ -# reject with icmp type host-unreachable +# reject with icmp host-unreachable inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ reject type 0 code 1 ] -# reject with icmp type net-unreachable +# reject with icmp net-unreachable inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ reject type 0 code 0 ] -# reject with icmp type prot-unreachable +# reject with icmp prot-unreachable inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ reject type 0 code 2 ] -# reject with icmp type port-unreachable +# reject with icmp port-unreachable inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ reject type 0 code 3 ] -# reject with icmp type net-prohibited +# reject with icmp net-prohibited inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ reject type 0 code 9 ] -# reject with icmp type host-prohibited +# reject with icmp host-prohibited inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ reject type 0 code 10 ] -# reject with icmp type admin-prohibited +# reject with icmp admin-prohibited inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ reject type 0 code 13 ] -# reject with icmpv6 type no-route +# reject with icmpv6 no-route inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ reject type 0 code 0 ] -# reject with icmpv6 type admin-prohibited +# reject with icmpv6 admin-prohibited inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ reject type 0 code 1 ] -# reject with icmpv6 type addr-unreachable +# reject with icmpv6 addr-unreachable inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ reject type 0 code 3 ] -# reject with icmpv6 type port-unreachable +# reject with icmpv6 port-unreachable inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -88,147 +88,57 @@ inet test-inet input [ cmp eq reg 1 0x0000000a ] [ reject type 0 code 4 ] -# reject with icmpx type host-unreachable +# reject with icmpx host-unreachable inet test-inet input [ reject type 2 code 2 ] -# reject with icmpx type no-route +# reject with icmpx no-route inet test-inet input [ reject type 2 code 0 ] -# reject with icmpx type admin-prohibited +# reject with icmpx admin-prohibited inet test-inet input [ reject type 2 code 3 ] -# reject with icmpx type port-unreachable +# reject with icmpx port-unreachable inet test-inet input [ reject type 2 code 1 ] -# meta nfproto ipv4 reject with icmp type host-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 1 ] - -# meta nfproto ipv6 reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - -# reject with icmp type prot-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 13 ] - -# reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - -# reject with icmpv6 type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 1 ] - -# reject with icmpv6 type addr-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 3 ] - -# reject with icmpv6 type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with tcp reset -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ reject type 1 code 0 ] - -# reject -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# meta nfproto ipv6 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with icmpx type host-unreachable -inet test-inet input - [ reject type 2 code 2 ] - -# reject with icmpx type no-route -inet test-inet input - [ reject type 2 code 0 ] - -# reject with icmpx type admin-prohibited +# reject with icmpx 3 inet test-inet input [ reject type 2 code 3 ] -# reject with icmpx type port-unreachable -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject with icmp type host-unreachable +# meta nfproto ipv4 reject with icmp host-unreachable inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ reject type 0 code 1 ] -# meta nfproto ipv6 reject with icmpv6 type no-route +# meta nfproto ipv6 reject with icmpv6 no-route inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ reject type 0 code 0 ] -# meta nfproto ipv4 reject with icmpx type admin-prohibited +# meta nfproto ipv4 reject with icmpx admin-prohibited inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ reject type 2 code 3 ] -# meta nfproto ipv6 reject with icmpx type admin-prohibited +# meta nfproto ipv6 reject with icmpx admin-prohibited inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ reject type 2 code 3 ] +# ether saddr aa:bb:cc:dd:ee:ff ip daddr 192.168.0.1 reject +inet test-inet input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0xddccbbaa 0x0008ffee ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + [ reject type 0 code 3 ] + diff --git a/tests/py/inet/rt.t b/tests/py/inet/rt.t index 23608ab2..a0e0d003 100644 --- a/tests/py/inet/rt.t +++ b/tests/py/inet/rt.t @@ -2,14 +2,13 @@ *inet;test-inet;output -rt nexthop 192.168.0.1;fail -rt nexthop fd00::1;fail - meta nfproto ipv4 rt nexthop 192.168.0.1;ok;meta nfproto ipv4 rt ip nexthop 192.168.0.1 rt ip6 nexthop fd00::1;ok # missing context +rt nexthop 192.168.0.1;fail rt nexthop fd00::1;fail + # wrong context rt ip nexthop fd00::1;fail diff --git a/tests/py/inet/sctp.t b/tests/py/inet/sctp.t index 5188b57e..016173b9 100644 --- a/tests/py/inet/sctp.t +++ b/tests/py/inet/sctp.t @@ -1,10 +1,11 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress sctp sport 23;ok sctp sport != 23;ok @@ -12,8 +13,6 @@ sctp sport 23-44;ok sctp sport != 23-44;ok sctp sport { 23, 24, 25};ok sctp sport != { 23, 24, 25};ok -sctp sport { 23-44};ok -sctp sport != { 23-44};ok sctp dport 23;ok sctp dport != 23;ok @@ -21,8 +20,6 @@ sctp dport 23-44;ok sctp dport != 23-44;ok sctp dport { 23, 24, 25};ok sctp dport != { 23, 24, 25};ok -sctp dport { 23-44};ok -sctp dport != { 23-44};ok sctp checksum 1111;ok sctp checksum != 11;ok @@ -30,8 +27,6 @@ sctp checksum 21-333;ok sctp checksum != 32-111;ok sctp checksum { 22, 33, 44};ok sctp checksum != { 22, 33, 44};ok -sctp checksum { 22-44};ok -sctp checksum != { 22-44};ok sctp vtag 22;ok sctp vtag != 233;ok @@ -39,5 +34,40 @@ sctp vtag 33-45;ok sctp vtag != 33-45;ok sctp vtag {33, 55, 67, 88};ok sctp vtag != {33, 55, 67, 88};ok -sctp vtag { 33-55};ok -sctp vtag != { 33-55};ok + +# assert all chunk types are recognized +sctp chunk data exists;ok +sctp chunk init exists;ok +sctp chunk init-ack exists;ok +sctp chunk sack exists;ok +sctp chunk heartbeat exists;ok +sctp chunk heartbeat-ack exists;ok +sctp chunk abort exists;ok +sctp chunk shutdown exists;ok +sctp chunk shutdown-ack exists;ok +sctp chunk error exists;ok +sctp chunk cookie-echo exists;ok +sctp chunk cookie-ack exists;ok +sctp chunk ecne exists;ok +sctp chunk cwr exists;ok +sctp chunk shutdown-complete exists;ok +sctp chunk asconf-ack exists;ok +sctp chunk forward-tsn exists;ok +sctp chunk asconf exists;ok + +# test common header fields in random chunk types +sctp chunk data type 0;ok +sctp chunk init flags 23;ok +sctp chunk init-ack length 42;ok + +# test one custom field in every applicable chunk type +sctp chunk data stream 1337;ok +sctp chunk init initial-tsn 5;ok +sctp chunk init-ack num-outbound-streams 3;ok +sctp chunk sack a-rwnd 1;ok +sctp chunk shutdown cum-tsn-ack 65535;ok +sctp chunk ecne lowest-tsn 5;ok +sctp chunk cwr lowest-tsn 8;ok +sctp chunk asconf-ack seqno 12345;ok +sctp chunk forward-tsn new-cum-tsn 31337;ok +sctp chunk asconf seqno 12345;ok diff --git a/tests/py/inet/sctp.t.json b/tests/py/inet/sctp.t.json index 2684b034..75a9b01c 100644 --- a/tests/py/inet/sctp.t.json +++ b/tests/py/inet/sctp.t.json @@ -110,46 +110,6 @@ } ] -# sctp sport { 23-44} -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "sctp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 23, 44 ] } - ] - } - } - } -] - -# sctp sport != { 23-44} -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "sctp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 23, 44 ] } - ] - } - } - } -] - # sctp dport 23 [ { @@ -262,46 +222,6 @@ } ] -# sctp dport { 23-44} -[ - { - "match": { - "left": { - "payload": { - "field": "dport", - "protocol": "sctp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 23, 44 ] } - ] - } - } - } -] - -# sctp dport != { 23-44} -[ - { - "match": { - "left": { - "payload": { - "field": "dport", - "protocol": "sctp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 23, 44 ] } - ] - } - } - } -] - # sctp checksum 1111 [ { @@ -414,46 +334,6 @@ } ] -# sctp checksum { 22-44} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "sctp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 22, 44 ] } - ] - } - } - } -] - -# sctp checksum != { 22-44} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "sctp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 22, 44 ] } - ] - } - } - } -] - # sctp vtag 22 [ { @@ -568,42 +448,480 @@ } ] -# sctp vtag { 33-55} +# sctp chunk data exists [ { "match": { "left": { - "payload": { - "field": "vtag", - "protocol": "sctp" + "sctp chunk": { + "name": "data" } }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } + "op": "==", + "right": true } } ] -# sctp vtag != { 33-55} +# sctp chunk init exists [ { "match": { "left": { - "payload": { - "field": "vtag", - "protocol": "sctp" + "sctp chunk": { + "name": "init" } }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } + "op": "==", + "right": true + } + } +] + +# sctp chunk init-ack exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "init-ack" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk sack exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "sack" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk heartbeat exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "heartbeat" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk heartbeat-ack exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "heartbeat-ack" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk abort exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "abort" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk shutdown exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "shutdown" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk shutdown-ack exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "shutdown-ack" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk error exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "error" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk cookie-echo exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "cookie-echo" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk cookie-ack exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "cookie-ack" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk ecne exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "ecne" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk cwr exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "cwr" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk shutdown-complete exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "shutdown-complete" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk asconf-ack exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "asconf-ack" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk forward-tsn exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "forward-tsn" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk asconf exists +[ + { + "match": { + "left": { + "sctp chunk": { + "name": "asconf" + } + }, + "op": "==", + "right": true + } + } +] + +# sctp chunk data type 0 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "type", + "name": "data" + } + }, + "op": "==", + "right": 0 + } + } +] + +# sctp chunk init flags 23 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "flags", + "name": "init" + } + }, + "op": "==", + "right": 23 + } + } +] + +# sctp chunk init-ack length 42 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "length", + "name": "init-ack" + } + }, + "op": "==", + "right": 42 + } + } +] + +# sctp chunk data stream 1337 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "stream", + "name": "data" + } + }, + "op": "==", + "right": 1337 + } + } +] + +# sctp chunk init initial-tsn 5 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "initial-tsn", + "name": "init" + } + }, + "op": "==", + "right": 5 + } + } +] + +# sctp chunk init-ack num-outbound-streams 3 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "num-outbound-streams", + "name": "init-ack" + } + }, + "op": "==", + "right": 3 + } + } +] + +# sctp chunk sack a-rwnd 1 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "a-rwnd", + "name": "sack" + } + }, + "op": "==", + "right": 1 + } + } +] + +# sctp chunk shutdown cum-tsn-ack 65535 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "cum-tsn-ack", + "name": "shutdown" + } + }, + "op": "==", + "right": 65535 + } + } +] + +# sctp chunk ecne lowest-tsn 5 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "lowest-tsn", + "name": "ecne" + } + }, + "op": "==", + "right": 5 + } + } +] + +# sctp chunk cwr lowest-tsn 8 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "lowest-tsn", + "name": "cwr" + } + }, + "op": "==", + "right": 8 + } + } +] + +# sctp chunk asconf-ack seqno 12345 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "seqno", + "name": "asconf-ack" + } + }, + "op": "==", + "right": 12345 + } + } +] + +# sctp chunk forward-tsn new-cum-tsn 31337 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "new-cum-tsn", + "name": "forward-tsn" + } + }, + "op": "==", + "right": 31337 + } + } +] + +# sctp chunk asconf seqno 12345 +[ + { + "match": { + "left": { + "sctp chunk": { + "field": "seqno", + "name": "asconf" + } + }, + "op": "==", + "right": 12345 } } ] diff --git a/tests/py/inet/sctp.t.payload b/tests/py/inet/sctp.t.payload index ecfcc725..7337e2ea 100644 --- a/tests/py/inet/sctp.t.payload +++ b/tests/py/inet/sctp.t.payload @@ -47,26 +47,6 @@ inet test-inet input [ payload load 2b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# sctp sport { 23-44} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# sctp sport != { 23-44} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # sctp dport 23 inet test-inet input [ meta load l4proto => reg 1 ] @@ -116,26 +96,6 @@ inet test-inet input [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# sctp dport { 23-44} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# sctp dport != { 23-44} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # sctp checksum 1111 inet test-inet input [ meta load l4proto => reg 1 ] @@ -185,26 +145,6 @@ inet test-inet input [ payload load 4b @ transport header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# sctp checksum { 22-44} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# sctp checksum != { 22-44} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # sctp vtag 22 inet test-inet input [ meta load l4proto => reg 1 ] @@ -254,23 +194,158 @@ inet test-inet input [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# sctp vtag { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# sctp vtag != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] +# sctp chunk data exists +ip + [ exthdr load 1b @ 0 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk init exists +ip + [ exthdr load 1b @ 1 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk init-ack exists +ip + [ exthdr load 1b @ 2 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk sack exists +ip + [ exthdr load 1b @ 3 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk heartbeat exists +ip + [ exthdr load 1b @ 4 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk heartbeat-ack exists +ip + [ exthdr load 1b @ 5 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk abort exists +ip + [ exthdr load 1b @ 6 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk shutdown exists +ip + [ exthdr load 1b @ 7 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk shutdown-ack exists +ip + [ exthdr load 1b @ 8 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk error exists +ip + [ exthdr load 1b @ 9 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk cookie-echo exists +ip + [ exthdr load 1b @ 10 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk cookie-ack exists +ip + [ exthdr load 1b @ 11 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk ecne exists +ip + [ exthdr load 1b @ 12 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk cwr exists +ip + [ exthdr load 1b @ 13 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk shutdown-complete exists +ip + [ exthdr load 1b @ 14 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk asconf-ack exists +ip + [ exthdr load 1b @ 128 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk forward-tsn exists +ip + [ exthdr load 1b @ 192 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk asconf exists +ip + [ exthdr load 1b @ 193 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# sctp chunk data type 0 +ip + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# sctp chunk init flags 23 +ip + [ exthdr load 1b @ 1 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000017 ] + +# sctp chunk init-ack length 42 +ip + [ exthdr load 2b @ 2 + 2 => reg 1 ] + [ cmp eq reg 1 0x00002a00 ] + +# sctp chunk data stream 1337 +ip + [ exthdr load 2b @ 0 + 8 => reg 1 ] + [ cmp eq reg 1 0x00003905 ] + +# sctp chunk init initial-tsn 5 +ip + [ exthdr load 4b @ 1 + 16 => reg 1 ] + [ cmp eq reg 1 0x05000000 ] + +# sctp chunk init-ack num-outbound-streams 3 +ip + [ exthdr load 2b @ 2 + 12 => reg 1 ] + [ cmp eq reg 1 0x00000300 ] + +# sctp chunk sack a-rwnd 1 +ip + [ exthdr load 4b @ 3 + 8 => reg 1 ] + [ cmp eq reg 1 0x01000000 ] + +# sctp chunk shutdown cum-tsn-ack 65535 +ip + [ exthdr load 4b @ 7 + 4 => reg 1 ] + [ cmp eq reg 1 0xffff0000 ] + +# sctp chunk ecne lowest-tsn 5 +ip + [ exthdr load 4b @ 12 + 4 => reg 1 ] + [ cmp eq reg 1 0x05000000 ] + +# sctp chunk cwr lowest-tsn 8 +ip + [ exthdr load 4b @ 13 + 4 => reg 1 ] + [ cmp eq reg 1 0x08000000 ] + +# sctp chunk asconf-ack seqno 12345 +ip + [ exthdr load 4b @ 128 + 4 => reg 1 ] + [ cmp eq reg 1 0x39300000 ] + +# sctp chunk forward-tsn new-cum-tsn 31337 +ip + [ exthdr load 4b @ 192 + 4 => reg 1 ] + [ cmp eq reg 1 0x697a0000 ] + +# sctp chunk asconf seqno 12345 +ip + [ exthdr load 4b @ 193 + 4 => reg 1 ] + [ cmp eq reg 1 0x39300000 ] diff --git a/tests/py/inet/sets.t b/tests/py/inet/sets.t index 1c6f3235..5b22e1fe 100644 --- a/tests/py/inet/sets.t +++ b/tests/py/inet/sets.t @@ -1,9 +1,10 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *inet;test-inet;input *bridge;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress !set1 type ipv4_addr timeout 60s;ok ?set1 192.168.3.4 timeout 30s, 10.2.1.1;ok diff --git a/tests/py/inet/sets.t.json b/tests/py/inet/sets.t.json index 58e19ef6..b44ffc20 100644 --- a/tests/py/inet/sets.t.json +++ b/tests/py/inet/sets.t.json @@ -71,3 +71,66 @@ } ] +# ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "tcp" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + { + "prefix": { + "addr": "10.0.0.0", + "len": 8 + } + }, + { + "range": [ + 10, + 23 + ] + } + ] + }, + { + "concat": [ + { + "range": [ + "192.168.1.1", + "192.168.3.8" + ] + }, + { + "range": [ + 80, + 443 + ] + } + ] + } + ] + } + } + }, + { + "accept": null + } +] diff --git a/tests/py/inet/sets.t.payload.bridge b/tests/py/inet/sets.t.payload.bridge index 92f5417c..3dd9d57b 100644 --- a/tests/py/inet/sets.t.payload.bridge +++ b/tests/py/inet/sets.t.payload.bridge @@ -29,7 +29,7 @@ bridge # ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept __set%d test-inet 87 __set%d test-inet 0 - element 0000000a 00000a00 : 0 [end] element 0101a8c0 00005000 : 0 [end] + element 0000000a 00000a00 - ffffff0a 00001700 : 0 [end] element 0101a8c0 00005000 - 0803a8c0 0000bb01 : 0 [end] bridge [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] diff --git a/tests/py/inet/sets.t.payload.inet b/tests/py/inet/sets.t.payload.inet index bd6e1b0f..53c6b182 100644 --- a/tests/py/inet/sets.t.payload.inet +++ b/tests/py/inet/sets.t.payload.inet @@ -29,7 +29,7 @@ inet # ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept __set%d test-inet 87 __set%d test-inet 0 - element 0000000a 00000a00 : 0 [end] element 0101a8c0 00005000 : 0 [end] + element 0000000a 00000a00 - ffffff0a 00001700 : 0 [end] element 0101a8c0 00005000 - 0803a8c0 0000bb01 : 0 [end] inet [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] diff --git a/tests/py/inet/sets.t.payload.netdev b/tests/py/inet/sets.t.payload.netdev index f3032d8e..e31aeb92 100644 --- a/tests/py/inet/sets.t.payload.netdev +++ b/tests/py/inet/sets.t.payload.netdev @@ -14,10 +14,10 @@ netdev test-netdev ingress [ lookup reg 1 set set2 0x1 ] [ immediate reg 0 accept ] -# ip saddr . ip daddr . tcp dport @ set3 accept -inet - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] +# ip saddr . ip daddr . tcp dport @set3 accept +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 4b @ network header + 12 => reg 1 ] @@ -29,7 +29,7 @@ inet # ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept __set%d test-netdev 87 __set%d test-netdev 0 - element 0000000a 00000a00 : 0 [end] element 0101a8c0 00005000 : 0 [end] + element 0000000a 00000a00 - ffffff0a 00001700 : 0 [end] element 0101a8c0 00005000 - 0803a8c0 0000bb01 : 0 [end] netdev [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] diff --git a/tests/py/inet/snat.t.payload b/tests/py/inet/snat.t.payload index 00bb937f..50519c6b 100644 --- a/tests/py/inet/snat.t.payload +++ b/tests/py/inet/snat.t.payload @@ -7,7 +7,7 @@ inet test-inet postrouting [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00005100 ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] # iifname "eth0" tcp dport 81 ip saddr 10.1.1.1 snat to 192.168.3.2 inet test-inet postrouting @@ -22,7 +22,7 @@ inet test-inet postrouting [ payload load 4b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x0101010a ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] # iifname "eth0" tcp dport 81 snat ip6 to dead::beef inet test-inet postrouting @@ -33,7 +33,7 @@ inet test-inet postrouting [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00005100 ] [ immediate reg 1 0x0000adde 0x00000000 0x00000000 0xefbe0000 ] - [ nat snat ip6 addr_min reg 1 addr_max reg 0 ] + [ nat snat ip6 addr_min reg 1 ] # iifname "foo" masquerade random inet test-inet postrouting diff --git a/tests/py/inet/socket.t.payload b/tests/py/inet/socket.t.payload index 79fcea79..e66ccbf7 100644 --- a/tests/py/inet/socket.t.payload +++ b/tests/py/inet/socket.t.payload @@ -1,74 +1,24 @@ # socket transparent 0 -ip sockip4 sockchain - [ socket load transparent => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# socket transparent 0 -ip6 sockip6 sockchain - [ socket load transparent => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# socket transparent 0 inet sockin sockchain [ socket load transparent => reg 1 ] [ cmp eq reg 1 0x00000000 ] # socket transparent 1 -ip sockip4 sockchain - [ socket load transparent => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# socket transparent 1 -ip6 sockip6 sockchain - [ socket load transparent => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# socket transparent 1 inet sockin sockchain [ socket load transparent => reg 1 ] [ cmp eq reg 1 0x00000001 ] # socket mark 0x00000005 -ip sockip4 sockchain - [ socket load mark => reg 1 ] - [ cmp eq reg 1 0x00000005 ] - -# socket mark 0x00000005 -ip6 sockip6 sockchain - [ socket load mark => reg 1 ] - [ cmp eq reg 1 0x00000005 ] - -# socket mark 0x00000005 inet sockin sockchain [ socket load mark => reg 1 ] [ cmp eq reg 1 0x00000005 ] # socket wildcard 0 -ip sockip4 sockchain - [ socket load wildcard => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# socket wildcard 0 -ip6 sockip6 sockchain - [ socket load wildcard => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# socket wildcard 0 inet sockin sockchain [ socket load wildcard => reg 1 ] [ cmp eq reg 1 0x00000000 ] # socket wildcard 1 -ip sockip4 sockchain - [ socket load wildcard => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# socket wildcard 1 -ip6 sockip6 sockchain - [ socket load wildcard => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# socket wildcard 1 inet sockin sockchain [ socket load wildcard => reg 1 ] [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/inet/synproxy.t.json b/tests/py/inet/synproxy.t.json index 92c69d75..1dd85a61 100644 --- a/tests/py/inet/synproxy.t.json +++ b/tests/py/inet/synproxy.t.json @@ -5,24 +5,6 @@ } ] -# synproxy mss 1460 -[ - { - "synproxy": { - "mss": 1460 - } - } -] - -# synproxy wscale 7 -[ - { - "synproxy": { - "wscale": 7 - } - } -] - # synproxy mss 1460 wscale 7 [ { @@ -56,20 +38,6 @@ } ] -# synproxy mss 1460 wscale 7 timestamp sack-perm -[ - { - "synproxy": { - "mss": 1460, - "wscale": 7, - "flags": [ - "timestamp", - "sack-perm" - ] - } - } -] - # synproxy mss 1460 wscale 5 timestamp sack-perm [ { diff --git a/tests/py/inet/synproxy.t.payload b/tests/py/inet/synproxy.t.payload index 2e6feaaf..dd318b9a 100644 --- a/tests/py/inet/synproxy.t.payload +++ b/tests/py/inet/synproxy.t.payload @@ -1,72 +1,24 @@ # synproxy -ip synproxyip synproxychain - [ synproxy mss 0 wscale 0 ] - -# synproxy -ip6 synproxyip6 synproxychain - [ synproxy mss 0 wscale 0 ] - -# synproxy inet synproxyinet synproxychain [ synproxy mss 0 wscale 0 ] # synproxy mss 1460 wscale 7 -ip synproxyip synproxychain - [ synproxy mss 1460 wscale 7 ] - -# synproxy mss 1460 wscale 7 -ip6 synproxyip6 synproxychain - [ synproxy mss 1460 wscale 7 ] - -# synproxy mss 1460 wscale 7 inet synproxyinet synproxychain [ synproxy mss 1460 wscale 7 ] # synproxy mss 1460 wscale 5 timestamp sack-perm -ip synproxyip synproxychain - [ synproxy mss 1460 wscale 5 ] - -# synproxy mss 1460 wscale 5 timestamp sack-perm -ip6 synproxyip6 synproxychain - [ synproxy mss 1460 wscale 5 ] - -# synproxy mss 1460 wscale 5 timestamp sack-perm inet synproxyinet synproxychain [ synproxy mss 1460 wscale 5 ] # synproxy timestamp sack-perm -ip synproxyip synproxychain - [ synproxy mss 0 wscale 0 ] - -# synproxy timestamp sack-perm -ip6 synproxyip6 synproxychain - [ synproxy mss 0 wscale 0 ] - -# synproxy timestamp sack-perm inet synproxyinet synproxychain [ synproxy mss 0 wscale 0 ] # synproxy timestamp -ip synproxyip synproxychain - [ synproxy mss 0 wscale 0 ] - -# synproxy timestamp -ip6 synproxyip6 synproxychain - [ synproxy mss 0 wscale 0 ] - -# synproxy timestamp inet synproxyinet synproxychain [ synproxy mss 0 wscale 0 ] # synproxy sack-perm -ip synproxyip synproxychain - [ synproxy mss 0 wscale 0 ] - -# synproxy sack-perm -ip6 synproxyip6 synproxychain - [ synproxy mss 0 wscale 0 ] - -# synproxy sack-perm inet synproxyinet synproxychain [ synproxy mss 0 wscale 0 ] diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t index 29f06f5a..f4bdac17 100644 --- a/tests/py/inet/tcp.t +++ b/tests/py/inet/tcp.t @@ -1,10 +1,11 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress tcp dport set {1, 2, 3};fail @@ -14,8 +15,6 @@ tcp dport 33-45;ok tcp dport != 33-45;ok tcp dport { 33, 55, 67, 88};ok tcp dport != { 33, 55, 67, 88};ok -tcp dport { 33-55};ok -tcp dport != { 33-55};ok tcp dport {telnet, http, https} accept;ok;tcp dport { 443, 23, 80} accept tcp dport vmap { 22 : accept, 23 : drop };ok tcp dport vmap { 25:accept, 28:drop };ok @@ -30,8 +29,6 @@ tcp sport 33-45;ok tcp sport != 33-45;ok tcp sport { 33, 55, 67, 88};ok tcp sport != { 33, 55, 67, 88};ok -tcp sport { 33-55};ok -tcp sport != { 33-55};ok tcp sport vmap { 25:accept, 28:drop };ok tcp sport 8080 drop;ok @@ -47,8 +44,6 @@ tcp sequence 33-45;ok tcp sequence != 33-45;ok tcp sequence { 33, 55, 67, 88};ok tcp sequence != { 33, 55, 67, 88};ok -tcp sequence { 33-55};ok -tcp sequence != { 33-55};ok tcp ackseq 42949672 drop;ok tcp ackseq 22;ok @@ -57,8 +52,6 @@ tcp ackseq 33-45;ok tcp ackseq != 33-45;ok tcp ackseq { 33, 55, 67, 88};ok tcp ackseq != { 33, 55, 67, 88};ok -tcp ackseq { 33-55};ok -tcp ackseq != { 33-55};ok - tcp doff 22;ok - tcp doff != 233;ok @@ -66,8 +59,6 @@ tcp ackseq != { 33-55};ok - tcp doff != 33-45;ok - tcp doff { 33, 55, 67, 88};ok - tcp doff != { 33, 55, 67, 88};ok -- tcp doff { 33-55};ok -- tcp doff != { 33-55};ok # BUG reserved # BUG: It is accepted but it is not shown then. tcp reserver @@ -77,10 +68,26 @@ tcp flags != { fin, urg, ecn, cwr} drop;ok tcp flags cwr;ok tcp flags != cwr;ok tcp flags == syn;ok -tcp flags & (syn|fin) == (syn|fin);ok;tcp flags & (fin | syn) == fin | syn +tcp flags fin,syn / fin,syn;ok;tcp flags & (fin | syn) == fin | syn +tcp flags != syn / fin,syn;ok;tcp flags & (fin | syn) != syn +tcp flags & syn != 0;ok;tcp flags syn +tcp flags & syn == 0;ok;tcp flags ! syn +tcp flags & (syn | ack) != 0;ok;tcp flags syn,ack +tcp flags & (syn | ack) == 0;ok;tcp flags ! syn,ack +# it should be possible to transform this to: tcp flags syn +tcp flags & syn == syn;ok +tcp flags & syn != syn;ok +tcp flags & (fin | syn | rst | ack) syn;ok;tcp flags & (fin | syn | rst | ack) == syn +tcp flags & (fin | syn | rst | ack) == syn;ok +tcp flags & (fin | syn | rst | ack) != syn;ok +tcp flags & (fin | syn | rst | ack) == syn | ack;ok +tcp flags & (fin | syn | rst | ack) != syn | ack;ok +tcp flags & (syn | ack) == syn | ack;ok tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff tcp flags { syn, syn | ack };ok tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack };ok +tcp flags ! fin,rst;ok +tcp flags & (fin | syn | rst | ack) ! syn;fail tcp window 22222;ok tcp window 22;ok @@ -89,8 +96,6 @@ tcp window 33-45;ok tcp window != 33-45;ok tcp window { 33, 55, 67, 88};ok tcp window != { 33, 55, 67, 88};ok -tcp window { 33-55};ok -tcp window != { 33-55};ok tcp checksum 22;ok tcp checksum != 233;ok @@ -98,8 +103,6 @@ tcp checksum 33-45;ok tcp checksum != 33-45;ok tcp checksum { 33, 55, 67, 88};ok tcp checksum != { 33, 55, 67, 88};ok -tcp checksum { 33-55};ok -tcp checksum != { 33-55};ok tcp urgptr 1234 accept;ok tcp urgptr 22;ok @@ -108,7 +111,5 @@ tcp urgptr 33-45;ok tcp urgptr != 33-45;ok tcp urgptr { 33, 55, 67, 88};ok tcp urgptr != { 33, 55, 67, 88};ok -tcp urgptr { 33-55};ok -tcp urgptr != { 33-55};ok tcp doff 8;ok diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json index babe5920..28dd4341 100644 --- a/tests/py/inet/tcp.t.json +++ b/tests/py/inet/tcp.t.json @@ -112,46 +112,6 @@ } ] -# tcp dport { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "dport", - "protocol": "tcp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# tcp dport != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "dport", - "protocol": "tcp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # tcp dport {telnet, http, https} accept [ { @@ -397,46 +357,6 @@ } ] -# tcp sport { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "tcp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# tcp sport != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "tcp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # tcp sport vmap { 25:accept, 28:drop } [ { @@ -753,46 +673,6 @@ } ] -# tcp sequence { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "sequence", - "protocol": "tcp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# tcp sequence != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "sequence", - "protocol": "tcp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # tcp ackseq 42949672 drop [ { @@ -926,46 +806,6 @@ } ] -# tcp ackseq { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "ackseq", - "protocol": "tcp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# tcp ackseq != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "ackseq", - "protocol": "tcp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop [ { @@ -1114,12 +954,12 @@ } }, { - "|": [ "fin", { "|": [ "syn", { "|": [ "rst", { "|": [ "psh", { "|": [ "ack", { "|": [ "urg", { "|": [ "ecn", "cwr" ] } ] } ] } ] } ] } ] } ] + "|": [ "fin", "syn", "rst", "psh", "ack", "urg", "ecn", "cwr" ] } ] }, "op": "==", - "right": { "|": [ "fin", { "|": [ "syn", { "|": [ "rst", { "|": [ "psh", { "|": [ "ack", { "|": [ "urg", { "|": [ "ecn", "cwr" ] } ] } ] } ] } ] } ] } ] } + "right": { "|": [ "fin", "syn", "rst", "psh", "ack", "urg", "ecn", "cwr" ] } } } ] @@ -1254,46 +1094,6 @@ } ] -# tcp window { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "window", - "protocol": "tcp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# tcp window != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "window", - "protocol": "tcp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # tcp checksum 22 [ { @@ -1408,46 +1208,6 @@ } ] -# tcp checksum { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "tcp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# tcp checksum != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "tcp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # tcp urgptr 1234 accept [ { @@ -1581,58 +1341,435 @@ } ] -# tcp urgptr { 33-55} +# tcp doff 8 [ { "match": { "left": { "payload": { - "field": "urgptr", + "field": "doff", "protocol": "tcp" } }, "op": "==", + "right": 8 + } + } +] + +# tcp flags { syn, syn | ack } +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + "syn", + { + "|": [ + "syn", + "ack" + ] + } ] } } } ] -# tcp urgptr != { 33-55} +# tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack } [ { "match": { "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { "|": [ "fin", "syn", "rst", "psh", "ack", "urg" ] } + ] + }, + "op": "==", + "right": { + "set": [ + "fin", + "ack", + { "|": [ "psh", "ack" ] }, + { "|": [ "fin", "psh", "ack" ] } + ] + } + } + } +] + +# tcp flags ! fin,rst +[ + { + "match": { + "op": "!", + "left": { "payload": { - "field": "urgptr", - "protocol": "tcp" + "protocol": "tcp", + "field": "flags" } }, - "op": "!=", + "right": [ + "fin", + "rst" + ] + } + } +] + +# tcp flags fin,syn / fin,syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "fin", + "syn" + ] + } + ] + }, + "op": "==", "right": { - "set": [ - { "range": [ 33, 55 ] } + "|": [ + "fin", + "syn" ] } } } ] -# tcp doff 8 +# tcp flags != syn / fin,syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "fin", + "syn" + ] + } + ] + }, + "op": "!=", + "right": "syn" + } + } +] + +# tcp flags & syn == 0 [ { "match": { "left": { "payload": { - "field": "doff", + "field": "flags", "protocol": "tcp" } }, - "op": "==", - "right": 8 + "op": "!", + "right": "syn" + } + } +] + +# tcp flags & syn != 0 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + "op": "in", + "right": "syn" + } + } +] + +# tcp flags & (syn | ack) != 0 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + "op": "in", + "right": [ + "syn", + "ack" + ] + } + } +] + +# tcp flags & (syn | ack) == 0 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + "op": "!", + "right": [ + "syn", + "ack" + ] + } + } +] + +# tcp flags & syn == syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + "syn" + ] + }, + "op": "==", + "right": "syn" + } + } +] + +# tcp flags & syn != syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + "syn" + ] + }, + "op": "!=", + "right": "syn" + } + } +] + +# tcp flags & (fin | syn | rst | ack) syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "fin", + "syn", + "rst", + "ack" + ] + } + ] + }, + "op": "==", + "right": "syn" + } + } +] + +# tcp flags & (fin | syn | rst | ack) == syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "fin", + "syn", + "rst", + "ack" + ] + } + ] + }, + "op": "==", + "right": "syn" + } + } +] + + +# tcp flags & (fin | syn | rst | ack) != syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "fin", + "syn", + "rst", + "ack" + ] + } + ] + }, + "op": "!=", + "right": "syn" + } + } +] + +# tcp flags & (fin | syn | rst | ack) == syn | ack +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "fin", + "syn", + "rst", + "ack" + ] + } + ] + }, + "op": "==", + "right": { + "|": [ + "syn", + "ack" + ] + } + } + } +] + +# tcp flags & (syn | ack) == syn | ack +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "syn", + "ack" + ] + } + ] + }, + "op": "==", + "right": { + "|": [ + "syn", + "ack" + ] + } + } + } +] + +# tcp flags & (fin | syn | rst | ack) != syn | ack +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { "|": [ "fin", "syn", "rst", "ack" ] } + ] + }, + "op": "!=", + "right": { + "|": [ + "syn", + "ack" + ] + } } } ] diff --git a/tests/py/inet/tcp.t.json.output b/tests/py/inet/tcp.t.json.output index 0f7a593b..d487a8f1 100644 --- a/tests/py/inet/tcp.t.json.output +++ b/tests/py/inet/tcp.t.json.output @@ -115,3 +115,50 @@ } ] +# tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack } +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "fin", + "syn", + "rst", + "psh", + "ack", + "urg" + ] + } + ] + }, + "op": "==", + "right": { + "set": [ + "fin", + { + "|": [ + "fin", + "psh", + "ack" + ] + }, + { + "|": [ + "psh", + "ack" + ] + }, + "ack" + ] + } + } + } +] diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload index 076e562a..bc6bb989 100644 --- a/tests/py/inet/tcp.t.payload +++ b/tests/py/inet/tcp.t.payload @@ -47,26 +47,6 @@ inet test-inet input [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# tcp dport { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# tcp dport != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # tcp dport {telnet, http, https} accept __set%d test-inet 3 __set%d test-inet 0 @@ -81,7 +61,7 @@ inet test-inet input # tcp dport vmap { 22 : accept, 23 : drop } __map%d test-inet b __map%d test-inet 0 - element 00001600 : 0 [end] element 00001700 : 0 [end] + element 00001600 : accept 0 [end] element 00001700 : drop 0 [end] inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -91,7 +71,7 @@ inet test-inet input # tcp dport vmap { 25:accept, 28:drop } __map%d test-inet b __map%d test-inet 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] + element 00001900 : accept 0 [end] element 00001c00 : drop 0 [end] inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -167,30 +147,10 @@ inet test-inet input [ payload load 2b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# tcp sport { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# tcp sport != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # tcp sport vmap { 25:accept, 28:drop } __map%d test-inet b __map%d test-inet 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] + element 00001900 : accept 0 [end] element 00001c00 : drop 0 [end] inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -293,26 +253,6 @@ inet test-inet input [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# tcp sequence { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# tcp sequence != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # tcp ackseq 42949672 drop inet test-inet input [ meta load l4proto => reg 1 ] @@ -370,26 +310,6 @@ inet test-inet input [ payload load 4b @ transport header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# tcp ackseq { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# tcp ackseq != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop __set%d test-inet 3 __set%d test-inet 0 @@ -417,7 +337,7 @@ inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 1b @ transport header + 13 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000080 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] # tcp flags != cwr @@ -434,20 +354,124 @@ inet test-inet input [ payload load 1b @ transport header + 13 => reg 1 ] [ cmp eq reg 1 0x00000002 ] -# tcp flags & (syn|fin) == (syn|fin) +# tcp flags fin,syn / fin,syn inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 1b @ transport header + 13 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000003 ] +# tcp flags != syn / fin,syn +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000002 ] + +# tcp flags & syn != 0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags & syn == 0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# tcp flags & (syn | ack) != 0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000012 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags & (syn | ack) == 0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000012 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# tcp flags & syn == syn +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000002 ] + +# tcp flags & syn != syn +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000002 ] + +# tcp flags & (fin | syn | rst | ack) syn +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000002 ] + +# tcp flags & (fin | syn | rst | ack) == syn +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000002 ] + +# tcp flags & (fin | syn | rst | ack) != syn +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000002 ] + +# tcp flags & (fin | syn | rst | ack) == syn | ack +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000012 ] + +# tcp flags & (fin | syn | rst | ack) != syn | ack +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000012 ] + +# tcp flags & (syn | ack) == syn | ack +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000012 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000012 ] + # tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 1b @ transport header + 13 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000ff ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000ff ] # tcp window 22222 @@ -506,26 +530,6 @@ inet test-inet input [ payload load 2b @ transport header + 14 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# tcp window { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# tcp window != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # tcp checksum 22 inet test-inet input [ meta load l4proto => reg 1 ] @@ -575,26 +579,6 @@ inet test-inet input [ payload load 2b @ transport header + 16 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# tcp checksum { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# tcp checksum != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # tcp urgptr 1234 accept inet test-inet input [ meta load l4proto => reg 1 ] @@ -652,32 +636,12 @@ inet test-inet input [ payload load 2b @ transport header + 18 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# tcp urgptr { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# tcp urgptr != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # tcp doff 8 inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 1b @ transport header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000080 ] # tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack } @@ -688,7 +652,7 @@ ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 1b @ transport header + 13 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000003f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # tcp flags { syn, syn | ack } @@ -701,3 +665,10 @@ inet [ payload load 1b @ transport header + 13 => reg 1 ] [ lookup reg 1 set __set%d ] +# tcp flags ! fin,rst +inet + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000005 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] diff --git a/tests/py/inet/tproxy.t b/tests/py/inet/tproxy.t index d23bbcb5..9901df75 100644 --- a/tests/py/inet/tproxy.t +++ b/tests/py/inet/tproxy.t @@ -19,3 +19,5 @@ meta l4proto 17 tproxy ip to :50080;ok meta l4proto 17 tproxy ip6 to :50080;ok meta l4proto 17 tproxy to :50080;ok ip daddr 0.0.0.0/0 meta l4proto 6 tproxy ip to :2000;ok + +meta l4proto 6 tproxy ip to 127.0.0.1:symhash mod 2 map { 0 : 23, 1 : 42 };ok diff --git a/tests/py/inet/tproxy.t.json b/tests/py/inet/tproxy.t.json index 7b3b11c4..71b6fd2f 100644 --- a/tests/py/inet/tproxy.t.json +++ b/tests/py/inet/tproxy.t.json @@ -183,3 +183,38 @@ } } ] + +# meta l4proto 6 tproxy ip to 127.0.0.1:symhash mod 2 map { 0 : 23, 1 : 42 } +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 6 + } + }, + { + "tproxy": { + "addr": "127.0.0.1", + "family": "ip", + "port": { + "map": { + "data": { + "set": [ + [ 0, 23 ], + [ 1, 42 ] + ] + }, + "key": { + "symhash": { "mod": 2 } + } + } + } + } + } +] + diff --git a/tests/py/inet/tproxy.t.payload b/tests/py/inet/tproxy.t.payload index 82ff928d..2f419042 100644 --- a/tests/py/inet/tproxy.t.payload +++ b/tests/py/inet/tproxy.t.payload @@ -54,10 +54,22 @@ inet x y [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 16 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ immediate reg 1 0x0000d007 ] [ tproxy ip port reg 1 ] +# meta l4proto 6 tproxy ip to 127.0.0.1:symhash mod 2 map { 0 : 23, 1 : 42 } +__map%d x b size 2 +__map%d x 0 + element 00000000 : 00001700 0 [end] element 00000001 : 00002a00 0 [end] +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x0100007f ] + [ hash reg 2 = symhash() % mod 2 ] + [ lookup reg 2 set __map%d dreg 2 ] + [ tproxy ip addr reg 1 port reg 2 ] + diff --git a/tests/py/inet/udp.t b/tests/py/inet/udp.t index 4e3eaa51..7f21c8ed 100644 --- a/tests/py/inet/udp.t +++ b/tests/py/inet/udp.t @@ -1,10 +1,11 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress udp sport 80 accept;ok udp sport != 60 accept;ok @@ -12,8 +13,6 @@ udp sport 50-70 accept;ok udp sport != 50-60 accept;ok udp sport { 49, 50} drop;ok udp sport != { 50, 60} accept;ok -udp sport { 12-40};ok -udp sport != { 13-24};ok udp dport set {1, 2, 3};fail @@ -23,8 +22,6 @@ udp dport 70-75 accept;ok udp dport != 50-60 accept;ok udp dport { 49, 50} drop;ok udp dport != { 50, 60} accept;ok -udp dport { 70-75} accept;ok -udp dport != { 50-60} accept;ok udp length 6666;ok udp length != 6666;ok @@ -32,8 +29,6 @@ udp length 50-65 accept;ok udp length != 50-65 accept;ok udp length { 50, 65} accept;ok udp length != { 50, 65} accept;ok -udp length { 35-50};ok -udp length != { 35-50};ok udp checksum 6666 drop;ok udp checksum != { 444, 555} accept;ok @@ -44,8 +39,6 @@ udp checksum 33-45;ok udp checksum != 33-45;ok udp checksum { 33, 55, 67, 88};ok udp checksum != { 33, 55, 67, 88};ok -udp checksum { 33-55};ok -udp checksum != { 33-55};ok # limit impact to lo iif "lo" udp checksum set 0;ok diff --git a/tests/py/inet/udp.t.json b/tests/py/inet/udp.t.json index f8826640..665998ec 100644 --- a/tests/py/inet/udp.t.json +++ b/tests/py/inet/udp.t.json @@ -126,46 +126,6 @@ } ] -# udp sport { 12-40} -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "udp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 12, 40 ] } - ] - } - } - } -] - -# udp sport != { 13-24} -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "udp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 13, 24 ] } - ] - } - } - } -] - # udp dport 80 accept [ { @@ -294,52 +254,6 @@ } ] -# udp dport { 70-75} accept -[ - { - "match": { - "left": { - "payload": { - "field": "dport", - "protocol": "udp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 70, 75 ] } - ] - } - } - }, - { - "accept": null - } -] - -# udp dport != { 50-60} accept -[ - { - "match": { - "left": { - "payload": { - "field": "dport", - "protocol": "udp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 50, 60 ] } - ] - } - } - }, - { - "accept": null - } -] - # udp length 6666 [ { @@ -462,46 +376,6 @@ } ] -# udp length { 35-50} -[ - { - "match": { - "left": { - "payload": { - "field": "length", - "protocol": "udp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 35, 50 ] } - ] - } - } - } -] - -# udp length != { 35-50} -[ - { - "match": { - "left": { - "payload": { - "field": "length", - "protocol": "udp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 35, 50 ] } - ] - } - } - } -] - # udp checksum 6666 drop [ { @@ -659,46 +533,6 @@ } ] -# udp checksum { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "udp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# udp checksum != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "udp" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # iif "lo" udp checksum set 0 [ { diff --git a/tests/py/inet/udp.t.payload b/tests/py/inet/udp.t.payload index d91eb784..32f7f8c3 100644 --- a/tests/py/inet/udp.t.payload +++ b/tests/py/inet/udp.t.payload @@ -53,26 +53,6 @@ inet test-inet input [ lookup reg 1 set __set%d 0x1 ] [ immediate reg 0 accept ] -# udp sport { 12-40} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# udp sport != { 13-24} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000d00 : 0 [end] element 00001900 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # udp dport 80 accept inet test-inet input [ meta load l4proto => reg 1 ] @@ -128,28 +108,6 @@ inet test-inet input [ lookup reg 1 set __set%d 0x1 ] [ immediate reg 0 accept ] -# udp dport { 70-75} accept -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - [ immediate reg 0 accept ] - -# udp dport != { 50-60} accept -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00003200 : 0 [end] element 00003d00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - [ immediate reg 0 accept ] - # udp length 6666 inet test-inet input [ meta load l4proto => reg 1 ] @@ -203,26 +161,6 @@ inet test-inet input [ lookup reg 1 set __set%d 0x1 ] [ immediate reg 0 accept ] -# udp length { 35-50} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002300 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# udp length != { 35-50} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002300 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # udp checksum 6666 drop inet test-inet input [ meta load l4proto => reg 1 ] @@ -291,26 +229,6 @@ inet test-inet input [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# udp checksum { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# udp checksum != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # iif "lo" udp checksum set 0 inet test-inet input [ meta load iif => reg 1 ] @@ -318,7 +236,7 @@ inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ immediate reg 1 0x00000000 ] - [ payload write reg 1 => 2b @ transport header + 6 csum_type 1 csum_off 6 csum_flags 0x0 ] + [ payload write reg 1 => 2b @ transport header + 6 csum_type 0 csum_off 0 csum_flags 0x1 ] # iif "lo" udp dport set 65535 inet test-inet input @@ -327,4 +245,4 @@ inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ immediate reg 1 0x0000ffff ] - [ payload write reg 1 => 2b @ transport header + 2 csum_type 1 csum_off 6 csum_flags 0x0 ] + [ payload write reg 1 => 2b @ transport header + 2 csum_type 0 csum_off 0 csum_flags 0x1 ] diff --git a/tests/py/inet/udplite.t b/tests/py/inet/udplite.t index 7c22acb9..6a54709c 100644 --- a/tests/py/inet/udplite.t +++ b/tests/py/inet/udplite.t @@ -1,10 +1,11 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *ip6;test-ip6;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress udplite sport 80 accept;ok udplite sport != 60 accept;ok @@ -12,8 +13,6 @@ udplite sport 50-70 accept;ok udplite sport != 50-60 accept;ok udplite sport { 49, 50} drop;ok udplite sport != { 49, 50} accept;ok -udplite sport { 12-40};ok -udplite sport != { 12-40};ok udplite dport 80 accept;ok udplite dport != 60 accept;ok @@ -21,8 +20,6 @@ udplite dport 70-75 accept;ok udplite dport != 50-60 accept;ok udplite dport { 49, 50} drop;ok udplite dport != { 49, 50} accept;ok -udplite dport { 70-75} accept;ok -udplite dport != { 70-75} accept;ok - udplite csumcov 6666;ok - udplite csumcov != 6666;ok @@ -30,8 +27,6 @@ udplite dport != { 70-75} accept;ok - udplite csumcov != 50-65 accept;ok - udplite csumcov { 50, 65} accept;ok - udplite csumcov != { 50, 65} accept;ok -- udplite csumcov { 35-50};ok -- udplite csumcov != { 35-50};ok udplite checksum 6666 drop;ok udplite checksum != { 444, 555} accept;ok @@ -41,5 +36,3 @@ udplite checksum 33-45;ok udplite checksum != 33-45;ok udplite checksum { 33, 55, 67, 88};ok udplite checksum != { 33, 55, 67, 88};ok -udplite checksum { 33-55};ok -udplite checksum != { 33-55};ok diff --git a/tests/py/inet/udplite.t.json b/tests/py/inet/udplite.t.json index f56bee47..713a534f 100644 --- a/tests/py/inet/udplite.t.json +++ b/tests/py/inet/udplite.t.json @@ -126,46 +126,6 @@ } ] -# udplite sport { 12-40} -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "udplite" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 12, 40 ] } - ] - } - } - } -] - -# udplite sport != { 12-40} -[ - { - "match": { - "left": { - "payload": { - "field": "sport", - "protocol": "udplite" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 12, 40 ] } - ] - } - } - } -] - # udplite dport 80 accept [ { @@ -294,52 +254,6 @@ } ] -# udplite dport { 70-75} accept -[ - { - "match": { - "left": { - "payload": { - "field": "dport", - "protocol": "udplite" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 70, 75 ] } - ] - } - } - }, - { - "accept": null - } -] - -# udplite dport != { 70-75} accept -[ - { - "match": { - "left": { - "payload": { - "field": "dport", - "protocol": "udplite" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 70, 75 ] } - ] - } - } - }, - { - "accept": null - } -] - # udplite checksum 6666 drop [ { @@ -497,43 +411,3 @@ } ] -# udplite checksum { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "udplite" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# udplite checksum != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "udplite" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - diff --git a/tests/py/inet/udplite.t.payload b/tests/py/inet/udplite.t.payload index eb3dc075..de9d09ed 100644 --- a/tests/py/inet/udplite.t.payload +++ b/tests/py/inet/udplite.t.payload @@ -53,26 +53,6 @@ inet test-inet input [ lookup reg 1 set __set%d 0x1 ] [ immediate reg 0 accept ] -# udplite sport { 12-40} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# udplite sport != { 12-40} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # udplite dport 80 accept inet test-inet input [ meta load l4proto => reg 1 ] @@ -128,28 +108,6 @@ inet test-inet input [ lookup reg 1 set __set%d 0x1 ] [ immediate reg 0 accept ] -# udplite dport { 70-75} accept -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - [ immediate reg 0 accept ] - -# udplite dport != { 70-75} accept -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - [ immediate reg 0 accept ] - # udplite checksum 6666 drop inet test-inet input [ meta load l4proto => reg 1 ] @@ -218,23 +176,3 @@ inet test-inet input [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# udplite checksum { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# udplite checksum != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - diff --git a/tests/py/inet/vmap.t b/tests/py/inet/vmap.t new file mode 100644 index 00000000..0ac6e561 --- /dev/null +++ b/tests/py/inet/vmap.t @@ -0,0 +1,10 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 + +*inet;test-inet;input +*netdev;test-netdev;ingress,egress + +iifname . ip protocol . th dport vmap { "eth0" . tcp . 22 : accept, "eth1" . udp . 67 : drop };ok;iifname . ip protocol . th dport vmap { "eth0" . 6 . 22 : accept, "eth1" . 17 . 67 : drop } +ip saddr . @ih,32,32 { 1.1.1.1 . 0x14, 2.2.2.2 . 0x1e };ok +udp length . @th,160,128 vmap { 47-63 . 0xe373135363130333131303735353203 : accept };ok diff --git a/tests/py/inet/vmap.t.json b/tests/py/inet/vmap.t.json new file mode 100644 index 00000000..37472cc6 --- /dev/null +++ b/tests/py/inet/vmap.t.json @@ -0,0 +1,144 @@ +# iifname . ip protocol . th dport vmap { "eth0" . tcp . 22 : accept, "eth1" . udp . 67 : drop } +[ + { + "vmap": { + "data": { + "set": [ + [ + { + "concat": [ + "eth0", + 6, + 22 + ] + }, + { + "accept": null + } + ], + [ + { + "concat": [ + "eth1", + 17, + 67 + ] + }, + { + "drop": null + } + ] + ] + }, + "key": { + "concat": [ + { + "meta": { + "key": "iifname" + } + }, + { + "payload": { + "field": "protocol", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "th" + } + } + ] + } + } + } +] + +# ip saddr . @ih,32,32 { 1.1.1.1 . 0x14, 2.2.2.2 . 0x1e } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "base": "ih", + "len": 32, + "offset": 32 + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.1.1.1", + 20 + ] + }, + { + "concat": [ + "2.2.2.2", + 30 + ] + } + ] + } + } + } +] + +# udp length . @th,160,128 vmap { 47-63 . 0xe373135363130333131303735353203 : accept } +[ + { + "vmap": { + "data": { + "set": [ + [ + { + "concat": [ + { + "range": [ + 47, + 63 + ] + }, + "0xe373135363130333131303735353203" + ] + }, + { + "accept": null + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "length", + "protocol": "udp" + } + }, + { + "payload": { + "base": "th", + "len": 128, + "offset": 160 + } + } + ] + } + } + } +] + diff --git a/tests/py/inet/vmap.t.payload b/tests/py/inet/vmap.t.payload new file mode 100644 index 00000000..29ec846d --- /dev/null +++ b/tests/py/inet/vmap.t.payload @@ -0,0 +1,34 @@ +# iifname . ip protocol . th dport vmap { "eth0" . tcp . 22 : accept, "eth1" . udp . 67 : drop } +__map%d test-inet b size 2 +__map%d test-inet 0 + element 30687465 00000000 00000000 00000000 00000006 00001600 : accept 0 [end] element 31687465 00000000 00000000 00000000 00000011 00004300 : drop 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ meta load iifname => reg 1 ] + [ payload load 1b @ network header + 9 => reg 2 ] + [ payload load 2b @ transport header + 2 => reg 13 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# ip saddr . @ih,32,32 { 1.1.1.1 . 0x14, 2.2.2.2 . 0x1e } +__set%d test-inet 3 size 2 +__set%d test-inet 0 + element 01010101 14000000 : 0 [end] element 02020202 1e000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ inner header + 4 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# udp length . @th,160,128 vmap { 47-63 . 0xe373135363130333131303735353203 : accept } +__map%d x 8f size 1 +__map%d x 0 + element 00002f00 3531370e 33303136 37303131 03323535 - 00003f00 3531370e 33303136 37303131 03323535 : accept 0 [end] +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ payload load 16b @ transport header + 20 => reg 9 ] + [ lookup reg 1 set __map%d dreg 0 ] + diff --git a/tests/py/inet/vmap.t.payload.netdev b/tests/py/inet/vmap.t.payload.netdev new file mode 100644 index 00000000..3f51bb33 --- /dev/null +++ b/tests/py/inet/vmap.t.payload.netdev @@ -0,0 +1,34 @@ +# iifname . ip protocol . th dport vmap { "eth0" . tcp . 22 : accept, "eth1" . udp . 67 : drop } +__map%d test-netdev b size 2 +__map%d test-netdev 0 + element 30687465 00000000 00000000 00000000 00000006 00001600 : accept 0 [end] element 31687465 00000000 00000000 00000000 00000011 00004300 : drop 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ meta load iifname => reg 1 ] + [ payload load 1b @ network header + 9 => reg 2 ] + [ payload load 2b @ transport header + 2 => reg 13 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# ip saddr . @ih,32,32 { 1.1.1.1 . 0x14, 2.2.2.2 . 0x1e } +__set%d test-netdev 3 size 2 +__set%d test-netdev 0 + element 01010101 14000000 : 0 [end] element 02020202 1e000000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ inner header + 4 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# udp length . @th,160,128 vmap { 47-63 . 0xe373135363130333131303735353203 : accept } +__map%d test-netdev 8f size 1 +__map%d test-netdev 0 + element 00002f00 3531370e 33303136 37303131 03323535 - 00003f00 3531370e 33303136 37303131 03323535 : accept 0 [end] +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ payload load 16b @ transport header + 20 => reg 9 ] + [ lookup reg 1 set __map%d dreg 0 ] + diff --git a/tests/py/inet/vxlan.t b/tests/py/inet/vxlan.t new file mode 100644 index 00000000..10cdb7a4 --- /dev/null +++ b/tests/py/inet/vxlan.t @@ -0,0 +1,23 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 + +*ip;test-ip4;input +*ip6;test-ip6;input +*inet;test-inet;input +*netdev;test-netdev;ingress,egress + +vxlan vni 10;fail +udp dport 4789 vxlan vni 10;ok +udp dport 4789 vxlan ip saddr 10.141.11.2;ok +udp dport 4789 vxlan ip saddr 10.141.11.0/24;ok +udp dport 4789 vxlan ip protocol 1;ok +udp dport 4789 vxlan udp sport 8888;ok +udp dport 4789 vxlan icmp type echo-reply;ok +udp dport 4789 vxlan ether saddr 62:87:4d:d6:19:05;ok +udp dport 4789 vxlan vlan id 10;ok +udp dport 4789 vxlan ip dscp 0x02;ok +udp dport 4789 vxlan ip dscp 0x02;ok +udp dport 4789 vxlan ip saddr . vxlan ip daddr { 1.2.3.4 . 4.3.2.1 };ok + +udp dport 4789 vxlan ip saddr set 1.2.3.4;fail diff --git a/tests/py/inet/vxlan.t.json b/tests/py/inet/vxlan.t.json new file mode 100644 index 00000000..91b3d294 --- /dev/null +++ b/tests/py/inet/vxlan.t.json @@ -0,0 +1,344 @@ +# udp dport 4789 vxlan vni 10 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "payload": { + "field": "vni", + "protocol": "vxlan", + "tunnel": "vxlan" + } + }, + "op": "==", + "right": 10 + } + } +] + +# udp dport 4789 vxlan ip saddr 10.141.11.2 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "vxlan" + } + }, + "op": "==", + "right": "10.141.11.2" + } + } +] + +# udp dport 4789 vxlan ip saddr 10.141.11.0/24 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "vxlan" + } + }, + "op": "==", + "right": { + "prefix": { + "addr": "10.141.11.0", + "len": 24 + } + } + } + } +] + +# udp dport 4789 vxlan ip protocol 1 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "payload": { + "field": "protocol", + "protocol": "ip", + "tunnel": "vxlan" + } + }, + "op": "==", + "right": 1 + } + } +] + +# udp dport 4789 vxlan udp sport 8888 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "payload": { + "field": "sport", + "protocol": "udp", + "tunnel": "vxlan" + } + }, + "op": "==", + "right": 8888 + } + } +] + +# udp dport 4789 vxlan icmp type echo-reply +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmp", + "tunnel": "vxlan" + } + }, + "op": "==", + "right": "echo-reply" + } + } +] + +# udp dport 4789 vxlan ether saddr 62:87:4d:d6:19:05 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether", + "tunnel": "vxlan" + } + }, + "op": "==", + "right": "62:87:4d:d6:19:05" + } + } +] + +# udp dport 4789 vxlan vlan id 10 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "vlan", + "tunnel": "vxlan" + } + }, + "op": "==", + "right": 10 + } + } +] + +# udp dport 4789 vxlan ip dscp 0x02 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dscp", + "protocol": "ip", + "tunnel": "vxlan" + } + }, + "op": "==", + "right": 2 + } + } +] + +# udp dport 4789 vxlan ip dscp 0x02 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "payload": { + "field": "dscp", + "protocol": "ip", + "tunnel": "vxlan" + } + }, + "op": "==", + "right": 2 + } + } +] + +# udp dport 4789 vxlan ip saddr . vxlan ip daddr { 1.2.3.4 . 4.3.2.1 } +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 4789 + } + }, + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip", + "tunnel": "vxlan" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip", + "tunnel": "vxlan" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.2.3.4", + "4.3.2.1" + ] + } + ] + } + } + } +] + diff --git a/tests/py/inet/vxlan.t.payload b/tests/py/inet/vxlan.t.payload new file mode 100644 index 00000000..cde8e56f --- /dev/null +++ b/tests/py/inet/vxlan.t.payload @@ -0,0 +1,114 @@ +# udp dport 4789 vxlan vni 10 +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000b512 ] + [ inner type 1 hdrsize 8 flags f [ payload load 3b @ unknown header + 4 => reg 1 ] ] + [ cmp eq reg 1 0x000a0000 ] + +# udp dport 4789 vxlan ip saddr 10.141.11.2 +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000b512 ] + [ inner type 1 hdrsize 8 flags f [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 1 hdrsize 8 flags f [ payload load 4b @ network header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x020b8d0a ] + +# udp dport 4789 vxlan ip saddr 10.141.11.0/24 +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000b512 ] + [ inner type 1 hdrsize 8 flags f [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 1 hdrsize 8 flags f [ payload load 3b @ network header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x000b8d0a ] + +# udp dport 4789 vxlan ip protocol 1 +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000b512 ] + [ inner type 1 hdrsize 8 flags f [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 1 hdrsize 8 flags f [ payload load 1b @ network header + 9 => reg 1 ] ] + [ cmp eq reg 1 0x00000001 ] + +# udp dport 4789 vxlan udp sport 8888 +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000b512 ] + [ inner type 1 hdrsize 8 flags f [ meta load l4proto => reg 1 ] ] + [ cmp eq reg 1 0x00000011 ] + [ inner type 1 hdrsize 8 flags f [ payload load 2b @ transport header + 0 => reg 1 ] ] + [ cmp eq reg 1 0x0000b822 ] + +# udp dport 4789 vxlan icmp type echo-reply +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000b512 ] + [ inner type 1 hdrsize 8 flags f [ payload load 2b @ link header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 1 hdrsize 8 flags f [ meta load l4proto => reg 1 ] ] + [ cmp eq reg 1 0x00000001 ] + [ inner type 1 hdrsize 8 flags f [ payload load 1b @ transport header + 0 => reg 1 ] ] + [ cmp eq reg 1 0x00000000 ] + +# udp dport 4789 vxlan ether saddr 62:87:4d:d6:19:05 +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000b512 ] + [ inner type 1 hdrsize 8 flags f [ payload load 6b @ link header + 6 => reg 1 ] ] + [ cmp eq reg 1 0xd64d8762 0x00000519 ] + +# udp dport 4789 vxlan vlan id 10 +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000b512 ] + [ inner type 1 hdrsize 8 flags f [ payload load 2b @ link header + 12 => reg 1 ] ] + [ cmp eq reg 1 0x00000081 ] + [ inner type 1 hdrsize 8 flags f [ payload load 2b @ link header + 14 => reg 1 ] ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000a00 ] + +# udp dport 4789 vxlan ip dscp 0x02 +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000b512 ] + [ inner type 1 hdrsize 8 flags f [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 1 hdrsize 8 flags f [ payload load 1b @ network header + 1 => reg 1 ] ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000008 ] + +# udp dport 4789 vxlan ip saddr . vxlan ip daddr { 1.2.3.4 . 4.3.2.1 } +__set%d test-netdev 3 size 1 +__set%d test-netdev 0 + element 04030201 01020304 : 0 [end] +netdev test-netdev ingress + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000b512 ] + [ inner type 1 hdrsize 8 flags f [ meta load protocol => reg 1 ] ] + [ cmp eq reg 1 0x00000008 ] + [ inner type 1 hdrsize 8 flags f [ payload load 4b @ network header + 12 => reg 1 ] ] + [ inner type 1 hdrsize 8 flags f [ payload load 4b @ network header + 16 => reg 9 ] ] + [ lookup reg 1 set __set%d ] + diff --git a/tests/py/ip/ct.t b/tests/py/ip/ct.t index d3247f79..a0a22289 100644 --- a/tests/py/ip/ct.t +++ b/tests/py/ip/ct.t @@ -21,3 +21,16 @@ ct original protocol 17 ct reply proto-src 53;ok;ct protocol 17 ct reply proto-s # wrong address family ct reply ip daddr dead::beef;fail + +meta mark set ct original daddr map { 1.1.1.1 : 0x00000011 };fail +meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 };ok +meta mark set ct original saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e };fail +meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e };ok +ct original saddr . meta mark { 1.1.1.1 . 0x00000014 };fail +ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 };ok +ct mark set ip dscp << 2 | 0x10;ok +ct mark set ip dscp << 26 | 0x10;ok +ct mark set ip dscp & 0x0f << 1;ok;ct mark set ip dscp & af33 +ct mark set ip dscp & 0x0f << 2;ok;ct mark set ip dscp & 0x3c +ct mark set ip dscp | 0x04;ok +ct mark set ip dscp | 1 << 20;ok;ct mark set ip dscp | 0x100000 diff --git a/tests/py/ip/ct.t.json b/tests/py/ip/ct.t.json index 881cd4c9..915632ae 100644 --- a/tests/py/ip/ct.t.json +++ b/tests/py/ip/ct.t.json @@ -216,3 +216,266 @@ } ] +# meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 } +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": { + "set": [ + [ + "1.1.1.1", + 17 + ] + ] + }, + "key": { + "ct": { + "dir": "original", + "key": "ip daddr" + } + } + } + } + } + } +] + +# meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e } +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "1.1.1.1", + 20 + ] + }, + 30 + ] + ] + }, + "key": { + "concat": [ + { + "ct": { + "dir": "original", + "key": "ip saddr" + } + }, + { + "meta": { + "key": "mark" + } + } + ] + } + } + } + } + } +] + +# ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 } +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "dir": "original", + "key": "ip saddr" + } + }, + { + "meta": { + "key": "mark" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.1.1.1", + 20 + ] + } + ] + } + } + } +] + +# ct mark set ip dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip dscp & 0x0f << 1 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "&": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + "af33" + ] + } + } + } +] + +# ct mark set ip dscp & 0x0f << 2 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "&": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 60 + ] + } + } + } +] + +# ct mark set ip dscp | 0x04 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 4 + ] + } + } + } +] + +# ct mark set ip dscp | 1 << 20 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 1048576 + ] + } + } + } +] diff --git a/tests/py/ip/ct.t.payload b/tests/py/ip/ct.t.payload index d5faed4c..692011d0 100644 --- a/tests/py/ip/ct.t.payload +++ b/tests/py/ip/ct.t.payload @@ -21,25 +21,21 @@ ip test-ip4 output # ct original ip saddr 192.168.1.0/24 ip test-ip4 output [ ct load src_ip => reg 1 , dir original ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct reply ip saddr 192.168.1.0/24 ip test-ip4 output [ ct load src_ip => reg 1 , dir reply ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct original ip daddr 192.168.1.0/24 ip test-ip4 output [ ct load dst_ip => reg 1 , dir original ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct reply ip daddr 192.168.1.0/24 ip test-ip4 output [ ct load dst_ip => reg 1 , dir reply ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct l3proto ipv4 @@ -60,3 +56,81 @@ ip test-ip4 output [ cmp eq reg 1 0x00000011 ] [ ct load proto_src => reg 1 , dir reply ] [ cmp eq reg 1 0x00003500 ] + +# meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 : 00000011 0 [end] +ip + [ ct load dst_ip => reg 1 , dir original ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 00000014 : 0000001e 0 [end] +ip + [ ct load src_ip => reg 1 , dir original ] + [ meta load mark => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 } +__set%d test-ip4 3 +__set%d test-ip4 0 + element 01010101 00000014 : 0 [end] +ip + [ ct load src_ip => reg 1 , dir original ] + [ meta load mark => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ct mark set ip dscp << 2 | 0x10 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp << 26 | 0x10 +ip + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp & 0x0f << 1 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000001e ) ^ 0x00000000 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp & 0x0f << 2 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003c ) ^ 0x00000000 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp | 0x04 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffb ) ^ 0x00000004 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp | 1 << 20 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffefffff ) ^ 0x00100000 ] + [ ct set mark with reg 1 ] diff --git a/tests/py/ip/dnat.t b/tests/py/ip/dnat.t index 089017c8..881571db 100644 --- a/tests/py/ip/dnat.t +++ b/tests/py/ip/dnat.t @@ -8,6 +8,16 @@ iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2;ok iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2;ok iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2;ok iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080;ok +iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080-8999;ok +iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080;ok +iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080-8999;ok dnat to ct mark map { 0x00000014 : 1.2.3.4};ok dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok + +dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 8888 - 8999 };ok +dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 80 };ok +dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.2 . 8888 - 8999 };ok +ip daddr 192.168.0.1 dnat ip to tcp dport map { 443 : 10.141.10.4 . 8443, 80 : 10.141.10.4 . 8080 };ok +meta l4proto 6 dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69 . 22, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 };ok +dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69/32, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 };ok diff --git a/tests/py/ip/dnat.t.json b/tests/py/ip/dnat.t.json index 0481a368..fe15d072 100644 --- a/tests/py/ip/dnat.t.json +++ b/tests/py/ip/dnat.t.json @@ -262,3 +262,482 @@ } ] +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080-8999 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 81 + } + }, + { + "dnat": { + "addr": "192.168.3.2", + "port": { + "range": [ + 8080, + 8999 + ] + } + } + } +] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080-8999 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 81 + } + }, + { + "dnat": { + "addr": { + "range": [ + "192.168.3.2", + "192.168.3.4" + ] + }, + "port": { + "range": [ + 8080, + 8999 + ] + } + } + } +] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 81 + } + }, + { + "dnat": { + "addr": { + "range": [ + "192.168.3.2", + "192.168.3.4" + ] + }, + "port": 8080 + } + } +] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.2 . 8888 - 8999 } +[ + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "192.168.1.2", + 80 + ] + }, + { + "concat": [ + "10.141.10.2", + { + "range": [ + 8888, + 8999 + ] + } + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "tcp" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 8888 - 8999 } +[ + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "192.168.1.2", + 80 + ] + }, + { + "concat": [ + { + "prefix": { + "addr": "10.141.10.0", + "len": 24 + } + }, + { + "range": [ + 8888, + 8999 + ] + } + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "tcp" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 80 } +[ + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "192.168.1.2", + 80 + ] + }, + { + "concat": [ + { + "prefix": { + "addr": "10.141.10.0", + "len": 24 + } + }, + 80 + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "tcp" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + +# ip daddr 192.168.0.1 dnat ip to tcp dport map { 443 : 10.141.10.4 . 8443, 80 : 10.141.10.4 . 8080 } +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "192.168.0.1" + } + }, + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + 80, + { + "concat": [ + "10.141.10.4", + 8080 + ] + } + ], + [ + 443, + { + "concat": [ + "10.141.10.4", + 8443 + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + } + } + }, + "family": "ip" + } + } +] + +# meta l4proto 6 dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69 . 22, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 } +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 6 + } + }, + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "enp2s0", + "10.1.1.136" + ] + }, + { + "concat": [ + "1.1.2.69", + 22 + ] + } + ], + [ + { + "concat": [ + "enp2s0", + { + "range": [ + "10.1.1.1", + "10.1.1.135" + ] + } + ] + }, + { + "concat": [ + { + "range": [ + "1.1.2.66", + "1.84.236.78" + ] + }, + 22 + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "meta": { + "key": "iifname" + } + }, + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + +# dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69/32, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 } +[ + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "enp2s0", + "10.1.1.136" + ] + }, + { + "prefix": { + "addr": "1.1.2.69", + "len": 32 + } + } + ], + [ + { + "concat": [ + "enp2s0", + { + "range": [ + "10.1.1.1", + "10.1.1.135" + ] + } + ] + }, + { + "range": [ + "1.1.2.66", + "1.84.236.78" + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "meta": { + "key": "iifname" + } + }, + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + diff --git a/tests/py/ip/dnat.t.payload.ip b/tests/py/ip/dnat.t.payload.ip index 0acbefb6..439c6abe 100644 --- a/tests/py/ip/dnat.t.payload.ip +++ b/tests/py/ip/dnat.t.payload.ip @@ -8,7 +8,7 @@ ip test-ip4 prerouting [ cmp gte reg 1 0x00005000 ] [ cmp lte reg 1 0x00005a00 ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport != 80-90 dnat to 192.168.3.2 ip test-ip4 prerouting @@ -19,7 +19,7 @@ ip test-ip4 prerouting [ payload load 2b @ transport header + 2 => reg 1 ] [ range neq reg 1 0x00005000 0x00005a00 ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2 __set%d test-ip4 3 @@ -33,7 +33,7 @@ ip test-ip4 prerouting [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2 __set%d test-ip4 3 @@ -47,7 +47,7 @@ ip test-ip4 prerouting [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2 ip test-ip4 prerouting @@ -58,7 +58,7 @@ ip test-ip4 prerouting [ payload load 2b @ transport header + 2 => reg 1 ] [ range neq reg 1 0x00001700 0x00002200 ] [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080 ip test-ip4 prerouting @@ -70,7 +70,7 @@ ip test-ip4 prerouting [ cmp eq reg 1 0x00005100 ] [ immediate reg 1 0x0203a8c0 ] [ immediate reg 2 0x0000901f ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 proto_min reg 2 proto_max reg 0 flags 0x2 ] + [ nat dnat ip addr_min reg 1 proto_min reg 2 flags 0x2 ] # dnat to ct mark map { 0x00000014 : 1.2.3.4} __map%d test-ip4 b @@ -79,7 +79,7 @@ __map%d test-ip4 0 ip test-ip4 prerouting [ ct load mark => reg 1 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} __map%d test-ip4 b @@ -89,5 +89,116 @@ ip test-ip4 output [ ct load mark => reg 1 ] [ payload load 4b @ network header + 16 => reg 9 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 8888 - 8999 } +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 0201a8c0 00005000 : 000a8d0a 0000b822 ff0a8d0a 00002723 0 [end] +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 2b @ transport header + 2 => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 10 proto_min reg 9 proto_max reg 11 ] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.0/24 . 80 } +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 0201a8c0 00005000 : 000a8d0a 00005000 ff0a8d0a 00005000 0 [end] +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 2b @ transport header + 2 => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 10 proto_min reg 9 proto_max reg 11 ] + +# dnat ip to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.2 . 8888 - 8999 } +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 0201a8c0 00005000 : 020a8d0a 0000b822 020a8d0a 00002723 0 [end] +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 2b @ transport header + 2 => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 10 proto_min reg 9 proto_max reg 11 ] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080-8999 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005100 ] + [ immediate reg 1 0x0203a8c0 ] + [ immediate reg 2 0x0000901f ] + [ immediate reg 3 0x00002723 ] + [ nat dnat ip addr_min reg 1 proto_min reg 2 proto_max reg 3 flags 0x2 ] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005100 ] + [ immediate reg 1 0x0203a8c0 ] + [ immediate reg 2 0x0403a8c0 ] + [ immediate reg 3 0x0000901f ] + [ nat dnat ip addr_min reg 1 addr_max reg 2 proto_min reg 3 flags 0x2 ] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2-192.168.3.4:8080-8999 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005100 ] + [ immediate reg 1 0x0203a8c0 ] + [ immediate reg 2 0x0403a8c0 ] + [ immediate reg 3 0x0000901f ] + [ immediate reg 4 0x00002723 ] + [ nat dnat ip addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 flags 0x2 ] + +# ip daddr 192.168.0.1 dnat ip to tcp dport map { 443 : 10.141.10.4 . 8443, 80 : 10.141.10.4 . 8080 } +__map%d test-ip4 b size 2 +__map%d test-ip4 0 + element 0000bb01 : 040a8d0a 0000fb20 0 [end] element 00005000 : 040a8d0a 0000901f 0 [end] +ip + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 proto_min reg 9 ] + +# meta l4proto 6 dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69 . 22, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 } +__map%d test-ip4 8f size 2 +__map%d test-ip4 0 + element 32706e65 00003073 00000000 00000000 8801010a - 32706e65 00003073 00000000 00000000 8801010a : 45020101 00001600 45020101 00001600 0 [end] element 32706e65 00003073 00000000 00000000 0101010a - 32706e65 00003073 00000000 00000000 8701010a : 42020101 00001600 4eec5401 00001600 0 [end] +ip test-ip4 prerouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ meta load iifname => reg 1 ] + [ payload load 4b @ network header + 12 => reg 2 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 10 proto_min reg 9 proto_max reg 11 ] + +# dnat ip to iifname . ip saddr map { "enp2s0" . 10.1.1.136 : 1.1.2.69/32, "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 } +__map%d test-ip4 8f size 2 +__map%d test-ip4 0 + element 32706e65 00003073 00000000 00000000 8801010a - 32706e65 00003073 00000000 00000000 8801010a : 45020101 45020101 0 [end] element 32706e65 00003073 00000000 00000000 0101010a - 32706e65 00003073 00000000 00000000 8701010a : 42020101 4eec5401 0 [end] +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ payload load 4b @ network header + 12 => reg 2 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 9 ] diff --git a/tests/py/ip/flowtable.t b/tests/py/ip/flowtable.t deleted file mode 100644 index 086c6cf6..00000000 --- a/tests/py/ip/flowtable.t +++ /dev/null @@ -1,5 +0,0 @@ -:input;type filter hook input priority 0 - -*ip;test-ip;input - -meter xyz size 8192 { ip saddr timeout 30s counter};ok diff --git a/tests/py/ip/flowtable.t.json b/tests/py/ip/flowtable.t.json deleted file mode 100644 index a03cc9d7..00000000 --- a/tests/py/ip/flowtable.t.json +++ /dev/null @@ -1,24 +0,0 @@ -# meter xyz size 8192 { ip saddr timeout 30s counter} -[ - { - "meter": { - "key": { - "elem": { - "timeout": 30, - "val": { - "payload": { - "field": "saddr", - "protocol": "ip" - } - } - } - }, - "name": "xyz", - "size": 8192, - "stmt": { - "counter": null - } - } - } -] - diff --git a/tests/py/ip/flowtable.t.payload b/tests/py/ip/flowtable.t.payload deleted file mode 100644 index c0aad39e..00000000 --- a/tests/py/ip/flowtable.t.payload +++ /dev/null @@ -1,7 +0,0 @@ -# meter xyz size 8192 { ip saddr timeout 30s counter} -xyz test-ip 31 -xyz test-ip 0 -ip test-ip input - [ payload load 4b @ network header + 12 => reg 1 ] - [ dynset update reg_key 1 set xyz timeout 30000ms expr [ counter pkts 0 bytes 0 ] ] - diff --git a/tests/py/ip/hash.t.payload b/tests/py/ip/hash.t.payload index 71ab0652..fefe492d 100644 --- a/tests/py/ip/hash.t.payload +++ b/tests/py/ip/hash.t.payload @@ -41,7 +41,7 @@ ip test-ip4 pre [ payload load 4b @ network header + 12 => reg 2 ] [ hash reg 1 = jhash(reg 2, 4, 0xdeadbeef) % mod 2 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # ct mark set symhash mod 2 offset 100 ip test-ip4 pre diff --git a/tests/py/ip/icmp.t b/tests/py/ip/icmp.t index cb3b3e35..226c339b 100644 --- a/tests/py/ip/icmp.t +++ b/tests/py/ip/icmp.t @@ -26,51 +26,43 @@ icmp code 111 accept;ok icmp code != 111 accept;ok icmp code 33-55;ok icmp code != 33-55;ok -icmp code { 33-55};ok -icmp code != { 33-55};ok -icmp code { 2, 4, 54, 33, 56};ok;icmp code { prot-unreachable, frag-needed, 33, 54, 56} -icmp code != { prot-unreachable, frag-needed, 33, 54, 56};ok +icmp code { 2, 4, 54, 33, 56};ok +icmp code != { prot-unreachable, frag-needed, 33, 54, 56};ok;icmp code != { 2, 4, 33, 54, 56} icmp checksum 12343 accept;ok icmp checksum != 12343 accept;ok icmp checksum 11-343 accept;ok icmp checksum != 11-343 accept;ok -icmp checksum { 11-343} accept;ok -icmp checksum != { 11-343} accept;ok icmp checksum { 1111, 222, 343} accept;ok icmp checksum != { 1111, 222, 343} accept;ok -icmp id 1245 log;ok -icmp id 22;ok -icmp id != 233;ok -icmp id 33-45;ok -icmp id != 33-45;ok -icmp id { 33-55};ok -icmp id != { 33-55};ok -icmp id { 22, 34, 333};ok -icmp id != { 22, 34, 333};ok +icmp id 1245 log;ok;icmp type { echo-reply, echo-request} icmp id 1245 log +icmp id 22;ok;icmp type { echo-reply, echo-request} icmp id 22 +icmp id != 233;ok;icmp type { echo-reply, echo-request} icmp id != 233 +icmp id 33-45;ok;icmp type { echo-reply, echo-request} icmp id 33-45 +icmp id != 33-45;ok;icmp type { echo-reply, echo-request} icmp id != 33-45 -icmp sequence 22;ok -icmp sequence != 233;ok -icmp sequence 33-45;ok -icmp sequence != 33-45;ok -icmp sequence { 33, 55, 67, 88};ok -icmp sequence != { 33, 55, 67, 88};ok -icmp sequence { 33-55};ok -icmp sequence != { 33-55};ok +icmp id { 22, 34, 333};ok;icmp type { echo-request, echo-reply} icmp id { 22, 34, 333} +icmp id != { 22, 34, 333};ok;icmp type { echo-request, echo-reply} icmp id != { 22, 34, 333} + +icmp sequence 22;ok;icmp type { echo-reply, echo-request} icmp sequence 22 +icmp sequence != 233;ok;icmp type { echo-reply, echo-request} icmp sequence != 233 +icmp sequence 33-45;ok;icmp type { echo-reply, echo-request} icmp sequence 33-45 +icmp sequence != 33-45;ok;icmp type { echo-reply, echo-request} icmp sequence != 33-45 +icmp sequence { 33, 55, 67, 88};ok;icmp type { echo-request, echo-reply} icmp sequence { 33, 55, 67, 88} +icmp sequence != { 33, 55, 67, 88};ok;icmp type { echo-request, echo-reply} icmp sequence != { 33, 55, 67, 88} +icmp id 1 icmp sequence 2;ok;icmp type { echo-reply, echo-request} icmp id 1 icmp sequence 2 +icmp type { echo-reply, echo-request} icmp id 1 icmp sequence 2;ok +icmp type echo-reply icmp id 1;ok icmp mtu 33;ok icmp mtu 22-33;ok -icmp mtu { 22-33};ok -icmp mtu != { 22-33};ok icmp mtu 22;ok icmp mtu != 233;ok icmp mtu 33-45;ok icmp mtu != 33-45;ok icmp mtu { 33, 55, 67, 88};ok icmp mtu != { 33, 55, 67, 88};ok -icmp mtu { 33-55};ok -icmp mtu != { 33-55};ok icmp gateway 22;ok icmp gateway != 233;ok @@ -78,7 +70,8 @@ icmp gateway 33-45;ok icmp gateway != 33-45;ok icmp gateway { 33, 55, 67, 88};ok icmp gateway != { 33, 55, 67, 88};ok -icmp gateway { 33-55};ok -icmp gateway != { 33-55};ok icmp gateway != 34;ok icmp gateway != { 333, 334};ok + +icmp code 1 icmp type 2;ok;icmp type 2 icmp code 1 +icmp code != 1 icmp type 2 icmp mtu 5;fail diff --git a/tests/py/ip/icmp.t.json b/tests/py/ip/icmp.t.json index 4e172745..45e04c78 100644 --- a/tests/py/ip/icmp.t.json +++ b/tests/py/ip/icmp.t.json @@ -8,7 +8,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "echo-reply" } }, @@ -27,7 +27,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "destination-unreachable" } }, @@ -46,7 +46,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "source-quench" } }, @@ -65,7 +65,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "redirect" } }, @@ -84,7 +84,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "echo-request" } }, @@ -103,7 +103,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "time-exceeded" } }, @@ -122,7 +122,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "parameter-problem" } }, @@ -141,7 +141,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "timestamp-request" } }, @@ -160,7 +160,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "timestamp-reply" } }, @@ -179,7 +179,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "info-request" } }, @@ -198,7 +198,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "info-reply" } }, @@ -217,7 +217,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "address-mask-request" } }, @@ -236,7 +236,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "address-mask-reply" } }, @@ -255,7 +255,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "router-advertisement" } }, @@ -274,7 +274,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": "router-solicitation" } }, @@ -293,7 +293,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ "echo-reply", @@ -301,6 +301,8 @@ "source-quench", "redirect", "echo-request", + "router-advertisement", + "router-solicitation", "time-exceeded", "parameter-problem", "timestamp-request", @@ -308,9 +310,7 @@ "info-request", "info-reply", "address-mask-request", - "address-mask-reply", - "router-advertisement", - "router-solicitation" + "address-mask-reply" ] } } @@ -352,7 +352,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 111 } }, @@ -390,53 +390,18 @@ "protocol": "icmp" } }, - "op": "==", - "right": { - "range": [ 33, 55 ] - } - } - } -] - -# icmp code != 33-55 -[ - { - "match": { - "left": { - "payload": { - "field": "code", - "protocol": "icmp" - } - }, - "op": "!=", - "right": { - "range": [ 33, 55 ] - } - } - } -] - -# icmp code { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "code", - "protocol": "icmp" - } - }, - "op": "==", + "op": "==", "right": { - "set": [ - { "range": [ 33, 55 ] } + "range": [ + 33, + 55 ] } } } ] -# icmp code != { 33-55} +# icmp code != 33-55 [ { "match": { @@ -448,8 +413,9 @@ }, "op": "!=", "right": { - "set": [ - { "range": [ 33, 55 ] } + "range": [ + 33, + 55 ] } } @@ -466,7 +432,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ 2, @@ -480,7 +446,7 @@ } ] -# icmp code != { prot-unreachable, 4, 33, 54, 56} +# icmp code != { prot-unreachable, frag-needed, 33, 54, 56} [ { "match": { @@ -493,7 +459,7 @@ "op": "!=", "right": { "set": [ - "prot-unreachable", + 2, 4, 33, 54, @@ -514,7 +480,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 12343 } }, @@ -552,52 +518,11 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { - "range": [ 11, 343 ] - } - } - }, - { - "accept": null - } -] - -# icmp checksum != 11-343 accept -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "icmp" - } - }, - "op": "!=", - "right": { - "range": [ 11, 343 ] - } - } - }, - { - "accept": null - } -] - -# icmp checksum { 11-343} accept -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "icmp" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 11, 343 ] } + "range": [ + 11, + 343 ] } } @@ -607,7 +532,7 @@ } ] -# icmp checksum != { 11-343} accept +# icmp checksum != 11-343 accept [ { "match": { @@ -619,8 +544,9 @@ }, "op": "!=", "right": { - "set": [ - { "range": [ 11, 343 ] } + "range": [ + 11, + 343 ] } } @@ -640,12 +566,12 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ - 1111, 222, - 343 + 343, + 1111 ] } } @@ -668,9 +594,9 @@ "op": "!=", "right": { "set": [ - 1111, 222, - 343 + 343, + 1111 ] } } @@ -690,7 +616,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 1245 } }, @@ -709,7 +635,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 22 } } @@ -737,20 +663,19 @@ "match": { "left": { "payload": { - "field": "id", + "field": "type", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { - "range": [ 33, 45 ] + "set": [ + "echo-reply", + "echo-request" + ] } } - } -] - -# icmp id != 33-45 -[ + }, { "match": { "left": { @@ -759,36 +684,36 @@ "protocol": "icmp" } }, - "op": "!=", + "op": "==", "right": { - "range": [ 33, 45 ] + "range": [ + 33, + 45 + ] } } } ] -# icmp id { 33-55} +# icmp id != 33-45 [ { "match": { "left": { "payload": { - "field": "id", + "field": "type", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + "echo-reply", + "echo-request" ] } } - } -] - -# icmp id != { 33-55} -[ + }, { "match": { "left": { @@ -799,8 +724,9 @@ }, "op": "!=", "right": { - "set": [ - { "range": [ 33, 55 ] } + "range": [ + 33, + 45 ] } } @@ -813,11 +739,28 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "id", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ 22, @@ -835,6 +778,23 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "id", "protocol": "icmp" } @@ -857,11 +817,28 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 22 } } @@ -873,6 +850,23 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } @@ -889,13 +883,33 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { - "range": [ 33, 45 ] + "range": [ + 33, + 45 + ] } } } @@ -907,13 +921,33 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } }, "op": "!=", "right": { - "range": [ 33, 45 ] + "range": [ + 33, + 45 + ] } } } @@ -925,11 +959,28 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ 33, @@ -948,6 +999,23 @@ "match": { "left": { "payload": { + "field": "type", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + "echo-reply", + "echo-request" + ] + } + } + }, + { + "match": { + "left": { + "payload": { "field": "sequence", "protocol": "icmp" } @@ -965,121 +1033,125 @@ } ] -# icmp sequence { 33-55} +# icmp id 1 icmp sequence 2 [ { "match": { "left": { "payload": { - "field": "sequence", + "field": "type", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + "echo-reply", + "echo-request" ] } } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "==", + "right": 1 + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "protocol": "icmp" + } + }, + "op": "==", + "right": 2 + } } ] -# icmp sequence != { 33-55} +# icmp type { echo-reply, echo-request} icmp id 1 icmp sequence 2 [ { "match": { "left": { "payload": { - "field": "sequence", + "field": "type", "protocol": "icmp" } }, - "op": "!=", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + "echo-reply", + "echo-request" ] } } - } -] - -# icmp mtu 33 -[ + }, { "match": { "left": { "payload": { - "field": "mtu", + "field": "id", "protocol": "icmp" } }, - "op": "==", - "right": 33 + "op": "==", + "right": 1 } - } -] - -# icmp mtu 22-33 -[ + }, { "match": { "left": { "payload": { - "field": "mtu", + "field": "sequence", "protocol": "icmp" } }, - "op": "==", - "right": { - "range": [ 22, 33 ] - } + "op": "==", + "right": 2 } } ] -# icmp mtu { 22-33} +# icmp type echo-reply icmp id 1 [ { "match": { "left": { "payload": { - "field": "mtu", + "field": "type", "protocol": "icmp" } }, - "op": "==", - "right": { - "set": [ - { "range": [ 22, 33 ] } - ] - } + "op": "==", + "right": "echo-reply" } - } -] - -# icmp mtu != { 22-33} -[ + }, { "match": { "left": { "payload": { - "field": "mtu", + "field": "id", "protocol": "icmp" } }, - "op": "!=", - "right": { - "set": [ - { "range": [ 22, 33 ] } - ] - } + "op": "==", + "right": 1 } } ] -# icmp mtu 22 +# icmp mtu 33 [ { "match": { @@ -1089,13 +1161,13 @@ "protocol": "icmp" } }, - "op": "==", - "right": 22 + "op": "==", + "right": 33 } } ] -# icmp mtu != 233 +# icmp mtu 22-33 [ { "match": { @@ -1105,13 +1177,18 @@ "protocol": "icmp" } }, - "op": "!=", - "right": 233 + "op": "==", + "right": { + "range": [ + 22, + 33 + ] + } } } ] -# icmp mtu 33-45 +# icmp mtu 22 [ { "match": { @@ -1121,15 +1198,13 @@ "protocol": "icmp" } }, - "op": "==", - "right": { - "range": [ 33, 45 ] - } + "op": "==", + "right": 22 } } ] -# icmp mtu != 33-45 +# icmp mtu != 233 [ { "match": { @@ -1140,14 +1215,12 @@ } }, "op": "!=", - "right": { - "range": [ 33, 45 ] - } + "right": 233 } } ] -# icmp mtu { 33, 55, 67, 88} +# icmp mtu 33-45 [ { "match": { @@ -1157,20 +1230,18 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { - "set": [ + "range": [ 33, - 55, - 67, - 88 + 45 ] } } } ] -# icmp mtu != { 33, 55, 67, 88} +# icmp mtu != 33-45 [ { "match": { @@ -1182,18 +1253,16 @@ }, "op": "!=", "right": { - "set": [ + "range": [ 33, - 55, - 67, - 88 + 45 ] } } } ] -# icmp mtu { 33-55} +# icmp mtu { 33, 55, 67, 88} [ { "match": { @@ -1203,17 +1272,20 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + 33, + 55, + 67, + 88 ] } } } ] -# icmp mtu != { 33-55} +# icmp mtu != { 33, 55, 67, 88} [ { "match": { @@ -1226,7 +1298,10 @@ "op": "!=", "right": { "set": [ - { "range": [ 33, 55 ] } + 33, + 55, + 67, + 88 ] } } @@ -1243,7 +1318,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": 22 } } @@ -1275,9 +1350,12 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { - "range": [ 33, 45 ] + "range": [ + 33, + 45 + ] } } } @@ -1295,7 +1373,10 @@ }, "op": "!=", "right": { - "range": [ 33, 45 ] + "range": [ + 33, + 45 + ] } } } @@ -1311,7 +1392,7 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ 33, @@ -1347,7 +1428,7 @@ } ] -# icmp gateway { 33-55} +# icmp gateway != 34 [ { "match": { @@ -1357,17 +1438,13 @@ "protocol": "icmp" } }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } + "op": "!=", + "right": 34 } } ] -# icmp gateway != { 33-55} +# icmp gateway != { 333, 334} [ { "match": { @@ -1380,47 +1457,38 @@ "op": "!=", "right": { "set": [ - { "range": [ 33, 55 ] } + 333, + 334 ] } } } ] -# icmp gateway != 34 +# icmp code 1 icmp type 2 [ { "match": { "left": { "payload": { - "field": "gateway", + "field": "type", "protocol": "icmp" } }, - "op": "!=", - "right": 34 + "op": "==", + "right": 2 } - } -] - -# icmp gateway != { 333, 334} -[ + }, { "match": { "left": { "payload": { - "field": "gateway", + "field": "code", "protocol": "icmp" } }, - "op": "!=", - "right": { - "set": [ - 333, - 334 - ] - } + "op": "==", + "right": 1 } } ] - diff --git a/tests/py/ip/icmp.t.json.output b/tests/py/ip/icmp.t.json.output index e8045bb8..d79e72b5 100644 --- a/tests/py/ip/icmp.t.json.output +++ b/tests/py/ip/icmp.t.json.output @@ -1,4 +1,4 @@ -# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply, router-advertisement, router-solicitation} accept +# icmp id 1245 log [ { "match": { @@ -8,104 +8,138 @@ "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ "echo-reply", - "destination-unreachable", - "source-quench", - "redirect", - "echo-request", - "router-advertisement", - "router-solicitation", - "time-exceeded", - "parameter-problem", - "timestamp-request", - "timestamp-reply", - "info-request", - "info-reply", - "address-mask-request", - "address-mask-reply" + "echo-request" ] } } }, { - "accept": null + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "==", + "right": 1245 + } + }, + { + "log": null } ] -# icmp code { 2, 4, 54, 33, 56} +# icmp id 22 [ { "match": { "left": { "payload": { - "field": "code", + "field": "type", "protocol": "icmp" } }, "op": "==", "right": { "set": [ - "prot-unreachable", - 4, - 33, - 54, - 56 + "echo-reply", + "echo-request" ] } } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "==", + "right": 22 + } } ] -# icmp checksum { 1111, 222, 343} accept +# icmp id != 233 [ { "match": { "left": { "payload": { - "field": "checksum", + "field": "type", "protocol": "icmp" } }, - "op": "==", + "op": "==", "right": { "set": [ - 222, - 343, - 1111 + "echo-reply", + "echo-request" ] } } }, { - "accept": null + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "!=", + "right": 233 + } } ] -# icmp checksum != { 1111, 222, 343} accept +# icmp id { 33-55} [ { "match": { "left": { "payload": { - "field": "checksum", + "field": "type", "protocol": "icmp" } }, - "op": "!=", + "op": "==", "right": { "set": [ - 222, - 343, - 1111 + "echo-reply", + "echo-request" ] } } }, { - "accept": null + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + { + "range": [ + 33, + 55 + ] + } + ] + } + } } ] + diff --git a/tests/py/ip/icmp.t.payload.ip b/tests/py/ip/icmp.t.payload.ip index 2185feb8..3bc6de3c 100644 --- a/tests/py/ip/icmp.t.payload.ip +++ b/tests/py/ip/icmp.t.payload.ip @@ -102,17 +102,6 @@ ip test-ip4 input [ cmp eq reg 1 0x00000012 ] [ immediate reg 0 accept ] -# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept -__set%d test-ip4 3 -__set%d test-ip4 0 - element 00000000 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000008 : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] element 0000000d : 0 [end] element 0000000e : 0 [end] element 0000000f : 0 [end] element 00000010 : 0 [end] element 00000011 : 0 [end] element 00000012 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - [ immediate reg 0 accept ] - # icmp type != {echo-reply, destination-unreachable, source-quench} __set%d test-ip4 3 __set%d test-ip4 0 @@ -154,26 +143,6 @@ ip test-ip4 input [ payload load 1b @ transport header + 1 => reg 1 ] [ range neq reg 1 0x00000021 0x00000037 ] -# icmp code { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmp code != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # icmp code { 2, 4, 54, 33, 56} __set%d test-ip4 3 __set%d test-ip4 0 @@ -227,28 +196,6 @@ ip test-ip4 input [ range neq reg 1 0x00000b00 0x00005701 ] [ immediate reg 0 accept ] -# icmp checksum { 11-343} accept -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - [ immediate reg 0 accept ] - -# icmp checksum != { 11-343} accept -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - [ immediate reg 0 accept ] - # icmp checksum { 1111, 222, 343} accept __set%d test-ip4 3 __set%d test-ip4 0 @@ -272,155 +219,215 @@ ip test-ip4 input [ immediate reg 0 accept ] # icmp id 1245 log +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ cmp eq reg 1 0x0000dd04 ] [ log ] # icmp id 22 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ cmp eq reg 1 0x00001600 ] # icmp id != 233 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] # icmp id 33-45 +__set%d test-ip4 3 +__set%d test-ip4 input + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] # icmp id != 33-45 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ range neq reg 1 0x00002100 0x00002d00 ] - -# icmp id { 33-55} -__set%d test-ip4 7 +__set%d test-ip4 3 __set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] + [ payload load 1b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d ] - -# icmp id != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ range neq reg 1 0x00002100 0x00002d00 ] # icmp id { 22, 34, 333} __set%d test-ip4 3 __set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] +__set%d test-ip4 3 +__set%d test-ip4 0 element 00001600 : 0 [end] element 00002200 : 0 [end] element 00004d01 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] # icmp id != { 22, 34, 333} __set%d test-ip4 3 __set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] +__set%d test-ip4 3 +__set%d test-ip4 0 element 00001600 : 0 [end] element 00002200 : 0 [end] element 00004d01 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # icmp sequence 22 -ip test-ip4 input +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] +ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp eq reg 1 0x00001600 ] # icmp sequence != 233 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] # icmp sequence 33-45 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] # icmp sequence != 33-45 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] # icmp sequence { 33, 55, 67, 88} __set%d test-ip4 3 __set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] +__set%d test-ip4 3 +__set%d test-ip4 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] # icmp sequence != { 33, 55, 67, 88} __set%d test-ip4 3 __set%d test-ip4 0 + element 00000008 : 0 [end] element 00000000 : 0 [end] +__set%d test-ip4 3 +__set%d test-ip4 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# icmp sequence { 33-55} -__set%d test-ip4 7 +# icmp id 1 icmp sequence 2 +__set%d test-ip4 3 __set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input + element 00000008 : 0 [end] element 00000000 : 0 [end] +ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] + [ payload load 1b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x02000100 ] -# icmp sequence != { 33-55} -__set%d test-ip4 7 +# icmp type { echo-reply, echo-request} icmp id 1 icmp sequence 2 +__set%d test-ip4 3 __set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input + element 00000000 : 0 [end] element 00000008 : 0 [end] +ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x02000100 ] + +# icmp type echo-reply icmp id 1 +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000100 ] # icmp mtu 33 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp eq reg 1 0x00002100 ] @@ -428,34 +435,18 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp gte reg 1 0x00001600 ] [ cmp lte reg 1 0x00002100 ] -# icmp mtu { 22-33} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmp mtu != { 22-33} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # icmp mtu 22 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp eq reg 1 0x00001600 ] @@ -463,6 +454,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] @@ -470,6 +463,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] @@ -478,6 +473,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] @@ -488,6 +485,8 @@ __set%d test-ip4 0 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] @@ -498,26 +497,8 @@ __set%d test-ip4 0 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# icmp mtu { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmp mtu != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] @@ -525,6 +506,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp eq reg 1 0x16000000 ] @@ -532,6 +515,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp neq reg 1 0xe9000000 ] @@ -539,6 +524,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp gte reg 1 0x21000000 ] [ cmp lte reg 1 0x2d000000 ] @@ -547,6 +534,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ range neq reg 1 0x21000000 0x2d000000 ] @@ -557,6 +546,8 @@ __set%d test-ip4 0 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] @@ -567,26 +558,8 @@ __set%d test-ip4 0 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# icmp gateway { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmp gateway != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] @@ -594,6 +567,8 @@ ip test-ip4 input ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp neq reg 1 0x22000000 ] @@ -604,6 +579,8 @@ __set%d test-ip4 0 ip test-ip4 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] @@ -634,3 +611,9 @@ ip test-ip4 input [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# icmp code 1 icmp type 2 +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000102 ] diff --git a/tests/py/ip/igmp.t b/tests/py/ip/igmp.t index 939dcc32..a556e475 100644 --- a/tests/py/ip/igmp.t +++ b/tests/py/ip/igmp.t @@ -16,8 +16,6 @@ igmp checksum 12343;ok igmp checksum != 12343;ok igmp checksum 11-343;ok igmp checksum != 11-343;ok -igmp checksum { 11-343};ok -igmp checksum != { 11-343};ok igmp checksum { 1111, 222, 343};ok igmp checksum != { 1111, 222, 343};ok diff --git a/tests/py/ip/igmp.t.json b/tests/py/ip/igmp.t.json index 66dd3bb7..0e2a43f3 100644 --- a/tests/py/ip/igmp.t.json +++ b/tests/py/ip/igmp.t.json @@ -196,56 +196,6 @@ } ] -# igmp checksum { 11-343} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "igmp" - } - }, - "op": "==", - "right": { - "set": [ - { - "range": [ - 11, - 343 - ] - } - ] - } - } - } -] - -# igmp checksum != { 11-343} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "igmp" - } - }, - "op": "!=", - "right": { - "set": [ - { - "range": [ - 11, - 343 - ] - } - ] - } - } - } -] - # igmp checksum { 1111, 222, 343} [ { diff --git a/tests/py/ip/igmp.t.payload b/tests/py/ip/igmp.t.payload index 1319c324..940fe2cd 100644 --- a/tests/py/ip/igmp.t.payload +++ b/tests/py/ip/igmp.t.payload @@ -62,150 +62,6 @@ ip test-ip4 input [ payload load 2b @ transport header + 2 => reg 1 ] [ range neq reg 1 0x00000b00 0x00005701 ] -# igmp checksum { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp checksum != { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# igmp checksum { 1111, 222, 343} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp checksum != { 1111, 222, 343} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# igmp type membership-query -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - -# igmp type membership-report-v1 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000012 ] - -# igmp type membership-report-v2 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# igmp type membership-report-v3 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000022 ] - -# igmp type leave-group -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000017 ] - -# igmp type { membership-report-v1, membership-report-v2, membership-report-v3} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00000012 : 0 [end] element 00000016 : 0 [end] element 00000022 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp type != { membership-report-v1, membership-report-v2, membership-report-v3} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00000012 : 0 [end] element 00000016 : 0 [end] element 00000022 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# igmp checksum 12343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003730 ] - -# igmp checksum != 12343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003730 ] - -# igmp checksum 11-343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00000b00 ] - [ cmp lte reg 1 0x00005701 ] - -# igmp checksum != 11-343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ range neq reg 1 0x00000b00 0x00005701 ] - -# igmp checksum { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp checksum != { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # igmp checksum { 1111, 222, 343} __set%d test-ip4 3 size 3 __set%d test-ip4 0 @@ -226,41 +82,6 @@ ip test-ip4 input [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# igmp type membership-query -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - -# igmp type membership-report-v1 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000012 ] - -# igmp type membership-report-v2 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# igmp type membership-report-v3 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000022 ] - -# igmp type leave-group -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000017 ] - # igmp type { membership-report-v1, membership-report-v2, membership-report-v3} __set%d test-ip4 3 size 3 __set%d test-ip4 0 @@ -281,75 +102,6 @@ ip test-ip4 input [ payload load 1b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# igmp checksum 12343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003730 ] - -# igmp checksum != 12343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003730 ] - -# igmp checksum 11-343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00000b00 ] - [ cmp lte reg 1 0x00005701 ] - -# igmp checksum != 11-343 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ range neq reg 1 0x00000b00 0x00005701 ] - -# igmp checksum { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp checksum != { 11-343} -__set%d test-ip4 7 size 3 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# igmp checksum { 1111, 222, 343} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# igmp checksum != { 1111, 222, 343} -__set%d test-ip4 3 size 3 -__set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # igmp mrt 10 ip test-ip4 input [ meta load l4proto => reg 1 ] diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t index 0421d01b..e6999c29 100644 --- a/tests/py/ip/ip.t +++ b/tests/py/ip/ip.t @@ -1,10 +1,11 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *inet;test-inet;input *bridge;test-bridge;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress - ip version 2;ok @@ -39,8 +40,6 @@ ip length 333-435;ok ip length != 333-453;ok ip length { 333, 553, 673, 838};ok ip length != { 333, 553, 673, 838};ok -ip length { 333-535};ok -ip length != { 333-535};ok ip id 22;ok ip id != 233;ok @@ -48,17 +47,16 @@ ip id 33-45;ok ip id != 33-45;ok ip id { 33, 55, 67, 88};ok ip id != { 33, 55, 67, 88};ok -ip id { 33-55};ok -ip id != { 33-55};ok - -ip frag-off 222 accept;ok -ip frag-off != 233;ok -ip frag-off 33-45;ok -ip frag-off != 33-45;ok -ip frag-off { 33, 55, 67, 88};ok -ip frag-off != { 33, 55, 67, 88};ok -ip frag-off { 33-55};ok -ip frag-off != { 33-55};ok + +ip frag-off 0xde accept;ok +ip frag-off != 0xe9;ok +ip frag-off 0x21-0x2d;ok +ip frag-off != 0x21-0x2d;ok +ip frag-off { 0x21, 0x37, 0x43, 0x58};ok +ip frag-off != { 0x21, 0x37, 0x43, 0x58};ok +ip frag-off & 0x1fff != 0x0;ok +ip frag-off & 0x2000 != 0x0;ok +ip frag-off & 0x4000 != 0x0;ok ip ttl 0 drop;ok ip ttl 233;ok @@ -66,8 +64,6 @@ ip ttl 33-55;ok ip ttl != 45-50;ok ip ttl {43, 53, 45 };ok ip ttl != {43, 53, 45 };ok -ip ttl { 33-55};ok -ip ttl != { 33-55};ok ip protocol tcp;ok;ip protocol 6 ip protocol != tcp;ok;ip protocol != 6 @@ -84,23 +80,19 @@ ip checksum 33-45;ok ip checksum != 33-45;ok ip checksum { 33, 55, 67, 88};ok ip checksum != { 33, 55, 67, 88};ok -ip checksum { 33-55};ok -ip checksum != { 33-55};ok ip saddr set {192.19.1.2, 191.1.22.1};fail ip saddr 192.168.2.0/24;ok ip saddr != 192.168.2.0/24;ok ip saddr 192.168.3.1 ip daddr 192.168.3.100;ok -ip saddr != 1.1.1.1;ok;ip saddr != 1.1.1.1 -ip saddr 1.1.1.1;ok;ip saddr 1.1.1.1 +ip saddr != 1.1.1.1;ok +ip saddr 1.1.1.1;ok ip daddr 192.168.0.1-192.168.0.250;ok ip daddr 10.0.0.0-10.255.255.255;ok ip daddr 172.16.0.0-172.31.255.255;ok ip daddr 192.168.3.1-192.168.4.250;ok ip daddr != 192.168.0.1-192.168.0.250;ok -ip daddr { 192.168.0.1-192.168.0.250};ok -ip daddr != { 192.168.0.1-192.168.0.250};ok ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok @@ -135,3 +127,11 @@ iif "lo" ip protocol set 1;ok iif "lo" ip dscp set af23;ok iif "lo" ip dscp set cs0;ok + +ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 };ok +ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept };ok + +ip saddr 1.2.3.4 ip daddr 3.4.5.6;ok +ip saddr 1.2.3.4 counter ip daddr 3.4.5.6;ok + +ip dscp 1/6;ok;ip dscp & 0x3f == lephb diff --git a/tests/py/ip/ip.t.json b/tests/py/ip/ip.t.json index 3131ab79..a170e5c1 100644 --- a/tests/py/ip/ip.t.json +++ b/tests/py/ip/ip.t.json @@ -270,46 +270,6 @@ } ] -# ip length { 333-535} -[ - { - "match": { - "left": { - "payload": { - "field": "length", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 333, 535 ] } - ] - } - } - } -] - -# ip length != { 333-535} -[ - { - "match": { - "left": { - "payload": { - "field": "length", - "protocol": "ip" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 333, 535 ] } - ] - } - } - } -] - # ip id 22 [ { @@ -424,47 +384,7 @@ } ] -# ip id { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "id", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# ip id != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "id", - "protocol": "ip" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# ip frag-off 222 accept +# ip frag-off 0xde accept [ { "match": { @@ -483,7 +403,7 @@ } ] -# ip frag-off != 233 +# ip frag-off != 0xe9 [ { "match": { @@ -499,7 +419,7 @@ } ] -# ip frag-off 33-45 +# ip frag-off 0x21-0x2d [ { "match": { @@ -517,7 +437,7 @@ } ] -# ip frag-off != 33-45 +# ip frag-off != 0x21-0x2d [ { "match": { @@ -535,7 +455,7 @@ } ] -# ip frag-off { 33, 55, 67, 88} +# ip frag-off { 0x21, 0x37, 0x43, 0x58} [ { "match": { @@ -558,7 +478,7 @@ } ] -# ip frag-off != { 33, 55, 67, 88} +# ip frag-off != { 0x21, 0x37, 0x43, 0x58} [ { "match": { @@ -581,42 +501,65 @@ } ] -# ip frag-off { 33-55} +# ip frag-off & 0x1fff != 0x0 [ { "match": { "left": { - "payload": { - "field": "frag-off", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } + "&": [ + { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + 8191 ] - } + }, + "op": "!=", + "right": 0 } } ] -# ip frag-off != { 33-55} +# ip frag-off & 0x2000 != 0x0 [ { "match": { "left": { - "payload": { - "field": "frag-off", - "protocol": "ip" - } + "&": [ + { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + 8192 + ] }, "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } + "right": 0 + } + } +] + +# ip frag-off & 0x4000 != 0x0 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + 16384 ] - } + }, + "op": "!=", + "right": 0 } } ] @@ -736,46 +679,6 @@ } ] -# ip ttl { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "ttl", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# ip ttl != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "ttl", - "protocol": "ip" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # ip protocol tcp [ { @@ -1019,46 +922,6 @@ } ] -# ip checksum { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# ip checksum != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "ip" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # ip saddr 192.168.2.0/24 [ { @@ -1251,46 +1114,6 @@ } ] -# ip daddr { 192.168.0.1-192.168.0.250} -[ - { - "match": { - "left": { - "payload": { - "field": "daddr", - "protocol": "ip" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ "192.168.0.1", "192.168.0.250" ] } - ] - } - } - } -] - -# ip daddr != { 192.168.0.1-192.168.0.250} -[ - { - "match": { - "left": { - "payload": { - "field": "daddr", - "protocol": "ip" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ "192.168.0.1", "192.168.0.250" ] } - ] - } - } - } -] - # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept [ { @@ -1836,3 +1659,174 @@ } ] +# ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 } +[ + { + "match": { + "left": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "192.0.2.1", + { + "range": [ + "10.0.0.1", + "10.0.0.2" + ] + } + ] + } + ] + } + } + } +] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +[ + { + "vmap": { + "data": { + "set": [ + [ + { + "concat": [ + { + "range": [ + "192.168.5.1", + "192.168.5.128" + ] + }, + { + "range": [ + "192.168.6.1", + "192.168.6.128" + ] + } + ] + }, + { + "accept": null + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + } + ] + } + } + } +] + +# ip saddr 1.2.3.4 ip daddr 3.4.5.6 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "3.4.5.6" + } + } +] + +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + }, + { + "counter": { + "bytes": 0, + "packets": 0 + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "3.4.5.6" + } + } +] + +# ip dscp 1/6 +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 63 + ] + }, + "op": "==", + "right": "lephb" + } + } +] diff --git a/tests/py/ip/ip.t.json.output b/tests/py/ip/ip.t.json.output index b201cdaa..351ae935 100644 --- a/tests/py/ip/ip.t.json.output +++ b/tests/py/ip/ip.t.json.output @@ -230,3 +230,34 @@ } ] +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + }, + { + "counter": null + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "3.4.5.6" + } + } +] + diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload index d627b22f..d7ddf7be 100644 --- a/tests/py/ip/ip.t.payload +++ b/tests/py/ip/ip.t.payload @@ -1,25 +1,25 @@ # ip dscp cs1 ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000020 ] # ip dscp != cs1 ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000020 ] # ip dscp 0x38 ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000e0 ] # ip dscp != 0x20 ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000080 ] # ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} @@ -28,7 +28,7 @@ __set%d test-ip4 0 element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000060 : 0 [end] element 00000080 : 0 [end] element 000000a0 : 0 [end] element 000000c0 : 0 [end] element 000000e0 : 0 [end] element 00000000 : 0 [end] element 00000028 : 0 [end] element 00000030 : 0 [end] element 00000038 : 0 [end] element 00000048 : 0 [end] element 00000050 : 0 [end] element 00000058 : 0 [end] element 00000068 : 0 [end] element 00000070 : 0 [end] element 00000078 : 0 [end] element 00000088 : 0 [end] element 00000090 : 0 [end] element 00000098 : 0 [end] element 000000b8 : 0 [end] ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip dscp != {cs0, cs3} @@ -37,16 +37,16 @@ __set%d test-ip4 0 element 00000000 : 0 [end] element 00000060 : 0 [end] ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] # ip dscp vmap { cs1 : continue , cs4 : accept } counter __map%d test-ip4 b size 2 __map%d test-ip4 0 - element 00000020 : 0 [end] element 00000080 : 0 [end] + element 00000020 : continue 0 [end] element 00000080 : accept 0 [end] ip test-ip4 input [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -87,22 +87,6 @@ ip test-ip4 input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip length { 333-535} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip length != { 333-535} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip id 22 ip test-ip4 input [ payload load 2b @ network header + 4 => reg 1 ] @@ -140,45 +124,29 @@ ip test-ip4 input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip id { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip id != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# ip frag-off 222 accept +# ip frag-off 0xde accept ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x0000de00 ] [ immediate reg 0 accept ] -# ip frag-off != 233 +# ip frag-off != 0xe9 ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] -# ip frag-off 33-45 +# ip frag-off 0x21-0x2d ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] -# ip frag-off != 33-45 +# ip frag-off != 0x21-0x2d ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] -# ip frag-off { 33, 55, 67, 88} +# ip frag-off { 0x21, 0x37, 0x43, 0x58} __set%d test-ip4 3 __set%d test-ip4 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -186,7 +154,7 @@ ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] -# ip frag-off != { 33, 55, 67, 88} +# ip frag-off != { 0x21, 0x37, 0x43, 0x58} __set%d test-ip4 3 __set%d test-ip4 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -194,21 +162,23 @@ ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip frag-off { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x1fff != 0x0 ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] -# ip frag-off != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x2000 != 0x0 ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] # ip ttl 0 drop ip test-ip4 input @@ -248,22 +218,6 @@ ip test-ip4 input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip ttl { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip ttl != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip protocol tcp ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -340,32 +294,14 @@ ip test-ip4 input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip checksum { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip checksum != { 33-55} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip saddr 192.168.2.0/24 ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x0002a8c0 ] # ip saddr != 192.168.2.0/24 ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp neq reg 1 0x0002a8c0 ] # ip saddr 192.168.3.1 ip daddr 192.168.3.100 @@ -414,22 +350,6 @@ ip test-ip4 input [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] -# ip daddr { 192.168.0.1-192.168.0.250} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip daddr != { 192.168.0.1-192.168.0.250} -__set%d test-ip4 7 -__set%d test-ip4 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-ip4 3 __set%d test-ip4 0 @@ -489,59 +409,49 @@ ip test-ip4 input # ip saddr & 0xff == 1 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] # ip saddr & 0.0.0.255 < 0.0.0.127 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] # ip saddr & 0xffff0000 == 0xffff0000 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000ffff ] -# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} -__set%d test-ip 3 -__set%d test-ip 0 - element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] -ip test-ip input - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 1b @ network header + 9 => reg 10 ] - [ lookup reg 1 set __set%d ] - # ip version 4 ip hdrlength 5 ip test-ip4 input [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000040 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000005 ] # ip hdrlength 0 ip test-ip4 input [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # ip hdrlength 15 ip test-ip4 input [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000f ] # ip hdrlength vmap { 0-4 : drop, 5 : accept, 6 : continue } counter __map%d test-ip4 f size 4 __map%d test-ip4 0 - element 00000000 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 1 [end] + element 00000000 : drop 0 [end] element 00000005 : accept 0 [end] element 00000006 : continue 0 [end] element 00000007 : 1 [end] ip test-ip4 input [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -571,7 +481,7 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ecn set ce @@ -579,7 +489,7 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000300 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000300 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set af23 @@ -587,7 +497,7 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00005800 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00005800 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set cs0 @@ -595,7 +505,7 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00000000 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ttl set 23 @@ -603,7 +513,7 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff00 ) ^ 0x00000017 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff00 ) ^ 0x00000017 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip protocol set 1 @@ -611,6 +521,46 @@ ip test-ip4 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000ff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x000000ff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x1 ] +# ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 } +__set%d test-ip4 87 size 1 +__set%d test-ip4 0 + element 010200c0 0100000a - 010200c0 0200000a : 0 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +__map%d test-ip4 8f size 1 +__map%d test-ip4 0 + element 0105a8c0 0106a8c0 - 8005a8c0 8006a8c0 : accept 0 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# ip saddr 1.2.3.4 ip daddr 3.4.5.6 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ counter pkts 0 bytes 0 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip dscp 1/6 +ip test-ip4 input + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip.t.payload.bridge b/tests/py/ip/ip.t.payload.bridge index 91a4fde3..53f881d3 100644 --- a/tests/py/ip/ip.t.payload.bridge +++ b/tests/py/ip/ip.t.payload.bridge @@ -3,7 +3,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000020 ] # ip dscp != cs1 @@ -11,7 +11,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000020 ] # ip dscp 0x38 @@ -19,7 +19,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000e0 ] # ip dscp != 0x20 @@ -27,7 +27,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000080 ] # ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} @@ -38,7 +38,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip dscp != {cs0, cs3} @@ -49,18 +49,18 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] # ip dscp vmap { cs1 : continue , cs4 : accept } counter __map%d test-bridge b size 2 __map%d test-bridge 0 - element 00000020 : 0 [end] element 00000080 : 0 [end] + element 00000020 : continue 0 [end] element 00000080 : accept 0 [end] bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -113,26 +113,6 @@ bridge test-bridge input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip length { 333-535} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip length != { 333-535} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip id 22 bridge test-bridge input [ meta load protocol => reg 1 ] @@ -182,27 +162,7 @@ bridge test-bridge input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip id { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip id != { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# ip frag-off 222 accept +# ip frag-off 0xde accept bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -210,14 +170,14 @@ bridge test-bridge input [ cmp eq reg 1 0x0000de00 ] [ immediate reg 0 accept ] -# ip frag-off != 233 +# ip frag-off != 0xe9 bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] -# ip frag-off 33-45 +# ip frag-off 0x21-0x2d bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -225,14 +185,14 @@ bridge test-bridge input [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] -# ip frag-off != 33-45 +# ip frag-off != 0x21-0x2d bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] -# ip frag-off { 33, 55, 67, 88} +# ip frag-off { 0x21, 0x37, 0x43, 0x58} __set%d test-bridge 3 size 4 __set%d test-bridge 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -242,7 +202,7 @@ bridge test-bridge input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] -# ip frag-off != { 33, 55, 67, 88} +# ip frag-off != { 0x21, 0x37, 0x43, 0x58} __set%d test-bridge 3 size 4 __set%d test-bridge 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -252,25 +212,29 @@ bridge test-bridge input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip frag-off { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x1fff != 0x0 bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] -# ip frag-off != { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x2000 != 0x0 bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] # ip ttl 0 drop bridge test-bridge input @@ -322,26 +286,6 @@ bridge test-bridge input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip ttl { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip ttl != { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip protocol tcp bridge test-bridge input [ meta load protocol => reg 1 ] @@ -442,40 +386,18 @@ bridge test-bridge input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip checksum { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip checksum != { 33-55} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip saddr 192.168.2.0/24 bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x0002a8c0 ] # ip saddr != 192.168.2.0/24 bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp neq reg 1 0x0002a8c0 ] # ip saddr 192.168.3.1 ip daddr 192.168.3.100 @@ -540,26 +462,6 @@ bridge test-bridge input [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] -# ip daddr { 192.168.0.1-192.168.0.250} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip daddr != { 192.168.0.1-192.168.0.250} -__set%d test-bridge 7 size 3 -__set%d test-bridge 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -bridge test-bridge input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-bridge 3 size 3 __set%d test-bridge 0 @@ -639,7 +541,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] # ip saddr & 0.0.0.255 < 0.0.0.127 @@ -647,7 +549,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] # ip saddr & 0xffff0000 == 0xffff0000 @@ -655,7 +557,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000ffff ] # ip version 4 ip hdrlength 5 @@ -663,10 +565,10 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000040 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000005 ] # ip hdrlength 0 @@ -674,7 +576,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # ip hdrlength 15 @@ -682,18 +584,18 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000f ] # ip hdrlength vmap { 0-4 : drop, 5 : accept, 6 : continue } counter __map%d test-bridge f size 4 __map%d test-bridge 0 - element 00000000 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 1 [end] + element 00000000 : drop 0 [end] element 00000005 : accept 0 [end] element 00000006 : continue 0 [end] element 00000007 : 1 [end] bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -731,7 +633,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ecn set ce @@ -741,7 +643,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000300 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000300 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ttl set 23 @@ -751,7 +653,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff00 ) ^ 0x00000017 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff00 ) ^ 0x00000017 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip protocol set 1 @@ -761,7 +663,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000ff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x000000ff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x1 ] # iif "lo" ip dscp set af23 @@ -771,7 +673,7 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00005800 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00005800 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set cs0 @@ -781,6 +683,56 @@ bridge test-bridge input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00000000 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] +# ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 } +__set%d test-bridge 87 size 1 +__set%d test-bridge 0 + element 010200c0 0100000a - 010200c0 0200000a : 0 [end] +bridge + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +__map%d test-bridge 8f size 1 +__map%d test-bridge 0 + element 0105a8c0 0106a8c0 - 8005a8c0 8006a8c0 : accept 0 [end] +bridge + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# ip saddr 1.2.3.4 ip daddr 3.4.5.6 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ counter pkts 0 bytes 0 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip dscp 1/6 +bridge test-bridge input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip.t.payload.inet b/tests/py/ip/ip.t.payload.inet index b9cb28a2..08674c98 100644 --- a/tests/py/ip/ip.t.payload.inet +++ b/tests/py/ip/ip.t.payload.inet @@ -3,7 +3,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000020 ] # ip dscp != cs1 @@ -11,7 +11,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000020 ] # ip dscp 0x38 @@ -19,7 +19,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000e0 ] # ip dscp != 0x20 @@ -27,7 +27,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000080 ] # ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} @@ -38,7 +38,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip dscp != {cs0, cs3} @@ -49,18 +49,18 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] # ip dscp vmap { cs1 : continue , cs4 : accept } counter __map%d test-inet b size 2 __map%d test-inet 0 - element 00000020 : 0 [end] element 00000080 : 0 [end] + element 00000020 : continue 0 [end] element 00000080 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -113,26 +113,6 @@ inet test-inet input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip length { 333-535} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip length != { 333-535} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip id 22 inet test-inet input [ meta load nfproto => reg 1 ] @@ -182,27 +162,7 @@ inet test-inet input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip id { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip id != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# ip frag-off 222 accept +# ip frag-off 0xde accept inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] @@ -210,14 +170,14 @@ inet test-inet input [ cmp eq reg 1 0x0000de00 ] [ immediate reg 0 accept ] -# ip frag-off != 233 +# ip frag-off != 0xe9 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] -# ip frag-off 33-45 +# ip frag-off 0x21-0x2d inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] @@ -225,14 +185,14 @@ inet test-inet input [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] -# ip frag-off != 33-45 +# ip frag-off != 0x21-0x2d inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] -# ip frag-off { 33, 55, 67, 88} +# ip frag-off { 0x21, 0x37, 0x43, 0x58} __set%d test-inet 3 __set%d test-inet 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -242,7 +202,7 @@ inet test-inet input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] -# ip frag-off != { 33, 55, 67, 88} +# ip frag-off != { 0x21, 0x37, 0x43, 0x58} __set%d test-inet 3 __set%d test-inet 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -252,25 +212,29 @@ inet test-inet input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip frag-off { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x1fff != 0x0 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] -# ip frag-off != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +# ip frag-off & 0x2000 != 0x0 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] # ip ttl 0 drop inet test-inet input @@ -322,26 +286,6 @@ inet test-inet input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip ttl { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip ttl != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip protocol tcp inet test-inet input [ meta load nfproto => reg 1 ] @@ -442,40 +386,18 @@ inet test-inet input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip checksum { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip checksum != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip saddr 192.168.2.0/24 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x0002a8c0 ] # ip saddr != 192.168.2.0/24 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp neq reg 1 0x0002a8c0 ] # ip saddr 192.168.3.1 ip daddr 192.168.3.100 @@ -540,26 +462,6 @@ inet test-inet input [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] -# ip daddr { 192.168.0.1-192.168.0.250} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip daddr != { 192.168.0.1-192.168.0.250} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-inet 3 __set%d test-inet 0 @@ -639,7 +541,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] # ip saddr & 0.0.0.255 < 0.0.0.127 @@ -647,7 +549,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] # ip saddr & 0xffff0000 == 0xffff0000 @@ -655,30 +557,18 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000ffff ] -# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} -__set%d test-ip 3 -__set%d test-ip 0 - element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] -inet test-ip input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 1b @ network header + 9 => reg 10 ] - [ lookup reg 1 set __set%d ] - # ip version 4 ip hdrlength 5 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000040 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000005 ] # ip hdrlength 0 @@ -686,7 +576,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # ip hdrlength 15 @@ -694,18 +584,18 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000f ] # ip hdrlength vmap { 0-4 : drop, 5 : accept, 6 : continue } counter __map%d test-inet f size 4 __map%d test-inet 0 - element 00000000 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 1 [end] + element 00000000 : drop 0 [end] element 00000005 : accept 0 [end] element 00000006 : continue 0 [end] element 00000007 : 1 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -743,7 +633,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ecn set ce @@ -753,7 +643,7 @@ inet test-netdev ingress [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000300 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000300 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set af23 @@ -763,7 +653,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00005800 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00005800 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set cs0 @@ -773,7 +663,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00000000 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ttl set 23 @@ -783,7 +673,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff00 ) ^ 0x00000017 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff00 ) ^ 0x00000017 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip protocol set 1 @@ -793,6 +683,56 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000ff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x000000ff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x1 ] +# ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 } +__set%d test-inet 87 size 1 +__set%d test-inet 0 + element 010200c0 0100000a - 010200c0 0200000a : 0 [end] +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +__map%d test-inet 8f size 1 +__map%d test-inet 0 + element 0105a8c0 0106a8c0 - 8005a8c0 8006a8c0 : accept 0 [end] +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# ip saddr 1.2.3.4 ip daddr 3.4.5.6 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ counter pkts 0 bytes 0 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip dscp 1/6 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip.t.payload.netdev b/tests/py/ip/ip.t.payload.netdev index 588e5ca2..8220b05d 100644 --- a/tests/py/ip/ip.t.payload.netdev +++ b/tests/py/ip/ip.t.payload.netdev @@ -47,26 +47,6 @@ netdev test-netdev ingress [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip length { 333-535} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip length != { 333-535} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip id 22 netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -116,27 +96,7 @@ netdev test-netdev ingress [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip id { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip id != { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - -# ip frag-off 222 accept +# ip frag-off 0xde accept netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -144,14 +104,14 @@ netdev test-netdev ingress [ cmp eq reg 1 0x0000de00 ] [ immediate reg 0 accept ] -# ip frag-off != 233 +# ip frag-off != 0xe9 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x0000e900 ] -# ip frag-off 33-45 +# ip frag-off 0x21-0x2d netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -159,14 +119,14 @@ netdev test-netdev ingress [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] -# ip frag-off != 33-45 +# ip frag-off != 0x21-0x2d netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] -# ip frag-off { 33, 55, 67, 88} +# ip frag-off { 0x21, 0x37, 0x43, 0x58} __set%d test-netdev 3 __set%d test-netdev 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -176,7 +136,7 @@ netdev test-netdev ingress [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] -# ip frag-off != { 33, 55, 67, 88} +# ip frag-off != { 0x21, 0x37, 0x43, 0x58} __set%d test-netdev 3 __set%d test-netdev 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] @@ -186,25 +146,29 @@ netdev test-netdev ingress [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip frag-off { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress +# ip frag-off & 0x1fff != 0x0 +netdev x y [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] -# ip frag-off != { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress +# ip frag-off & 0x2000 != 0x0 +netdev x y [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ip frag-off & 0x4000 != 0x0 +netdev x y + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000040 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] # ip ttl 0 drop netdev test-netdev ingress @@ -249,26 +213,6 @@ netdev test-netdev ingress [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip ttl { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip ttl != { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept __set%d test-netdev 3 __set%d test-netdev 0 @@ -355,40 +299,18 @@ netdev test-netdev ingress [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip checksum { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip checksum != { 33-55} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip saddr 192.168.2.0/24 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x0002a8c0 ] # ip saddr != 192.168.2.0/24 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ payload load 3b @ network header + 12 => reg 1 ] [ cmp neq reg 1 0x0002a8c0 ] # ip saddr 192.168.3.1 ip daddr 192.168.3.100 @@ -446,26 +368,6 @@ netdev test-netdev ingress [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] -# ip daddr { 192.168.0.1-192.168.0.250} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip daddr != { 192.168.0.1-192.168.0.250} -__set%d test-netdev 7 -__set%d test-netdev 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-netdev 3 __set%d test-netdev 0 @@ -538,7 +440,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] # ip saddr & 0.0.0.255 < 0.0.0.127 @@ -546,7 +448,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] # ip saddr & 0xffff0000 == 0xffff0000 @@ -554,7 +456,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000ffff ] # ip version 4 ip hdrlength 5 @@ -562,10 +464,10 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000040 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000005 ] # ip hdrlength 0 @@ -573,7 +475,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # ip hdrlength 15 @@ -581,18 +483,18 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000f ] # ip hdrlength vmap { 0-4 : drop, 5 : accept, 6 : continue } counter __map%d test-netdev f size 4 __map%d test-netdev 0 - element 00000000 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 1 [end] + element 00000000 : drop 0 [end] element 00000005 : accept 0 [end] element 00000006 : continue 0 [end] element 00000007 : 1 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -631,124 +533,12 @@ netdev test-netdev ingress [ payload load 4b @ network header + 16 => reg 1 ] [ cmp eq reg 1 0x0200a8c0 ] -# ip ttl 233 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - -# ip protocol tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - -# ip protocol != tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - -# ip saddr != 1.1.1.1 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp neq reg 1 0x01010101 ] - -# ip daddr 192.168.0.2 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0200a8c0 ] - -# ip ttl 233 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - -# ip protocol tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - -# ip protocol != tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - -# ip saddr != 1.1.1.1 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp neq reg 1 0x01010101 ] - -# ip daddr 192.168.0.2 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0200a8c0 ] - -# ip ttl 233 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - -# ip protocol tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - -# ip protocol != tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - -# ip ttl 233 -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - -# ip protocol tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - -# ip protocol != tcp -netdev test-netdev ingress - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - # ip dscp cs1 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000020 ] # ip dscp != cs1 @@ -756,7 +546,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000020 ] # ip dscp 0x38 @@ -764,7 +554,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp eq reg 1 0x000000e0 ] # ip dscp != 0x20 @@ -772,7 +562,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000080 ] # ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} @@ -783,7 +573,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip dscp != {cs0, cs3} @@ -794,18 +584,18 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] # ip dscp vmap { cs1 : continue , cs4 : accept } counter __map%d test-netdev b size 2 __map%d test-netdev 0 - element 00000020 : 0 [end] element 00000080 : 0 [end] + element 00000020 : continue 0 [end] element 00000080 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] @@ -843,7 +633,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ecn set ce @@ -853,7 +643,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000fcff ) ^ 0x00000300 ] + [ bitwise reg 1 = ( reg 1 & 0x0000fcff ) ^ 0x00000300 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set af23 @@ -863,7 +653,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00005800 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00005800 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip dscp set cs0 @@ -873,7 +663,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00000000 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip ttl set 23 @@ -883,7 +673,7 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff00 ) ^ 0x00000017 ] + [ bitwise reg 1 = ( reg 1 & 0x0000ff00 ) ^ 0x00000017 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x0 ] # iif "lo" ip protocol set 1 @@ -893,6 +683,56 @@ netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000ff ) ^ 0x00000100 ] + [ bitwise reg 1 = ( reg 1 & 0x000000ff ) ^ 0x00000100 ] [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x1 ] +# ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 } +__set%d test-netdev 87 size 1 +__set%d test-netdev 0 + element 010200c0 0100000a - 010200c0 0200000a : 0 [end] +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +__map%d test-netdev 8f size 1 +__map%d test-netdev 0 + element 0105a8c0 0106a8c0 - 8005a8c0 8006a8c0 : accept 0 [end] +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# ip saddr 1.2.3.4 ip daddr 3.4.5.6 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip saddr 1.2.3.4 counter ip daddr 3.4.5.6 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ counter pkts 0 bytes 0 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x06050403 ] + +# ip dscp 1/6 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip/ip_tcp.t b/tests/py/ip/ip_tcp.t index 467da3ef..ff398aa6 100644 --- a/tests/py/ip/ip_tcp.t +++ b/tests/py/ip/ip_tcp.t @@ -1,5 +1,4 @@ :input;type filter hook input priority 0 -:ingress;type filter hook ingress device lo priority 0 *ip;test-ip;input diff --git a/tests/py/ip/masquerade.t.payload b/tests/py/ip/masquerade.t.payload index 0ba8d5a8..79e52856 100644 --- a/tests/py/ip/masquerade.t.payload +++ b/tests/py/ip/masquerade.t.payload @@ -112,12 +112,12 @@ ip test-ip4 postrouting # iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade __map%d test-ip4 b __map%d test-ip4 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] + element 00001600 : drop 0 [end] element 0000de00 : drop 0 [end] ip test-ip4 postrouting [ meta load iifname => reg 1 ] [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000a ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -130,7 +130,7 @@ ip test-ip4 postrouting [ payload load 1b @ network header + 9 => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ immediate reg 1 0x00000004 ] - [ masq proto_min reg 1 proto_max reg 0 flags 0x2 ] + [ masq proto_min reg 1 flags 0x2 ] # ip protocol 6 masquerade to :1024-2048 ip test-ip4 postrouting diff --git a/tests/py/ip/meta.t b/tests/py/ip/meta.t index f733d22d..a88a6145 100644 --- a/tests/py/ip/meta.t +++ b/tests/py/ip/meta.t @@ -8,8 +8,15 @@ meta l4proto ipv6-icmp icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-adv meta l4proto 58 icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-advert icmpv6 type nd-router-advert;ok +meta protocol ip udp dport 67;ok;udp dport 67 + meta ibrname "br0";fail meta obrname "br0";fail meta sdif "lo" accept;ok meta sdifname != "vrf1" accept;ok + +meta mark set ip dscp;ok + +meta mark set ip dscp << 2 | 0x10;ok +meta mark set ip dscp << 26 | 0x10;ok diff --git a/tests/py/ip/meta.t.json b/tests/py/ip/meta.t.json index f83864f6..25936dba 100644 --- a/tests/py/ip/meta.t.json +++ b/tests/py/ip/meta.t.json @@ -140,3 +140,97 @@ "accept": null } ] + +# meta protocol ip udp dport 67 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] + +# meta mark set ip dscp +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "payload": { + "field": "dscp", + "protocol": "ip" + } + } + } + } +] + +# meta mark set ip dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + + +# meta mark set ip dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] diff --git a/tests/py/ip/meta.t.payload b/tests/py/ip/meta.t.payload index 7bc69a29..880ac5d6 100644 --- a/tests/py/ip/meta.t.payload +++ b/tests/py/ip/meta.t.payload @@ -44,3 +44,35 @@ ip6 test-ip4 input [ meta load sdifname => reg 1 ] [ cmp neq reg 1 0x31667276 0x00000000 0x00000000 0x00000000 ] [ immediate reg 0 accept ] + +# meta protocol ip udp dport 67 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00004300 ] + +# meta mark set ip dscp +ip test-ip4 input + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ meta set mark with reg 1 ] + +# meta mark set ip dscp << 2 | 0x10 +ip test-ip4 input + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ meta set mark with reg 1 ] + +# meta mark set ip dscp << 26 | 0x10 +ip + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ meta set mark with reg 1 ] diff --git a/tests/py/ip/numgen.t b/tests/py/ip/numgen.t index 29a6a105..2a881460 100644 --- a/tests/py/ip/numgen.t +++ b/tests/py/ip/numgen.t @@ -5,3 +5,5 @@ ct mark set numgen inc mod 2;ok ct mark set numgen inc mod 2 offset 100;ok dnat to numgen inc mod 2 map { 0 : 192.168.10.100, 1 : 192.168.20.200 };ok dnat to numgen inc mod 10 map { 0-5 : 192.168.10.100, 6-9 : 192.168.20.200};ok +dnat to numgen inc mod 7 offset 167772161;ok +dnat to numgen inc mod 255 offset 167772161;ok diff --git a/tests/py/ip/numgen.t.json b/tests/py/ip/numgen.t.json index 9902c2cf..6cf66041 100644 --- a/tests/py/ip/numgen.t.json +++ b/tests/py/ip/numgen.t.json @@ -97,3 +97,33 @@ } ] +# dnat to numgen inc mod 7 offset 167772161 +[ + { + "dnat": { + "addr": { + "numgen": { + "mod": 7, + "mode": "inc", + "offset": 167772161 + } + } + } + } +] + +# dnat to numgen inc mod 255 offset 167772161 +[ + { + "dnat": { + "addr": { + "numgen": { + "mod": 255, + "mode": "inc", + "offset": 167772161 + } + } + } + } +] + diff --git a/tests/py/ip/numgen.t.payload b/tests/py/ip/numgen.t.payload index 04088b75..b4eadf85 100644 --- a/tests/py/ip/numgen.t.payload +++ b/tests/py/ip/numgen.t.payload @@ -10,7 +10,7 @@ __map%d x 0 ip test-ip4 pre [ numgen reg 1 = inc mod 2 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # dnat to numgen inc mod 10 map { 0-5 : 192.168.10.100, 6-9 : 192.168.20.200} __map%d test-ip4 f @@ -20,10 +20,21 @@ ip test-ip4 pre [ numgen reg 1 = inc mod 10 ] [ byteorder reg 1 = hton(reg 1, 4, 4) ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + [ nat dnat ip addr_min reg 1 ] # ct mark set numgen inc mod 2 offset 100 ip test-ip4 pre [ numgen reg 1 = inc mod 2 offset 100 ] [ ct set mark with reg 1 ] +# dnat to numgen inc mod 7 offset 167772161 +ip test-ip4 pre + [ numgen reg 1 = inc mod 7 offset 167772161 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ nat dnat ip addr_min reg 1 ] + +# dnat to numgen inc mod 255 offset 167772161 +ip test-ip4 pre + [ numgen reg 1 = inc mod 255 offset 167772161 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ nat dnat ip addr_min reg 1 ] diff --git a/tests/py/ip/redirect.t b/tests/py/ip/redirect.t index d2991ce2..8c2b52f0 100644 --- a/tests/py/ip/redirect.t +++ b/tests/py/ip/redirect.t @@ -47,5 +47,5 @@ ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter redirect;ok iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect;ok # redirect with maps -ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080};ok +redirect to :tcp dport map { 22 : 8000, 80 : 8080};ok diff --git a/tests/py/ip/redirect.t.json b/tests/py/ip/redirect.t.json index 3544e7f1..2afdf9b1 100644 --- a/tests/py/ip/redirect.t.json +++ b/tests/py/ip/redirect.t.json @@ -593,21 +593,9 @@ } ] -# ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080} +# redirect to :tcp dport map { 22 : 8000, 80 : 8080} [ { - "match": { - "left": { - "payload": { - "field": "protocol", - "protocol": "ip" - } - }, - "op": "==", - "right": 6 - } - }, - { "redirect": { "port": { "map": { diff --git a/tests/py/ip/redirect.t.payload b/tests/py/ip/redirect.t.payload index 7f8a74b0..4bed47c1 100644 --- a/tests/py/ip/redirect.t.payload +++ b/tests/py/ip/redirect.t.payload @@ -194,12 +194,12 @@ ip test-ip4 output # iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect __map%d test-ip4 b __map%d test-ip4 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] + element 00001600 : drop 0 [end] element 0000de00 : drop 0 [end] ip test-ip4 output [ meta load iifname => reg 1 ] [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000a ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -207,12 +207,12 @@ ip test-ip4 output [ lookup reg 1 set __map%d dreg 0 ] [ redir ] -# ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080} +# redirect to :tcp dport map { 22 : 8000, 80 : 8080} __map%d test-ip4 b __map%d test-ip4 0 element 00001600 : 0000401f 0 [end] element 00005000 : 0000901f 0 [end] ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __map%d dreg 1 ] diff --git a/tests/py/ip/reject.t b/tests/py/ip/reject.t index cc5561a0..ad009944 100644 --- a/tests/py/ip/reject.t +++ b/tests/py/ip/reject.t @@ -3,14 +3,15 @@ *ip;test-ip4;output reject;ok -reject with icmp type host-unreachable;ok -reject with icmp type net-unreachable;ok -reject with icmp type prot-unreachable;ok -reject with icmp type port-unreachable;ok;reject -reject with icmp type net-prohibited;ok -reject with icmp type host-prohibited;ok -reject with icmp type admin-prohibited;ok +reject with icmp host-unreachable;ok +reject with icmp net-unreachable;ok +reject with icmp prot-unreachable;ok +reject with icmp port-unreachable;ok;reject +reject with icmp net-prohibited;ok +reject with icmp host-prohibited;ok +reject with icmp admin-prohibited;ok +reject with icmp 3;ok;reject mark 0x80000000 reject with tcp reset;ok;meta mark 0x80000000 reject with tcp reset -reject with icmp type no-route;fail -reject with icmpv6 type no-route;fail +reject with icmp no-route;fail +reject with icmpv6 no-route;fail diff --git a/tests/py/ip/reject.t.json b/tests/py/ip/reject.t.json index d120b9f1..3e1d28de 100644 --- a/tests/py/ip/reject.t.json +++ b/tests/py/ip/reject.t.json @@ -5,7 +5,7 @@ } ] -# reject with icmp type host-unreachable +# reject with icmp host-unreachable [ { "reject": { @@ -15,7 +15,7 @@ } ] -# reject with icmp type net-unreachable +# reject with icmp net-unreachable [ { "reject": { @@ -25,7 +25,7 @@ } ] -# reject with icmp type prot-unreachable +# reject with icmp prot-unreachable [ { "reject": { @@ -35,7 +35,7 @@ } ] -# reject with icmp type port-unreachable +# reject with icmp port-unreachable [ { "reject": { @@ -45,7 +45,7 @@ } ] -# reject with icmp type net-prohibited +# reject with icmp net-prohibited [ { "reject": { @@ -55,7 +55,7 @@ } ] -# reject with icmp type host-prohibited +# reject with icmp host-prohibited [ { "reject": { @@ -65,7 +65,7 @@ } ] -# reject with icmp type admin-prohibited +# reject with icmp admin-prohibited [ { "reject": { @@ -75,6 +75,16 @@ } ] +# reject with icmp 3 +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmp" + } + } +] + # mark 0x80000000 reject with tcp reset [ { diff --git a/tests/py/ip/reject.t.json.output b/tests/py/ip/reject.t.json.output index b2529dd7..3917413d 100644 --- a/tests/py/ip/reject.t.json.output +++ b/tests/py/ip/reject.t.json.output @@ -1,7 +1,10 @@ -# reject with icmp type port-unreachable +# reject [ { - "reject": null + "reject": { + "expr": "port-unreachable", + "type": "icmp" + } } ] diff --git a/tests/py/ip/reject.t.payload b/tests/py/ip/reject.t.payload index 07e4cc8d..5829065a 100644 --- a/tests/py/ip/reject.t.payload +++ b/tests/py/ip/reject.t.payload @@ -2,34 +2,38 @@ ip test-ip4 output [ reject type 0 code 3 ] -# reject with icmp type host-unreachable +# reject with icmp host-unreachable ip test-ip4 output [ reject type 0 code 1 ] -# reject with icmp type net-unreachable +# reject with icmp net-unreachable ip test-ip4 output [ reject type 0 code 0 ] -# reject with icmp type prot-unreachable +# reject with icmp prot-unreachable ip test-ip4 output [ reject type 0 code 2 ] -# reject with icmp type port-unreachable +# reject with icmp port-unreachable ip test-ip4 output [ reject type 0 code 3 ] -# reject with icmp type net-prohibited +# reject with icmp net-prohibited ip test-ip4 output [ reject type 0 code 9 ] -# reject with icmp type host-prohibited +# reject with icmp host-prohibited ip test-ip4 output [ reject type 0 code 10 ] -# reject with icmp type admin-prohibited +# reject with icmp admin-prohibited ip test-ip4 output [ reject type 0 code 13 ] +# reject with icmp 3 +ip test-ip4 output + [ reject type 0 code 3 ] + # mark 0x80000000 reject with tcp reset ip test-ip4 output [ meta load l4proto => reg 1 ] diff --git a/tests/py/ip/sets.t b/tests/py/ip/sets.t index 7b7e0722..ad2c8316 100644 --- a/tests/py/ip/sets.t +++ b/tests/py/ip/sets.t @@ -1,9 +1,10 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress !w type ipv4_addr;ok !x type inet_proto;ok @@ -51,6 +52,19 @@ ip saddr != @set33 drop;fail ip saddr . ip daddr @set5 drop;ok add @set5 { ip saddr . ip daddr };ok +!map1 type ipv4_addr . ipv4_addr : mark;ok +add @map1 { ip saddr . ip daddr : meta mark };ok + # test nested anonymous sets ip saddr { { 1.1.1.0, 3.3.3.0 }, 2.2.2.0 };ok;ip saddr { 1.1.1.0, 2.2.2.0, 3.3.3.0 } ip saddr { { 1.1.1.0/24, 3.3.3.0/24 }, 2.2.2.0/24 };ok;ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 } + +!set6 type ipv4_addr;ok +?set6 192.168.3.5, *;ok +ip saddr @set6 drop;ok + +ip saddr vmap { 1.1.1.1 : drop, * : accept };ok +meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 };ok + +!map2 type ipv4_addr . ipv4_addr . inet_service : ipv4_addr . inet_service;ok +add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 };ok diff --git a/tests/py/ip/sets.t.json b/tests/py/ip/sets.t.json index 65d2df87..f2637d93 100644 --- a/tests/py/ip/sets.t.json +++ b/tests/py/ip/sets.t.json @@ -188,3 +188,155 @@ } ] +# ip saddr @set6 drop +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "@set6" + } + }, + { + "drop": null + } +] + +# ip saddr vmap { 1.1.1.1 : drop, * : accept } +[ + { + "vmap": { + "data": { + "set": [ + [ + "1.1.1.1", + { + "drop": null + } + ], + [ + "*", + { + "accept": null + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + } +] + +# meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 } +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": { + "set": [ + [ + "1.1.1.1", + 1 + ], + [ + "*", + 2 + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + } + } + } +] + +# add @map1 { ip saddr . ip daddr : meta mark } +[ + { + "map": { + "data": { + "meta": { + "key": "mark" + } + }, + "elem": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + } + ] + }, + "map": "@map1", + "op": "add" + } + } +] + +# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 } +[ + { + "map": { + "data": { + "concat": [ + "10.0.0.1", + 80 + ] + }, + "elem": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "th" + } + } + ] + }, + "map": "@map2", + "op": "add" + } + } +] diff --git a/tests/py/ip/sets.t.payload.inet b/tests/py/ip/sets.t.payload.inet index fa956c0c..cc04b43d 100644 --- a/tests/py/ip/sets.t.payload.inet +++ b/tests/py/ip/sets.t.payload.inet @@ -66,3 +66,52 @@ inet test-inet input [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] [ lookup reg 1 set __set%d ] + +# ip saddr @set6 drop +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set6 ] + [ immediate reg 0 drop ] + +# add @map1 { ip saddr . ip daddr : meta mark } +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ meta load mark => reg 10 ] + [ dynset add reg_key 1 set map1 sreg_data 10 ] + +# ip saddr vmap { 1.1.1.1 : drop, * : accept } +__map%d test-inet b +__map%d test-inet 0 + element 01010101 : drop 0 [end] element : accept 2 [end] +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 } +__map%d test-inet b +__map%d test-inet 0 + element 01010101 : 00000001 0 [end] element : 00000002 2 [end] +inet + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 } +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 2b @ transport header + 2 => reg 10 ] + [ immediate reg 11 0x0100000a ] + [ immediate reg 2 0x00005000 ] + [ dynset add reg_key 1 set map2 sreg_data 11 ] diff --git a/tests/py/ip/sets.t.payload.ip b/tests/py/ip/sets.t.payload.ip index ca3b5ade..f9ee1f98 100644 --- a/tests/py/ip/sets.t.payload.ip +++ b/tests/py/ip/sets.t.payload.ip @@ -50,3 +50,42 @@ __set%d test-ip4 0 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] [ lookup reg 1 set __set%d ] + +# ip saddr @set6 drop +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set6 ] + [ immediate reg 0 drop ] + +# ip saddr vmap { 1.1.1.1 : drop, * : accept } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 : drop 0 [end] element : accept 2 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 : 00000001 0 [end] element : 00000002 2 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# add @map1 { ip saddr . ip daddr : meta mark } +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ meta load mark => reg 10 ] + [ dynset add reg_key 1 set map1 sreg_data 10 ] + +# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 } +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 2b @ transport header + 2 => reg 10 ] + [ immediate reg 11 0x0100000a ] + [ immediate reg 2 0x00005000 ] + [ dynset add reg_key 1 set map2 sreg_data 11 ] diff --git a/tests/py/ip/sets.t.payload.netdev b/tests/py/ip/sets.t.payload.netdev index 9772d756..3d0dc79a 100644 --- a/tests/py/ip/sets.t.payload.netdev +++ b/tests/py/ip/sets.t.payload.netdev @@ -66,3 +66,52 @@ netdev test-netdev ingress [ cmp eq reg 1 0x00000008 ] [ payload load 4b @ network header + 12 => reg 1 ] [ lookup reg 1 set __set%d ] + +# ip saddr @set6 drop +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set6 ] + [ immediate reg 0 drop ] + +# ip saddr vmap { 1.1.1.1 : drop, * : accept } +__map%d test-netdev b +__map%d test-netdev 0 + element 01010101 : drop 0 [end] element : accept 2 [end] +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 0 ] + +# meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 } +__map%d test-netdev b +__map%d test-netdev 0 + element 01010101 : 00000001 0 [end] element : 00000002 2 [end] +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# add @map1 { ip saddr . ip daddr : meta mark } +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ meta load mark => reg 10 ] + [ dynset add reg_key 1 set map1 sreg_data 10 ] + +# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 } +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 2b @ transport header + 2 => reg 10 ] + [ immediate reg 11 0x0100000a ] + [ immediate reg 2 0x00005000 ] + [ dynset add reg_key 1 set map2 sreg_data 11 ] diff --git a/tests/py/ip/snat.t b/tests/py/ip/snat.t index c6e8a8e6..d4b0d2cb 100644 --- a/tests/py/ip/snat.t +++ b/tests/py/ip/snat.t @@ -6,9 +6,16 @@ iifname "eth0" tcp dport 80-90 snat to 192.168.3.2;ok iifname "eth0" tcp dport != 80-90 snat to 192.168.3.2;ok iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2;ok iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2;ok +iifname "eth0" tcp dport 80-90 snat to 192.168.3.0-192.168.3.255;ok;iifname "eth0" tcp dport 80-90 snat to 192.168.3.0/24 +iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240;ok iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2;ok -snat ip addr . port to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };ok -snat ip interval to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 };ok +meta l4proto 17 snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };ok +snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 };ok +snat ip to ip saddr map { 10.141.12.14 : 192.168.2.0/24 };ok snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 };ok + +meta l4proto { 6, 17} snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80};ok +snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };fail +snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80 };fail diff --git a/tests/py/ip/snat.t.json b/tests/py/ip/snat.t.json index e87b524e..967560e6 100644 --- a/tests/py/ip/snat.t.json +++ b/tests/py/ip/snat.t.json @@ -166,3 +166,365 @@ } ] +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.0-192.168.3.255 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": { + "range": [ + 80, + 90 + ] + } + } + }, + { + "snat": { + "addr": { + "prefix": { + "addr": "192.168.3.0", + "len": 24 + } + } + } + } +] + +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": { + "range": [ + 80, + 90 + ] + } + } + }, + { + "snat": { + "addr": { + "range": [ + "192.168.3.15", + "192.168.3.240" + ] + } + } + } +] + +# snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip", + "type_flags": "concat" + } + } +] + +# snat ip interval to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "range": [ + "192.168.2.2", + "192.168.2.4" + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip", + "type_flags": "interval" + } + } +] + +# snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "prefix": { + "addr": "10.141.11.0", + "len": 24 + } + }, + { + "prefix": { + "addr": "192.168.2.0", + "len": 24 + } + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip", + "flags": "netmap", + "type_flags": [ + "interval", + "prefix" + ] + } + } +] + +# meta l4proto 17 snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": "udp" + } + }, + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip" + } + } +] + +# snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "range": [ + "192.168.2.2", + "192.168.2.4" + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip" + } + } +] + +# snat ip to ip saddr map { 10.141.12.14 : 192.168.2.0/24 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.12.14", + { + "prefix": { + "addr": "192.168.2.0", + "len": 24 + } + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip" + } + } +] + +# meta l4proto { 6, 17} snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80} +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": { + "set": [ + "tcp", + "udp" + ] + } + } + }, + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "10.141.11.4", + 20 + ] + }, + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "th" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + diff --git a/tests/py/ip/snat.t.json.output b/tests/py/ip/snat.t.json.output index 1365316c..2a997801 100644 --- a/tests/py/ip/snat.t.json.output +++ b/tests/py/ip/snat.t.json.output @@ -70,3 +70,180 @@ } ] +# snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip" + } + } +] + +# meta l4proto 17 snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 17 + } + }, + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + "10.141.11.4", + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip" + } + } +] + +# meta l4proto { 6, 17} snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80} +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": { + "set": [ + 6, + 17 + ] + } + } + }, + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "10.141.11.4", + 20 + ] + }, + { + "concat": [ + "192.168.2.3", + 80 + ] + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "dport", + "protocol": "th" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + +# snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 } +[ + { + "snat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "prefix": { + "addr": "10.141.11.0", + "len": 24 + } + }, + { + "prefix": { + "addr": "192.168.2.0", + "len": 24 + } + } + ] + ] + }, + "key": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + } + } + }, + "family": "ip", + "flags": "netmap", + "type_flags": "prefix" + } + } +] + diff --git a/tests/py/ip/snat.t.payload b/tests/py/ip/snat.t.payload index 22befe15..71a5e2f1 100644 --- a/tests/py/ip/snat.t.payload +++ b/tests/py/ip/snat.t.payload @@ -8,7 +8,7 @@ ip test-ip4 postrouting [ cmp gte reg 1 0x00005000 ] [ cmp lte reg 1 0x00005a00 ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] # iifname "eth0" tcp dport != 80-90 snat to 192.168.3.2 ip test-ip4 postrouting @@ -19,7 +19,7 @@ ip test-ip4 postrouting [ payload load 2b @ transport header + 2 => reg 1 ] [ range neq reg 1 0x00005000 0x00005a00 ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] # iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2 __set%d test-ip4 3 @@ -33,7 +33,7 @@ ip test-ip4 postrouting [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] # iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2 __set%d test-ip4 3 @@ -47,7 +47,7 @@ ip test-ip4 postrouting [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] # iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2 ip test-ip4 postrouting @@ -58,18 +58,46 @@ ip test-ip4 postrouting [ payload load 2b @ transport header + 2 => reg 1 ] [ range neq reg 1 0x00001700 0x00002200 ] [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] + [ nat snat ip addr_min reg 1 ] -# snat ip addr . port to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.0-192.168.3.255 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x0003a8c0 ] + [ immediate reg 2 0xff03a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 2 ] + +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x0f03a8c0 ] + [ immediate reg 2 0xf003a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 2 ] + +# meta l4proto 17 snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } __map%d test-ip4 b size 1 __map%d test-ip4 0 element 040b8d0a : 0302a8c0 00005000 0 [end] -ip +ip + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] [ payload load 4b @ network header + 12 => reg 1 ] [ lookup reg 1 set __map%d dreg 1 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 proto_min reg 9 proto_max reg 0 ] + [ nat snat ip addr_min reg 1 proto_min reg 9 ] -# snat ip interval to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 } +# snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 } __map%d test-ip4 b size 1 __map%d test-ip4 0 element 040b8d0a : 0202a8c0 0402a8c0 0 [end] @@ -87,3 +115,40 @@ ip [ lookup reg 1 set __map%d dreg 1 ] [ nat snat ip addr_min reg 1 addr_max reg 9 flags 0x40 ] +# snat ip to ip saddr map { 10.141.12.14 : 192.168.2.0/24 } +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 0e0c8d0a : 0002a8c0 ff02a8c0 0 [end] +ip + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat snat ip addr_min reg 1 addr_max reg 9 ] + +# meta l4proto { 6, 17} snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80} +__set%d test-ip4 3 size 2 +__set%d test-ip4 0 + element 00000006 : 0 [end] element 00000011 : 0 [end] +__map%d test-ip4 b size 1 +__map%d test-ip4 0 + element 040b8d0a 00001400 : 0302a8c0 00005000 0 [end] +ip + [ meta load l4proto => reg 1 ] + [ lookup reg 1 set __set%d ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 2b @ transport header + 2 => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat snat ip addr_min reg 1 proto_min reg 9 ] + +# ip daddr 192.168.0.1 dnat to tcp dport map { 443 : 10.141.10.4 . 8443, 80 : 10.141.10.4 . 8080 } +__map%d x b size 2 +__map%d x 0 + element 0000bb01 : 040a8d0a 0000fb20 0 [end] element 00005000 : 040a8d0a 0000901f 0 [end] +ip + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 proto_min reg 9 ] + diff --git a/tests/py/ip6/ct.t b/tests/py/ip6/ct.t new file mode 100644 index 00000000..c06fd6a0 --- /dev/null +++ b/tests/py/ip6/ct.t @@ -0,0 +1,9 @@ +:output;type filter hook output priority 0 + +*ip6;test-ip6;output + +ct mark set ip6 dscp << 2 | 0x10;ok +ct mark set ip6 dscp << 26 | 0x10;ok +ct mark set ip6 dscp | 0x04;ok +ct mark set ip6 dscp | 0xff000000;ok +ct mark set ip6 dscp & 0x0f << 2;ok;ct mark set ip6 dscp & 0x3c diff --git a/tests/py/ip6/ct.t.json b/tests/py/ip6/ct.t.json new file mode 100644 index 00000000..7d8c88bb --- /dev/null +++ b/tests/py/ip6/ct.t.json @@ -0,0 +1,293 @@ +# ct mark set ip6 dscp lshift 2 or 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp lshift 26 or 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp | 0x04 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 4 + ] + } + } + } +] + +# ct mark set ip6 dscp | 0xff000000 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 4278190080 + ] + } + } + } +] + +# ct mark set ip6 dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp | 0x04 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 4 + ] + } + } + } +] + +# ct mark set ip6 dscp | 0xff000000 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 4278190080 + ] + } + } + } +] + +# ct mark set ip6 dscp & 0x0f << 2 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "&": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 60 + ] + } + } + } +] diff --git a/tests/py/ip6/ct.t.payload b/tests/py/ip6/ct.t.payload new file mode 100644 index 00000000..944208f2 --- /dev/null +++ b/tests/py/ip6/ct.t.payload @@ -0,0 +1,46 @@ +# ct mark set ip6 dscp << 2 | 0x10 +ip6 test-ip6 output + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] + +# ct mark set ip6 dscp << 26 | 0x10 +ip6 test-ip6 output + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] + +# ct mark set ip6 dscp | 0x04 +ip6 test-ip6 output + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffb ) ^ 0x00000004 ] + [ ct set mark with reg 1 ] + +# ct mark set ip6 dscp | 0xff000000 +ip6 test-ip6 output + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ bitwise reg 1 = ( reg 1 & 0x00ffffff ) ^ 0xff000000 ] + [ ct set mark with reg 1 ] + +# ct mark set ip6 dscp & 0x0f << 2 +ip6 test-ip6 output + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003c ) ^ 0x00000000 ] + [ ct set mark with reg 1 ] diff --git a/tests/py/ip6/dnat.t b/tests/py/ip6/dnat.t index 28bd7ef9..89d5a5f9 100644 --- a/tests/py/ip6/dnat.t +++ b/tests/py/ip6/dnat.t @@ -3,7 +3,7 @@ *ip6;test-ip6;prerouting tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok -tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok;tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100 +tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok tcp dport 80-90 dnat to [2001:838:35f:1::]:80;ok dnat to [2001:838:35f:1::]/64;ok;dnat to 2001:838:35f:1::/64 dnat to 2001:838:35f:1::-2001:838:35f:1:ffff:ffff:ffff:ffff;ok;dnat to 2001:838:35f:1::/64 diff --git a/tests/py/ip6/dnat.t.json b/tests/py/ip6/dnat.t.json index 3419b60f..cbfdb68b 100644 --- a/tests/py/ip6/dnat.t.json +++ b/tests/py/ip6/dnat.t.json @@ -81,10 +81,10 @@ { "dnat": { "addr": { - "range": [ - "2001:838:35f:1::", - "2001:838:35f:1:ffff:ffff:ffff:ffff" - ] + "prefix": { + "addr": "2001:838:35f:1::", + "len": 64 + } } } } @@ -95,11 +95,12 @@ { "dnat": { "addr": { - "range": [ - "2001:838:35f:1::", - "2001:838:35f:1:ffff:ffff:ffff:ffff" - ] + "prefix": { + "addr": "2001:838:35f:1::", + "len": 64 + } } } } ] + diff --git a/tests/py/ip6/dnat.t.payload.ip6 b/tests/py/ip6/dnat.t.payload.ip6 index 5906e0f8..004ffdeb 100644 --- a/tests/py/ip6/dnat.t.payload.ip6 +++ b/tests/py/ip6/dnat.t.payload.ip6 @@ -21,7 +21,7 @@ ip6 test-ip6 prerouting [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] [ immediate reg 3 0x00006400 ] - [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 flags 0x2 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 flags 0x2 ] # tcp dport 80-90 dnat to [2001:838:35f:1::]:80 ip6 test-ip6 prerouting @@ -32,7 +32,7 @@ ip6 test-ip6 prerouting [ cmp lte reg 1 0x00005a00 ] [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] [ immediate reg 2 0x00005000 ] - [ nat dnat ip6 addr_min reg 1 addr_max reg 0 proto_min reg 2 proto_max reg 0 flags 0x2 ] + [ nat dnat ip6 addr_min reg 1 proto_min reg 2 flags 0x2 ] # dnat to [2001:838:35f:1::]/64 ip6 test-ip6 prerouting diff --git a/tests/py/ip6/dst.t b/tests/py/ip6/dst.t index 9e7c554f..cd1fd3b2 100644 --- a/tests/py/ip6/dst.t +++ b/tests/py/ip6/dst.t @@ -9,8 +9,6 @@ dst nexthdr 33-45;ok dst nexthdr != 33-45;ok dst nexthdr { 33, 55, 67, 88};ok dst nexthdr != { 33, 55, 67, 88};ok -dst nexthdr { 33-55};ok -dst nexthdr != { 33-55};ok dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;dst nexthdr { 51, 50, 17, 136, 58, 6, 33, 132, 108} dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;dst nexthdr != { 51, 50, 17, 136, 58, 6, 33, 132, 108} dst nexthdr icmp;ok;dst nexthdr 1 @@ -21,6 +19,3 @@ dst hdrlength != 233;ok dst hdrlength 33-45;ok dst hdrlength != 33-45;ok dst hdrlength { 33, 55, 67, 88};ok -dst hdrlength != { 33, 55, 67, 88};ok -dst hdrlength { 33-55};ok -dst hdrlength != { 33-55};ok diff --git a/tests/py/ip6/dst.t.json b/tests/py/ip6/dst.t.json index 1373e177..e947a76f 100644 --- a/tests/py/ip6/dst.t.json +++ b/tests/py/ip6/dst.t.json @@ -112,46 +112,6 @@ } ] -# dst nexthdr { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "nexthdr", - "name": "dst" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# dst nexthdr != { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "nexthdr", - "name": "dst" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} [ { @@ -353,44 +313,3 @@ } } ] - -# dst hdrlength { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "hdrlength", - "name": "dst" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# dst hdrlength != { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "hdrlength", - "name": "dst" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - diff --git a/tests/py/ip6/dst.t.payload.inet b/tests/py/ip6/dst.t.payload.inet index ff22237e..90d6bda1 100644 --- a/tests/py/ip6/dst.t.payload.inet +++ b/tests/py/ip6/dst.t.payload.inet @@ -47,26 +47,6 @@ inet test-inet input [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# dst nexthdr { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# dst nexthdr != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} __set%d test-inet 3 __set%d test-inet 0 @@ -149,24 +129,3 @@ ip6 test-ip6 input [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] - -# dst hdrlength { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# dst hdrlength != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - diff --git a/tests/py/ip6/dst.t.payload.ip6 b/tests/py/ip6/dst.t.payload.ip6 index 9bf564cb..941140d0 100644 --- a/tests/py/ip6/dst.t.payload.ip6 +++ b/tests/py/ip6/dst.t.payload.ip6 @@ -35,22 +35,6 @@ ip6 test-ip6 input [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# dst nexthdr { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# dst nexthdr != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} __set%d test-ip6 3 __set%d test-ip6 0 @@ -113,21 +97,3 @@ __set%d test-ip6 0 ip6 test-ip6 input [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] - -# dst hdrlength { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# dst hdrlength != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - - diff --git a/tests/py/ip6/ether.t b/tests/py/ip6/ether.t index d94a0d21..49d7d063 100644 --- a/tests/py/ip6/ether.t +++ b/tests/py/ip6/ether.t @@ -3,6 +3,6 @@ *ip6;test-ip6;input tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 accept -tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 +tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04;ok tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2;ok ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept;ok diff --git a/tests/py/ip6/exthdr.t.json.output b/tests/py/ip6/exthdr.t.json.output index c9f5b49b..813402a2 100644 --- a/tests/py/ip6/exthdr.t.json.output +++ b/tests/py/ip6/exthdr.t.json.output @@ -1,33 +1,3 @@ -# exthdr hbh == exists -[ - { - "match": { - "left": { - "exthdr": { - "name": "hbh" - } - }, - "op": "==", - "right": true - } - } -] - -# exthdr hbh == missing -[ - { - "match": { - "left": { - "exthdr": { - "name": "hbh" - } - }, - "op": "==", - "right": false - } - } -] - # exthdr hbh 1 [ { diff --git a/tests/py/ip6/flowtable.t b/tests/py/ip6/flowtable.t deleted file mode 100644 index e58d51bb..00000000 --- a/tests/py/ip6/flowtable.t +++ /dev/null @@ -1,6 +0,0 @@ -:input;type filter hook input priority 0 - -*ip6;test-ip6;input - -meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter };ok;meter acct_out size 4096 { iif . ip6 saddr timeout 10m counter } -meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter };ok;meter acct_out size 12345 { ip6 saddr . iif timeout 10m counter } diff --git a/tests/py/ip6/flowtable.t.json b/tests/py/ip6/flowtable.t.json deleted file mode 100644 index d0b3a957..00000000 --- a/tests/py/ip6/flowtable.t.json +++ /dev/null @@ -1,62 +0,0 @@ -# meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter } -[ - { - "meter": { - "key": { - "elem": { - "timeout": 600, - "val": { - "concat": [ - { - "meta": { "key": "iif" } - }, - { - "payload": { - "field": "saddr", - "protocol": "ip6" - } - } - ] - } - } - }, - "name": "acct_out", - "size": 4096, - "stmt": { - "counter": null - } - } - } -] - -# meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter } -[ - { - "meter": { - "key": { - "elem": { - "timeout": 600, - "val": { - "concat": [ - { - "payload": { - "field": "saddr", - "protocol": "ip6" - } - }, - { - "meta": { "key": "iif" } - } - ] - } - } - }, - "name": "acct_out", - "size": 12345, - "stmt": { - "counter": null - } - } - } -] - diff --git a/tests/py/ip6/flowtable.t.json.output b/tests/py/ip6/flowtable.t.json.output deleted file mode 100644 index d0b3a957..00000000 --- a/tests/py/ip6/flowtable.t.json.output +++ /dev/null @@ -1,62 +0,0 @@ -# meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter } -[ - { - "meter": { - "key": { - "elem": { - "timeout": 600, - "val": { - "concat": [ - { - "meta": { "key": "iif" } - }, - { - "payload": { - "field": "saddr", - "protocol": "ip6" - } - } - ] - } - } - }, - "name": "acct_out", - "size": 4096, - "stmt": { - "counter": null - } - } - } -] - -# meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter } -[ - { - "meter": { - "key": { - "elem": { - "timeout": 600, - "val": { - "concat": [ - { - "payload": { - "field": "saddr", - "protocol": "ip6" - } - }, - { - "meta": { "key": "iif" } - } - ] - } - } - }, - "name": "acct_out", - "size": 12345, - "stmt": { - "counter": null - } - } - } -] - diff --git a/tests/py/ip6/flowtable.t.payload b/tests/py/ip6/flowtable.t.payload deleted file mode 100644 index 559475f6..00000000 --- a/tests/py/ip6/flowtable.t.payload +++ /dev/null @@ -1,16 +0,0 @@ -# meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter } -acct_out test-ip6 31 -acct_out test-ip6 0 -ip6 test-ip6 input - [ meta load iif => reg 1 ] - [ payload load 16b @ network header + 8 => reg 9 ] - [ dynset update reg_key 1 set acct_out timeout 600000ms expr [ counter pkts 0 bytes 0 ] ] - -# meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter } -acct_out test-ip6 31 -acct_out test-ip6 0 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ meta load iif => reg 2 ] - [ dynset update reg_key 1 set acct_out timeout 600000ms expr [ counter pkts 0 bytes 0 ] ] - diff --git a/tests/py/ip6/frag.t b/tests/py/ip6/frag.t index e16529ad..6bbd6ac0 100644 --- a/tests/py/ip6/frag.t +++ b/tests/py/ip6/frag.t @@ -1,8 +1,10 @@ :output;type filter hook output priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip6;test-ip6;output *inet;test-inet;output +*netdev;test-netdev;ingress,egress frag nexthdr tcp;ok;frag nexthdr 6 frag nexthdr != icmp;ok;frag nexthdr != 1 @@ -17,8 +19,6 @@ frag reserved 33-45;ok frag reserved != 33-45;ok frag reserved { 33, 55, 67, 88};ok frag reserved != { 33, 55, 67, 88};ok -frag reserved { 33-55};ok -frag reserved != { 33-55};ok frag frag-off 22;ok frag frag-off != 233;ok @@ -26,8 +26,6 @@ frag frag-off 33-45;ok frag frag-off != 33-45;ok frag frag-off { 33, 55, 67, 88};ok frag frag-off != { 33, 55, 67, 88};ok -frag frag-off { 33-55};ok -frag frag-off != { 33-55};ok frag reserved2 1;ok frag more-fragments 0;ok @@ -40,5 +38,3 @@ frag id 33-45;ok frag id != 33-45;ok frag id { 33, 55, 67, 88};ok frag id != { 33, 55, 67, 88};ok -frag id { 33-55};ok -frag id != { 33-55};ok diff --git a/tests/py/ip6/frag.t.payload.inet b/tests/py/ip6/frag.t.payload.inet index ef44f1ae..20334f44 100644 --- a/tests/py/ip6/frag.t.payload.inet +++ b/tests/py/ip6/frag.t.payload.inet @@ -95,32 +95,12 @@ inet test-inet output [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# frag reserved { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet output - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# frag reserved != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet output - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # frag frag-off 22 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000b000 ] # frag frag-off != 233 @@ -128,7 +108,7 @@ inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ cmp neq reg 1 0x00004807 ] # frag frag-off 33-45 @@ -136,7 +116,7 @@ inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ cmp gte reg 1 0x00000801 ] [ cmp lte reg 1 0x00006801 ] @@ -145,7 +125,7 @@ inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ range neq reg 1 0x00000801 0x00006801 ] # frag frag-off { 33, 55, 67, 88} @@ -156,7 +136,7 @@ inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # frag frag-off != { 33, 55, 67, 88} @@ -167,39 +147,9 @@ inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] -# frag frag-off { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000801 : 0 [end] element 0000b901 : 1 [end] -inet test-inet output - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] - [ lookup reg 1 set __set%d ] - -# frag frag-off != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000801 : 0 [end] element 0000b901 : 1 [end] -inet test-inet output - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] - [ lookup reg 1 set __set%d 0x1 ] - -# frag more-fragments 1 -inet test-inet output - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000001 ] - # frag id 1 inet test-inet output [ meta load nfproto => reg 1 ] @@ -256,32 +206,12 @@ inet test-inet output [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# frag id { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet output - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# frag id != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet output - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # frag reserved2 1 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000006 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000006 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000002 ] # frag more-fragments 0 @@ -289,7 +219,7 @@ inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # frag more-fragments 1 @@ -297,6 +227,6 @@ inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip6/frag.t.payload.ip6 b/tests/py/ip6/frag.t.payload.ip6 index 940fb9f0..7c3e7a4e 100644 --- a/tests/py/ip6/frag.t.payload.ip6 +++ b/tests/py/ip6/frag.t.payload.ip6 @@ -71,45 +71,29 @@ ip6 test-ip6 output [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# frag reserved { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 output - [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# frag reserved != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 output - [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # frag frag-off 22 ip6 test-ip6 output [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000b000 ] # frag frag-off != 233 ip6 test-ip6 output [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ cmp neq reg 1 0x00004807 ] # frag frag-off 33-45 ip6 test-ip6 output [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ cmp gte reg 1 0x00000801 ] [ cmp lte reg 1 0x00006801 ] # frag frag-off != 33-45 ip6 test-ip6 output [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ range neq reg 1 0x00000801 0x00006801 ] # frag frag-off { 33, 55, 67, 88} @@ -118,7 +102,7 @@ __set%d test-ip6 0 element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end] ip6 test-ip6 output [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # frag frag-off != { 33, 55, 67, 88} @@ -127,33 +111,9 @@ __set%d test-ip6 0 element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end] ip6 test-ip6 output [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] -# frag frag-off { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000801 : 0 [end] element 0000b901 : 1 [end] -ip6 test-ip6 output - [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] - [ lookup reg 1 set __set%d ] - -# frag frag-off != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000801 : 0 [end] element 0000b901 : 1 [end] -ip6 test-ip6 output - [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] - [ lookup reg 1 set __set%d 0x1 ] - -# frag more-fragments 1 -ip6 test-ip6 output - [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000001 ] - # frag id 1 ip6 test-ip6 output [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] @@ -196,37 +156,21 @@ ip6 test-ip6 output [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# frag id { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 output - [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# frag id != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 output - [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # frag reserved2 1 ip6 test-ip6 output [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000006 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000006 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000002 ] # frag more-fragments 0 ip6 test-ip6 output [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] # frag more-fragments 1 ip6 test-ip6 output [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000001 ] diff --git a/tests/py/ip6/frag.t.payload.netdev b/tests/py/ip6/frag.t.payload.netdev new file mode 100644 index 00000000..05620754 --- /dev/null +++ b/tests/py/ip6/frag.t.payload.netdev @@ -0,0 +1,232 @@ +# frag nexthdr tcp +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + +# frag nexthdr != icmp +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp} +__set%d test-netdev 3 size 8 +__set%d test-netdev 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp} +__set%d test-netdev 3 size 8 +__set%d test-netdev 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + +# frag nexthdr esp +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# frag nexthdr ah +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + +# frag reserved 22 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# frag reserved != 233 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# frag reserved 33-45 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# frag reserved != 33-45 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] + [ range neq reg 1 0x00000021 0x0000002d ] + +# frag reserved { 33, 55, 67, 88} +__set%d test-netdev 3 size 4 +__set%d test-netdev 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# frag reserved != { 33, 55, 67, 88} +__set%d test-netdev 3 size 4 +__set%d test-netdev 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + +# frag frag-off 22 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000b000 ] + +# frag frag-off != 233 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00004807 ] + +# frag frag-off 33-45 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] + [ cmp gte reg 1 0x00000801 ] + [ cmp lte reg 1 0x00006801 ] + +# frag frag-off != 33-45 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] + [ range neq reg 1 0x00000801 0x00006801 ] + +# frag frag-off { 33, 55, 67, 88} +__set%d test-netdev 3 size 4 +__set%d test-netdev 0 + element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] + [ lookup reg 1 set __set%d ] + +# frag frag-off != { 33, 55, 67, 88} +__set%d test-netdev 3 size 4 +__set%d test-netdev 0 + element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ] + [ lookup reg 1 set __set%d 0x1 ] + +# frag reserved2 1 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000006 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000002 ] + +# frag more-fragments 0 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# frag more-fragments 1 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] + +# frag id 1 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] + [ cmp eq reg 1 0x01000000 ] + +# frag id 22 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# frag id != 33 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] + [ cmp neq reg 1 0x21000000 ] + +# frag id 33-45 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# frag id != 33-45 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] + [ range neq reg 1 0x21000000 0x2d000000 ] + +# frag id { 33, 55, 67, 88} +__set%d test-netdev 3 size 4 +__set%d test-netdev 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# frag id != { 33, 55, 67, 88} +__set%d test-netdev 3 size 4 +__set%d test-netdev 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + diff --git a/tests/py/ip6/hbh.t b/tests/py/ip6/hbh.t index f367a384..fce5feae 100644 --- a/tests/py/ip6/hbh.t +++ b/tests/py/ip6/hbh.t @@ -9,8 +9,6 @@ hbh hdrlength 33-45;ok hbh hdrlength != 33-45;ok hbh hdrlength {33, 55, 67, 88};ok hbh hdrlength != {33, 55, 67, 88};ok -hbh hdrlength { 33-55};ok -hbh hdrlength != { 33-55};ok hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;hbh nexthdr { 58, 136, 51, 50, 6, 17, 132, 33, 108} hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;hbh nexthdr != { 58, 136, 51, 50, 6, 17, 132, 33, 108} @@ -20,7 +18,5 @@ hbh nexthdr 33-45;ok hbh nexthdr != 33-45;ok hbh nexthdr {33, 55, 67, 88};ok hbh nexthdr != {33, 55, 67, 88};ok -hbh nexthdr { 33-55};ok -hbh nexthdr != { 33-55};ok hbh nexthdr ip;ok;hbh nexthdr 0 hbh nexthdr != ip;ok;hbh nexthdr != 0 diff --git a/tests/py/ip6/hbh.t.json b/tests/py/ip6/hbh.t.json index 441d3bfe..68670a3b 100644 --- a/tests/py/ip6/hbh.t.json +++ b/tests/py/ip6/hbh.t.json @@ -112,46 +112,6 @@ } ] -# hbh hdrlength { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "hdrlength", - "name": "hbh" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# hbh hdrlength != { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "hdrlength", - "name": "hbh" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} [ { @@ -322,46 +282,6 @@ } ] -# hbh nexthdr { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "nexthdr", - "name": "hbh" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# hbh nexthdr != { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "nexthdr", - "name": "hbh" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # hbh nexthdr ip [ { diff --git a/tests/py/ip6/hbh.t.payload.inet b/tests/py/ip6/hbh.t.payload.inet index e358351d..63afd832 100644 --- a/tests/py/ip6/hbh.t.payload.inet +++ b/tests/py/ip6/hbh.t.payload.inet @@ -47,26 +47,6 @@ inet test-inet filter-input [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# hbh hdrlength { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet filter-input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# hbh hdrlength != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet filter-input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} __set%d test-inet 3 __set%d test-inet 0 @@ -136,26 +116,6 @@ inet test-inet filter-input [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# hbh nexthdr { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet filter-input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# hbh nexthdr != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet filter-input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # hbh nexthdr ip inet test-inet filter-input [ meta load nfproto => reg 1 ] diff --git a/tests/py/ip6/hbh.t.payload.ip6 b/tests/py/ip6/hbh.t.payload.ip6 index a4b131a5..913505a5 100644 --- a/tests/py/ip6/hbh.t.payload.ip6 +++ b/tests/py/ip6/hbh.t.payload.ip6 @@ -35,22 +35,6 @@ ip6 test-ip6 filter-input [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# hbh hdrlength { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 filter-input - [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# hbh hdrlength != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 filter-input - [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} __set%d test-ip6 3 __set%d test-ip6 0 @@ -104,22 +88,6 @@ ip6 test-ip6 filter-input [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# hbh nexthdr { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 filter-input - [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# hbh nexthdr != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 filter-input - [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # hbh nexthdr ip ip6 test-ip6 filter-input [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] diff --git a/tests/py/ip6/icmpv6.t b/tests/py/ip6/icmpv6.t index 8d794115..7632bfd8 100644 --- a/tests/py/ip6/icmpv6.t +++ b/tests/py/ip6/icmpv6.t @@ -28,25 +28,20 @@ icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-sol icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept;ok icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept;ok -icmpv6 code 4;ok;icmpv6 code port-unreachable +icmpv6 code 4;ok icmpv6 code 3-66;ok -icmpv6 code {5, 6, 7} accept;ok;icmpv6 code {policy-fail, reject-route, 7} accept -icmpv6 code != {policy-fail, reject-route, 7} accept;ok -icmpv6 code { 3-66};ok -icmpv6 code != { 3-66};ok +icmpv6 code {5, 6, 7} accept;ok +icmpv6 code != {policy-fail, reject-route, 7} accept;ok;icmpv6 code != {5, 6, 7} accept icmpv6 checksum 2222 log;ok icmpv6 checksum != 2222 log;ok icmpv6 checksum 222-226;ok -icmpv6 checksum != 2222 log;ok +icmpv6 checksum != 222-226;ok icmpv6 checksum { 222, 226};ok icmpv6 checksum != { 222, 226};ok -icmpv6 checksum { 222-226};ok -icmpv6 checksum != { 222-226};ok -# BUG: icmpv6 parameter-problem, pptr, mtu, packet-too-big +# BUG: icmpv6 parameter-problem, pptr # [ICMP6HDR_PPTR] = ICMP6HDR_FIELD("parameter-problem", icmp6_pptr), -# [ICMP6HDR_MTU] = ICMP6HDR_FIELD("packet-too-big", icmp6_mtu), # $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 35 # <cmdline>:1:53-53: Error: syntax error, unexpected end of file # add rule ip6 test6 input icmpv6 parameter-problem 35 @@ -59,44 +54,46 @@ icmpv6 checksum != { 222-226};ok # <cmdline>:1:54-54: Error: syntax error, unexpected end of file # add rule ip6 test6 input icmpv6 parameter-problem 2-4 -# BUG: packet-too-big -# $ sudo nft add rule ip6 test6 input icmpv6 packet-too-big 34 -# <cmdline>:1:50-50: Error: syntax error, unexpected end of file -# add rule ip6 test6 input icmpv6 packet-too-big 34 - icmpv6 mtu 22;ok icmpv6 mtu != 233;ok icmpv6 mtu 33-45;ok icmpv6 mtu != 33-45;ok icmpv6 mtu {33, 55, 67, 88};ok icmpv6 mtu != {33, 55, 67, 88};ok -icmpv6 mtu {33-55};ok -icmpv6 mtu != {33-55};ok - -- icmpv6 id 2;ok -- icmpv6 id != 233;ok -icmpv6 id 33-45;ok -icmpv6 id != 33-45;ok -icmpv6 id {33, 55, 67, 88};ok -icmpv6 id != {33, 55, 67, 88};ok -icmpv6 id {33-55};ok -icmpv6 id != {33-55};ok - -icmpv6 sequence 2;ok -icmpv6 sequence {3, 4, 5, 6, 7} accept;ok - -icmpv6 sequence {2, 4};ok -icmpv6 sequence != {2, 4};ok -icmpv6 sequence 2-4;ok -icmpv6 sequence != 2-4;ok -icmpv6 sequence { 2-4};ok -icmpv6 sequence != { 2-4};ok - -- icmpv6 max-delay 22;ok -- icmpv6 max-delay != 233;ok +icmpv6 type packet-too-big icmpv6 mtu 1280;ok;icmpv6 mtu 1280 + +icmpv6 id 33-45;ok;icmpv6 type { echo-request, echo-reply} icmpv6 id 33-45 +icmpv6 id != 33-45;ok;icmpv6 type { echo-request, echo-reply} icmpv6 id != 33-45 +icmpv6 id {33, 55, 67, 88};ok;icmpv6 type { echo-request, echo-reply} icmpv6 id { 33, 55, 67, 88} +icmpv6 id != {33, 55, 67, 88};ok;icmpv6 type { echo-request, echo-reply} icmpv6 id != { 33, 55, 67, 88} + +icmpv6 id 1;ok;icmpv6 type { echo-request, echo-reply} icmpv6 id 1 +icmpv6 type echo-reply icmpv6 id 65534;ok + +icmpv6 sequence 2;ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence 2 +icmpv6 sequence {3, 4, 5, 6, 7} accept;ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence { 3, 4, 5, 6, 7} accept + + +icmpv6 sequence {2, 4};ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence { 2, 4} +icmpv6 sequence != {2, 4};ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence != { 2, 4} +icmpv6 sequence 2-4;ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence 2-4 +icmpv6 sequence != 2-4;ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence != 2-4 + icmpv6 max-delay 33-45;ok icmpv6 max-delay != 33-45;ok icmpv6 max-delay {33, 55, 67, 88};ok icmpv6 max-delay != {33, 55, 67, 88};ok -icmpv6 max-delay {33-55};ok -icmpv6 max-delay != {33-55};ok + +icmpv6 type parameter-problem icmpv6 code 0;ok + +icmpv6 type mld-listener-query icmpv6 taddr 2001:db8::133;ok +icmpv6 type nd-neighbor-solicit icmpv6 taddr 2001:db8::133;ok +icmpv6 type nd-neighbor-advert icmpv6 taddr 2001:db8::133;ok +icmpv6 taddr 2001:db8::133;ok;icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect} icmpv6 taddr 2001:db8::133 + +icmpv6 taddr 2001:db8::133;ok;icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect} icmpv6 taddr 2001:db8::133 + +icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect} icmpv6 taddr 2001:db8::133;ok +icmpv6 type { nd-neighbor-solicit, nd-neighbor-advert } icmpv6 taddr 2001:db8::133;ok +icmpv6 daddr 2001:db8::133;ok +icmpv6 type nd-redirect icmpv6 daddr 2001:db8::133;ok;icmpv6 daddr 2001:db8::133 diff --git a/tests/py/ip6/icmpv6.t.json b/tests/py/ip6/icmpv6.t.json index f6cfbf17..9df886dd 100644 --- a/tests/py/ip6/icmpv6.t.json +++ b/tests/py/ip6/icmpv6.t.json @@ -532,8 +532,8 @@ "op": "!=", "right": { "set": [ - "policy-fail", - "reject-route", + 5, + 6, 7 ] } @@ -544,46 +544,6 @@ } ] -# icmpv6 code { 3-66} -[ - { - "match": { - "left": { - "payload": { - "field": "code", - "protocol": "icmpv6" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 3, 66 ] } - ] - } - } - } -] - -# icmpv6 code != { 3-66} -[ - { - "match": { - "left": { - "payload": { - "field": "code", - "protocol": "icmpv6" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 3, 66 ] } - ] - } - } - } -] - # icmpv6 checksum 2222 log [ { @@ -640,7 +600,7 @@ } ] -# icmpv6 checksum != 2222 log +# icmpv6 checksum != 222-226 [ { "match": { @@ -650,12 +610,11 @@ "protocol": "icmpv6" } }, - "op": "!=", - "right": 2222 + "op": "!=", + "right": { + "range": [ 222, 226 ] + } } - }, - { - "log": null } ] @@ -701,46 +660,6 @@ } ] -# icmpv6 checksum { 222-226} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "icmpv6" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 222, 226 ] } - ] - } - } - } -] - -# icmpv6 checksum != { 222-226} -[ - { - "match": { - "left": { - "payload": { - "field": "checksum", - "protocol": "icmpv6" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 222, 226 ] } - ] - } - } - } -] - # icmpv6 mtu 22 [ { @@ -855,46 +774,6 @@ } ] -# icmpv6 mtu {33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "mtu", - "protocol": "icmpv6" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# icmpv6 mtu != {33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "mtu", - "protocol": "icmpv6" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # icmpv6 id 33-45 [ { @@ -977,42 +856,63 @@ } ] -# icmpv6 id {33-55} +# icmpv6 id 1 [ { "match": { "left": { "payload": { - "field": "id", + "field": "type", "protocol": "icmpv6" } }, - "op": "==", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + "echo-request", + "echo-reply" ] } } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": 1 + } } ] -# icmpv6 id != {33-55} +# icmpv6 type echo-reply icmpv6 id 65534 [ { "match": { "left": { "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "echo-reply" + } + }, + { + "match": { + "left": { + "payload": { "field": "id", "protocol": "icmpv6" } }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } + "op": "==", + "right": 65534 } } ] @@ -1138,165 +1038,388 @@ } ] -# icmpv6 sequence { 2-4} +# icmpv6 max-delay 33-45 [ { "match": { "left": { "payload": { - "field": "sequence", + "field": "max-delay", "protocol": "icmpv6" } }, "op": "==", "right": { - "set": [ - { "range": [ 2, 4 ] } - ] + "range": [ 33, 45 ] } } } ] -# icmpv6 sequence != { 2-4} +# icmpv6 max-delay != 33-45 [ { "match": { "left": { "payload": { - "field": "sequence", + "field": "max-delay", "protocol": "icmpv6" } }, "op": "!=", "right": { - "set": [ - { "range": [ 2, 4 ] } - ] + "range": [ 33, 45 ] } } } ] -# icmpv6 max-delay 33-45 +# icmpv6 max-delay {33, 55, 67, 88} [ { "match": { "left": { "payload": { "field": "max-delay", - "name": "icmpv6" + "protocol": "icmpv6" } }, "op": "==", "right": { - "range": [ 33, 45 ] + "set": [ + 33, + 55, + 67, + 88 + ] } } } ] -# icmpv6 max-delay != 33-45 +# icmpv6 max-delay != {33, 55, 67, 88} [ { "match": { "left": { "payload": { "field": "max-delay", - "name": "icmpv6" + "protocol": "icmpv6" } }, "op": "!=", "right": { - "range": [ 33, 45 ] + "set": [ + 33, + 55, + 67, + 88 + ] } } } ] -# icmpv6 max-delay {33, 55, 67, 88} +# icmpv6 type packet-too-big icmpv6 mtu 1280 [ { "match": { "left": { "payload": { - "field": "max-delay", - "name": "icmpv6" + "field": "mtu", + "protocol": "icmpv6" } }, - "op": "==", + "op": "==", + "right": 1280 + } + } +] + +# icmpv6 type parameter-problem icmpv6 code 0 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "parameter-problem" + } + }, + { + "match": { + "left": { + "payload": { + "field": "code", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": 0 + } + } +] + +# icmpv6 type mld-listener-query icmpv6 taddr 2001:db8::133 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "mld-listener-query" + } + }, + { + "match": { + "left": { + "payload": { + "field": "taddr", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "2001:db8::133" + } + } +] + +# icmpv6 type nd-neighbor-solicit icmpv6 taddr 2001:db8::133 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "nd-neighbor-solicit" + } + }, + { + "match": { + "left": { + "payload": { + "field": "taddr", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "2001:db8::133" + } + } +] + +# icmpv6 type nd-neighbor-advert icmpv6 taddr 2001:db8::133 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "nd-neighbor-advert" + } + }, + { + "match": { + "left": { + "payload": { + "field": "taddr", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "2001:db8::133" + } + } +] + +# icmpv6 taddr 2001:db8::133 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", "right": { "set": [ - 33, - 55, - 67, - 88 + "mld-listener-query", + "mld-listener-report", + "mld-listener-done", + "nd-neighbor-solicit", + "nd-neighbor-advert", + "nd-redirect" ] } } + }, + { + "match": { + "left": { + "payload": { + "field": "taddr", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "2001:db8::133" + } } ] -# icmpv6 max-delay != {33, 55, 67, 88} +# icmpv6 taddr 2001:db8::133 [ { "match": { "left": { "payload": { - "field": "max-delay", - "name": "icmpv6" + "field": "type", + "protocol": "icmpv6" } }, - "op": "!=", + "op": "==", "right": { "set": [ - 33, - 55, - 67, - 88 + "mld-listener-query", + "mld-listener-report", + "mld-listener-done", + "nd-neighbor-solicit", + "nd-neighbor-advert", + "nd-redirect" ] } } + }, + { + "match": { + "left": { + "payload": { + "field": "taddr", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "2001:db8::133" + } } ] -# icmpv6 max-delay {33-55} +# icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect} icmpv6 taddr 2001:db8::133 [ { "match": { "left": { "payload": { - "field": "max-delay", - "name": "icmpv6" + "field": "type", + "protocol": "icmpv6" } }, - "op": "==", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + "mld-listener-query", + "mld-listener-report", + "mld-listener-done", + "nd-neighbor-solicit", + "nd-neighbor-advert", + "nd-redirect" ] } } + }, + { + "match": { + "left": { + "payload": { + "field": "taddr", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "2001:db8::133" + } } ] -# icmpv6 max-delay != {33-55} +# icmpv6 type { nd-neighbor-solicit, nd-neighbor-advert } icmpv6 taddr 2001:db8::133 [ { "match": { "left": { "payload": { - "field": "max-delay", - "name": "icmpv6" + "field": "type", + "protocol": "icmpv6" } }, - "op": "!=", + "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + "nd-neighbor-solicit", + "nd-neighbor-advert" ] } } + }, + { + "match": { + "left": { + "payload": { + "field": "taddr", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "2001:db8::133" + } } ] +# icmpv6 daddr 2001:db8::133 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "2001:db8::133" + } + } +] + +# icmpv6 type nd-redirect icmpv6 daddr 2001:db8::133 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": "2001:db8::133" + } + } +] diff --git a/tests/py/ip6/icmpv6.t.json.output b/tests/py/ip6/icmpv6.t.json.output index 3a106621..5d33780e 100644 --- a/tests/py/ip6/icmpv6.t.json.output +++ b/tests/py/ip6/icmpv6.t.json.output @@ -8,7 +8,7 @@ "protocol": "icmpv6" } }, - "op": "==", + "op": "==", "right": "mld-listener-done" } }, @@ -27,7 +27,7 @@ "protocol": "icmpv6" } }, - "op": "==", + "op": "==", "right": { "set": [ "time-exceeded", @@ -53,7 +53,7 @@ "protocol": "icmpv6" } }, - "op": "==", + "op": "==", "right": { "set": [ "time-exceeded", @@ -93,7 +93,7 @@ } ] -# icmpv6 code 4 +# icmpv6 code { 3-66} [ { "match": { @@ -103,13 +103,22 @@ "protocol": "icmpv6" } }, - "op": "==", - "right": "port-unreachable" + "op": "==", + "right": { + "set": [ + { + "range": [ + "addr-unreachable", + 66 + ] + } + ] + } } } ] -# icmpv6 code 3-66 +# icmpv6 code != { 3-66} [ { "match": { @@ -119,29 +128,328 @@ "protocol": "icmpv6" } }, - "op": "==", + "op": "!=", "right": { - "range": [ "addr-unreachable", 66 ] + "set": [ + { + "range": [ + "addr-unreachable", + 66 + ] + } + ] } } } ] -# icmpv6 code {5, 6, 7} accept +# icmpv6 id 33-45 [ { "match": { "left": { "payload": { - "field": "code", + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "range": [ + 33, + 45 + ] + } + } + } +] + +# icmpv6 id != 33-45 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmpv6" + } + }, + "op": "!=", + "right": { + "range": [ + 33, + 45 + ] + } + } + } +] + +# icmpv6 id {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmpv6 id != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# icmpv6 id {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + { + "range": [ + 33, + 55 + ] + } + ] + } + } + } +] + +# icmpv6 id != {33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + { + "range": [ + 33, + 55 + ] + } + ] + } + } + } +] + +# icmpv6 sequence 2 +[ + { + "match": { + "left": { + "payload": { + "field": "type", "protocol": "icmpv6" } }, - "op": "==", + "op": "==", "right": { "set": [ - "policy-fail", - "reject-route", + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": 2 + } + } +] + +# icmpv6 sequence {3, 4, 5, 6, 7} accept +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + 3, + 4, + 5, + 6, 7 ] } @@ -152,40 +460,236 @@ } ] -# icmpv6 code { 3-66} +# icmpv6 sequence {2, 4} [ { "match": { "left": { "payload": { - "field": "code", + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", "protocol": "icmpv6" } }, - "op": "==", + "op": "==", "right": { "set": [ - { "range": [ "addr-unreachable", 66 ] } + 2, + 4 ] } } } ] -# icmpv6 code != { 3-66} +# icmpv6 sequence != {2, 4} [ { "match": { "left": { "payload": { - "field": "code", + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "protocol": "icmpv6" + } + }, + "op": "!=", + "right": { + "set": [ + 2, + 4 + ] + } + } + } +] + +# icmpv6 sequence 2-4 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "range": [ + 2, + 4 + ] + } + } + } +] + +# icmpv6 sequence != 2-4 +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "protocol": "icmpv6" + } + }, + "op": "!=", + "right": { + "range": [ + 2, + 4 + ] + } + } + } +] + +# icmpv6 sequence { 2-4} +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + { + "range": [ + 2, + 4 + ] + } + ] + } + } + } +] + +# icmpv6 sequence != { 2-4} +[ + { + "match": { + "left": { + "payload": { + "field": "type", + "protocol": "icmpv6" + } + }, + "op": "==", + "right": { + "set": [ + "echo-request", + "echo-reply" + ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "sequence", "protocol": "icmpv6" } }, "op": "!=", "right": { "set": [ - { "range": [ "addr-unreachable", 66 ] } + { + "range": [ + 2, + 4 + ] + } ] } } diff --git a/tests/py/ip6/icmpv6.t.payload.ip6 b/tests/py/ip6/icmpv6.t.payload.ip6 index 51d71f41..5b6035d1 100644 --- a/tests/py/ip6/icmpv6.t.payload.ip6 +++ b/tests/py/ip6/icmpv6.t.payload.ip6 @@ -231,26 +231,6 @@ ip6 test-ip6 input [ lookup reg 1 set __set%d 0x1 ] [ immediate reg 0 accept ] -# icmpv6 code { 3-66} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000003 : 0 [end] element 00000043 : 1 [end] -ip6 test-ip6 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmpv6 code != { 3-66} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000003 : 0 [end] element 00000043 : 1 [end] -ip6 test-ip6 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # icmpv6 checksum 2222 log ip6 test-ip6 input [ meta load l4proto => reg 1 ] @@ -275,13 +255,12 @@ ip6 test-ip6 input [ cmp gte reg 1 0x0000de00 ] [ cmp lte reg 1 0x0000e200 ] -# icmpv6 checksum != 2222 log -ip6 test-ip6 input +# icmpv6 checksum != 222-226 +ip6 [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000ae08 ] - [ log ] + [ range neq reg 1 0x0000de00 0x0000e200 ] # icmpv6 checksum { 222, 226} __set%d test-ip6 3 @@ -303,30 +282,12 @@ ip6 test-ip6 input [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# icmpv6 checksum { 222-226} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 0000de00 : 0 [end] element 0000e300 : 1 [end] -ip6 test-ip6 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmpv6 checksum != { 222-226} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 0000de00 : 0 [end] element 0000e300 : 1 [end] -ip6 test-ip6 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # icmpv6 mtu 22 ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp eq reg 1 0x16000000 ] @@ -334,6 +295,8 @@ ip6 test-ip6 input ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp neq reg 1 0xe9000000 ] @@ -341,6 +304,8 @@ ip6 test-ip6 input ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp gte reg 1 0x21000000 ] [ cmp lte reg 1 0x2d000000 ] @@ -349,6 +314,8 @@ ip6 test-ip6 input ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ range neq reg 1 0x21000000 0x2d000000 ] @@ -359,6 +326,8 @@ __set%d test-ip6 0 ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] @@ -369,172 +338,185 @@ __set%d test-ip6 0 ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# icmpv6 mtu {33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# icmpv6 mtu != {33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 input +# icmpv6 type packet-too-big icmpv6 mtu 1280 +ip6 [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ cmp eq reg 1 0x00050000 ] # icmpv6 id 33-45 +__set%d test-ip6 3 +__set%d test-ip6 0 + element 00000080 : 0 [end] element 00000081 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] # icmpv6 id != 33-45 +__set%d test-ip6 3 +__set%d test-ip6 0 + element 00000080 : 0 [end] element 00000081 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] # icmpv6 id {33, 55, 67, 88} __set%d test-ip6 3 __set%d test-ip6 0 + element 00000080 : 0 [end] element 00000081 : 0 [end] +__set%d test-ip6 3 +__set%d test-ip6 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] # icmpv6 id != {33, 55, 67, 88} __set%d test-ip6 3 __set%d test-ip6 0 + element 00000080 : 0 [end] element 00000081 : 0 [end] +__set%d test-ip6 3 +__set%d test-ip6 0 element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# icmpv6 id {33-55} -__set%d test-ip6 7 +# icmpv6 id 1 +__set%d test-ip6 3 size 2 __set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input + element 00000080 : 0 [end] element 00000081 : 0 [end] +ip6 [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] + [ payload load 1b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000100 ] -# icmpv6 id != {33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input +# icmpv6 type echo-reply icmpv6 id 65534 +ip6 [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ cmp eq reg 1 0x0000feff ] # icmpv6 sequence 2 +__set%d test-ip6 3 +__set%d test-ip6 0 + element 00000080 : 0 [end] element 00000081 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp eq reg 1 0x00000200 ] # icmpv6 sequence {3, 4, 5, 6, 7} accept __set%d test-ip6 3 __set%d test-ip6 0 - element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] -ip6 test-ip6 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] - [ immediate reg 0 accept ] - -# icmpv6 sequence != {3, 4, 5, 6, 7} accept + element 00000080 : 0 [end] element 00000081 : 0 [end] __set%d test-ip6 3 __set%d test-ip6 0 element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] # icmpv6 sequence {2, 4} __set%d test-ip6 3 __set%d test-ip6 0 + element 00000080 : 0 [end] element 00000081 : 0 [end] +__set%d test-ip6 3 +__set%d test-ip6 0 element 00000200 : 0 [end] element 00000400 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] # icmpv6 sequence != {2, 4} __set%d test-ip6 3 __set%d test-ip6 0 + element 00000080 : 0 [end] element 00000081 : 0 [end] +__set%d test-ip6 3 +__set%d test-ip6 0 element 00000200 : 0 [end] element 00000400 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # icmpv6 sequence 2-4 +__set%d test-ip6 3 +__set%d test-ip6 0 + element 00000080 : 0 [end] element 00000081 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] [ payload load 2b @ transport header + 6 => reg 1 ] [ cmp gte reg 1 0x00000200 ] [ cmp lte reg 1 0x00000400 ] # icmpv6 sequence != 2-4 -ip6 test-ip6 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ range neq reg 1 0x00000200 0x00000400 ] - -# icmpv6 sequence { 2-4} -__set%d test-ip6 7 +__set%d test-ip6 3 __set%d test-ip6 0 - element 00000000 : 1 [end] element 00000200 : 0 [end] element 00000500 : 1 [end] + element 00000080 : 0 [end] element 00000081 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] + [ payload load 1b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d ] - -# icmpv6 sequence != { 2-4} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000200 : 0 [end] element 00000500 : 1 [end] -ip6 test-ip6 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000003a ] [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ range neq reg 1 0x00000200 0x00000400 ] # icmpv6 max-delay 33-45 ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000082 ] [ payload load 2b @ transport header + 4 => reg 1 ] [ cmp gte reg 1 0x00002100 ] [ cmp lte reg 1 0x00002d00 ] @@ -543,6 +525,8 @@ ip6 test-ip6 input ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000082 ] [ payload load 2b @ transport header + 4 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] @@ -553,6 +537,8 @@ __set%d test-ip6 0 ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000082 ] [ payload load 2b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] @@ -563,26 +549,95 @@ __set%d test-ip6 0 ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000082 ] [ payload load 2b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# icmpv6 max-delay {33-55} -__set%d test-ip6 7 +# icmpv6 type parameter-problem icmpv6 code 0 +ip6 + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + +# icmpv6 type mld-listener-query icmpv6 taddr 2001:db8::133 +ip6 test-ip6 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000082 ] + [ payload load 16b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ] + +# icmpv6 type nd-neighbor-solicit icmpv6 taddr 2001:db8::133 +ip6 test-ip6 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000087 ] + [ payload load 16b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ] + +# icmpv6 type nd-neighbor-advert icmpv6 taddr 2001:db8::133 +ip6 test-ip6 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 16b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ] + +# icmpv6 taddr 2001:db8::133 +__set%d test-ip6 3 size 6 __set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] + element 00000082 : 0 [end] element 00000083 : 0 [end] element 00000084 : 0 [end] element 00000087 : 0 [end] element 00000088 : 0 [end] element 00000089 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] + [ payload load 1b @ transport header + 0 => reg 1 ] [ lookup reg 1 set __set%d ] + [ payload load 16b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ] -# icmpv6 max-delay != {33-55} -__set%d test-ip6 7 +# icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect} icmpv6 taddr 2001:db8::133 +__set%d test-ip6 3 size 6 __set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] + element 00000082 : 0 [end] element 00000083 : 0 [end] element 00000084 : 0 [end] element 00000087 : 0 [end] element 00000088 : 0 [end] element 00000089 : 0 [end] ip6 test-ip6 input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] + [ payload load 16b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ] + +# icmpv6 type { nd-neighbor-solicit, nd-neighbor-advert } icmpv6 taddr 2001:db8::133 +__set%d test-ip6 3 size 2 +__set%d test-ip6 0 + element 00000087 : 0 [end] element 00000088 : 0 [end] +ip6 test-ip6 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d ] + [ payload load 16b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ] +# icmpv6 daddr 2001:db8::133 +ip6 test-ip6 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000089 ] + [ payload load 16b @ transport header + 24 => reg 1 ] + [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ] + +# icmpv6 type nd-redirect icmpv6 daddr 2001:db8::133 +ip6 test-ip6 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000089 ] + [ payload load 16b @ transport header + 24 => reg 1 ] + [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ] diff --git a/tests/py/ip6/ip6.t b/tests/py/ip6/ip6.t index 8210d22b..430dd571 100644 --- a/tests/py/ip6/ip6.t +++ b/tests/py/ip6/ip6.t @@ -17,6 +17,15 @@ ip6 dscp != 0x20;ok;ip6 dscp != cs4 ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef};ok ip6 dscp vmap { 0x04 : accept, 0x3f : continue } counter;ok +!map1 type dscp : mark;ok +meta mark set ip6 dscp map @map1;ok +!map2 type dscp . ipv6_addr : mark;ok +meta mark set ip6 dscp . ip6 daddr map @map2;ok +!map3 type dscp : mark;ok +ip6 dscp @map3;ok +!map4 type dscp . ipv6_addr : mark;ok +ip6 dscp . ip6 daddr @map4;ok + ip6 flowlabel 22;ok ip6 flowlabel != 233;ok - ip6 flowlabel 33-45;ok @@ -24,9 +33,7 @@ ip6 flowlabel != 233;ok ip6 flowlabel { 33, 55, 67, 88};ok # BUG ip6 flowlabel { 5046528, 2883584, 13522432 } ip6 flowlabel != { 33, 55, 67, 88};ok -ip6 flowlabel { 33-55};ok -ip6 flowlabel != { 33-55};ok -ip6 flowlabel vmap { 0 : accept, 2 : continue } ;ok +ip6 flowlabel vmap { 0 : accept, 2 : continue };ok ip6 length 22;ok ip6 length != 233;ok @@ -34,16 +41,12 @@ ip6 length 33-45;ok ip6 length != 33-45;ok ip6 length { 33, 55, 67, 88};ok ip6 length != {33, 55, 67, 88};ok -ip6 length { 33-55};ok -ip6 length != { 33-55};ok ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp};ok;ip6 nexthdr { 132, 51, 108, 136, 17, 33, 6} ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;ip6 nexthdr { 6, 136, 108, 33, 50, 17, 132, 58, 51} ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;ip6 nexthdr != { 6, 136, 108, 33, 50, 17, 132, 58, 51} ip6 nexthdr esp;ok;ip6 nexthdr 50 ip6 nexthdr != esp;ok;ip6 nexthdr != 50 -ip6 nexthdr { 33-44};ok -ip6 nexthdr != { 33-44};ok ip6 nexthdr 33-44;ok ip6 nexthdr != 33-44;ok @@ -53,8 +56,6 @@ ip6 hoplimit 33-45;ok ip6 hoplimit != 33-45;ok ip6 hoplimit {33, 55, 67, 88};ok ip6 hoplimit != {33, 55, 67, 88};ok -ip6 hoplimit {33-55};ok -ip6 hoplimit != {33-55};ok # from src/scanner.l # v680 (({hex4}:){7}{hex4}) diff --git a/tests/py/ip6/ip6.t.json b/tests/py/ip6/ip6.t.json index f898240f..49e5a2dd 100644 --- a/tests/py/ip6/ip6.t.json +++ b/tests/py/ip6/ip6.t.json @@ -135,39 +135,107 @@ } ] -# ip6 flowlabel 22 +# meta mark set ip6 dscp map @map1 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": "@map1", + "key": { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + } + } + } + } + } +] + +# meta mark set ip6 dscp . ip6 daddr map @map2 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": "@map2", + "key": { + "concat": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip6" + } + } + ] + } + } + } + } + } +] + +# ip6 dscp @map3 [ { "match": { "left": { "payload": { - "field": "flowlabel", + "field": "dscp", "protocol": "ip6" } }, - "op": "==", - "right": 22 + "op": "==", + "right": "@map3" } } ] -# ip6 flowlabel != 233 +# ip6 dscp . ip6 daddr @map4 [ { "match": { "left": { - "payload": { - "field": "flowlabel", - "protocol": "ip6" - } + "concat": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip6" + } + } + ] }, - "op": "!=", - "right": 233 + "op": "==", + "right": "@map4" } } ] -# ip6 flowlabel { 33, 55, 67, 88} +# ip6 flowlabel 22 [ { "match": { @@ -178,19 +246,12 @@ } }, "op": "==", - "right": { - "set": [ - 33, - 55, - 67, - 88 - ] - } + "right": 22 } } ] -# ip6 flowlabel != { 33, 55, 67, 88} +# ip6 flowlabel != 233 [ { "match": { @@ -201,19 +262,12 @@ } }, "op": "!=", - "right": { - "set": [ - 33, - 55, - 67, - 88 - ] - } + "right": 233 } } ] -# ip6 flowlabel { 33-55} +# ip6 flowlabel { 33, 55, 67, 88} [ { "match": { @@ -226,14 +280,17 @@ "op": "==", "right": { "set": [ - { "range": [ 33, 55 ] } + 33, + 55, + 67, + 88 ] } } } ] -# ip6 flowlabel != { 33-55} +# ip6 flowlabel != { 33, 55, 67, 88} [ { "match": { @@ -246,7 +303,10 @@ "op": "!=", "right": { "set": [ - { "range": [ 33, 55 ] } + 33, + 55, + 67, + 88 ] } } @@ -397,48 +457,6 @@ } ] -# ip6 length { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "length", - "protocol": "ip6" - } - }, - "op": "==", - "right": { - "set": [ - { - "range": [ 33, 55 ] - } - ] - } - } - } -] - -# ip6 length != { 33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "length", - "protocol": "ip6" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} [ { @@ -743,46 +761,6 @@ } ] -# ip6 hoplimit {33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "hoplimit", - "protocol": "ip6" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# ip6 hoplimit != {33-55} -[ - { - "match": { - "left": { - "payload": { - "field": "hoplimit", - "protocol": "ip6" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 [ { diff --git a/tests/py/ip6/ip6.t.payload.inet b/tests/py/ip6/ip6.t.payload.inet index d015c8ef..dbb430af 100644 --- a/tests/py/ip6/ip6.t.payload.inet +++ b/tests/py/ip6/ip6.t.payload.inet @@ -3,7 +3,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000002 ] # ip6 dscp != cs1 @@ -11,7 +11,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000002 ] # ip6 dscp 0x38 @@ -19,7 +19,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000e ] # ip6 dscp != 0x20 @@ -27,7 +27,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000008 ] # ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} @@ -38,27 +38,71 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip6 dscp vmap { 0x04 : accept, 0x3f : continue } counter __map%d test-inet b size 2 __map%d test-inet 0 - element 00000001 : 0 [end] element 0000c00f : 0 [end] + element 00000001 : accept 0 [end] element 0000c00f : continue 0 [end] ip6 test-ip6 input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] +# meta mark set ip6 dscp map @map1 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ lookup reg 1 set map1 dreg 1 ] + [ meta set mark with reg 1 ] + +# meta mark set ip6 dscp . ip6 daddr map @map2 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ payload load 16b @ network header + 24 => reg 9 ] + [ lookup reg 1 set map2 dreg 1 ] + [ meta set mark with reg 1 ] + +# ip6 dscp @map3 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ lookup reg 1 set map3 ] + +# ip6 dscp . ip6 daddr @map4 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ payload load 16b @ network header + 24 => reg 9 ] + [ lookup reg 1 set map4 ] + # ip6 flowlabel 22 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00160000 ] # ip6 flowlabel != 233 @@ -66,7 +110,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ] [ cmp neq reg 1 0x00e90000 ] # ip6 flowlabel { 33, 55, 67, 88} @@ -77,7 +121,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip6 flowlabel != { 33, 55, 67, 88} @@ -88,40 +132,18 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] -# ip6 flowlabel { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] - [ lookup reg 1 set __set%d ] - -# ip6 flowlabel != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] - [ lookup reg 1 set __set%d 0x1 ] - -# ip6 flowlabel vmap { 0 : accept, 2 : continue } +# ip6 flowlabel vmap { 0 : accept, 2 : continue } __map%d test-inet b size 2 __map%d test-inet 0 - element 00000000 : 0 [end] element 00020000 : 0 [end] + element 00000000 : accept 0 [end] element 00020000 : continue 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] # ip6 length 22 @@ -173,26 +195,6 @@ inet test-inet input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip6 length { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip6 length != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} __set%d test-inet 3 __set%d test-inet 0 @@ -237,26 +239,6 @@ inet test-inet input [ payload load 1b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x00000032 ] -# ip6 nexthdr { 33-44} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip6 nexthdr != { 33-44} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip6 nexthdr 33-44 inet test-inet input [ meta load nfproto => reg 1 ] @@ -321,26 +303,6 @@ inet test-inet input [ payload load 1b @ network header + 7 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip6 hoplimit {33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip6 hoplimit != {33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 inet test-inet input [ meta load nfproto => reg 1 ] @@ -604,9 +566,8 @@ inet test-inet input inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ payload load 8b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 ] # ip6 saddr ::1 ip6 daddr ::2 inet test-inet input @@ -659,7 +620,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00003ff0 ) ^ 0x00000009 ] + [ bitwise reg 1 = ( reg 1 & 0x00003ff0 ) ^ 0x00000009 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 dscp set 63 @@ -669,7 +630,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00003ff0 ) ^ 0x0000c00f ] + [ bitwise reg 1 = ( reg 1 & 0x00003ff0 ) ^ 0x0000c00f ] [ payload write reg 1 => 2b @ network header + 0 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 ecn set ect0 @@ -679,7 +640,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000cf ) ^ 0x00000020 ] + [ bitwise reg 1 = ( reg 1 & 0x000000cf ) ^ 0x00000020 ] [ payload write reg 1 => 1b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 ecn set ce @@ -689,7 +650,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000cf ) ^ 0x00000030 ] + [ bitwise reg 1 = ( reg 1 & 0x000000cf ) ^ 0x00000030 ] [ payload write reg 1 => 1b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 flowlabel set 0 @@ -699,7 +660,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 flowlabel set 12345 @@ -709,7 +670,7 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00393000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00393000 ] [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 flowlabel set 0xfffff @@ -719,6 +680,6 @@ inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00ffff0f ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00ffff0f ] [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ] diff --git a/tests/py/ip6/ip6.t.payload.ip6 b/tests/py/ip6/ip6.t.payload.ip6 index b2e8363c..b1289232 100644 --- a/tests/py/ip6/ip6.t.payload.ip6 +++ b/tests/py/ip6/ip6.t.payload.ip6 @@ -1,25 +1,25 @@ # ip6 dscp cs1 ip6 test-ip6 input [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000002 ] # ip6 dscp != cs1 ip6 test-ip6 input [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000002 ] # ip6 dscp 0x38 ip6 test-ip6 input [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000000e ] # ip6 dscp != 0x20 ip6 test-ip6 input [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000008 ] # ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef} @@ -28,29 +28,65 @@ __set%d test-ip6 0 element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000006 : 0 [end] element 00000008 : 0 [end] element 0000000a : 0 [end] element 0000000c : 0 [end] element 0000000e : 0 [end] element 00000000 : 0 [end] element 00008002 : 0 [end] element 00000003 : 0 [end] element 00008003 : 0 [end] element 00008004 : 0 [end] element 00000005 : 0 [end] element 00008005 : 0 [end] element 00008006 : 0 [end] element 00000007 : 0 [end] element 00008007 : 0 [end] element 00008008 : 0 [end] element 00000009 : 0 [end] element 00008009 : 0 [end] element 0000800b : 0 [end] ip6 test-ip6 input [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip6 dscp vmap { 0x04 : accept, 0x3f : continue } counter __map%d test-ip6 b size 2 __map%d test-ip6 0 - element 00000001 : 0 [end] element 0000c00f : 0 [end] + element 00000001 : accept 0 [end] element 0000c00f : continue 0 [end] ip6 test-ip6 input [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] +# meta mark set ip6 dscp map @map1 +ip6 test-ip6 input + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ lookup reg 1 set map1 dreg 1 ] + [ meta set mark with reg 1 ] + +# meta mark set ip6 dscp . ip6 daddr map @map2 +ip6 test-ip6 input + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ payload load 16b @ network header + 24 => reg 9 ] + [ lookup reg 1 set map2 dreg 1 ] + [ meta set mark with reg 1 ] + +# ip6 dscp @map3 +ip6 test-ip6 input + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ lookup reg 1 set map3 ] + +# ip6 dscp . ip6 daddr @map4 +ip6 test-ip6 input + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ payload load 16b @ network header + 24 => reg 9 ] + [ lookup reg 1 set map4 ] + # ip6 flowlabel 22 ip6 test-ip6 input [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00160000 ] # ip6 flowlabel != 233 ip6 test-ip6 input [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ] [ cmp neq reg 1 0x00e90000 ] # ip6 flowlabel { 33, 55, 67, 88} @@ -59,7 +95,7 @@ __set%d test-ip6 0 element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] ip6 test-ip6 input [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] # ip6 flowlabel != { 33, 55, 67, 88} @@ -68,34 +104,16 @@ __set%d test-ip6 0 element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] ip6 test-ip6 input [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] -# ip6 flowlabel { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] -ip6 test-ip6 input - [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] - [ lookup reg 1 set __set%d ] - -# ip6 flowlabel != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] -ip6 test-ip6 input - [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] - [ lookup reg 1 set __set%d 0x1 ] - -# ip6 flowlabel vmap { 0 : accept, 2 : continue } +# ip6 flowlabel vmap { 0 : accept, 2 : continue } __map%d test-ip6 b size 2 __map%d test-ip6 0 - element 00000000 : 0 [end] element 00020000 : 0 [end] + element 00000000 : accept 0 [end] element 00020000 : continue 0 [end] ip6 test-ip6 input [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffff0f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ] [ lookup reg 1 set __map%d dreg 0 ] # ip6 length 22 @@ -135,22 +153,6 @@ ip6 test-ip6 input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip6 length { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip6 length != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} __set%d test-ip6 3 __set%d test-ip6 0 @@ -185,22 +187,6 @@ ip6 test-ip6 input [ payload load 1b @ network header + 6 => reg 1 ] [ cmp neq reg 1 0x00000032 ] -# ip6 nexthdr { 33-44} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip6 nexthdr != { 33-44} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip6 nexthdr 33-44 ip6 test-ip6 input [ payload load 1b @ network header + 6 => reg 1 ] @@ -249,22 +235,6 @@ ip6 test-ip6 input [ payload load 1b @ network header + 7 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# ip6 hoplimit {33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# ip6 hoplimit != {33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] @@ -452,9 +422,8 @@ ip6 test-ip6 input # ip6 saddr ::/64 ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ payload load 8b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 ] # ip6 saddr ::1 ip6 daddr ::2 ip6 test-ip6 input @@ -495,7 +464,7 @@ ip6 test-ip6 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00003ff0 ) ^ 0x00000009 ] + [ bitwise reg 1 = ( reg 1 & 0x00003ff0 ) ^ 0x00000009 ] [ payload write reg 1 => 2b @ network header + 0 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 dscp set 63 @@ -503,7 +472,7 @@ ip6 test-ip6 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 2b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00003ff0 ) ^ 0x0000c00f ] + [ bitwise reg 1 = ( reg 1 & 0x00003ff0 ) ^ 0x0000c00f ] [ payload write reg 1 => 2b @ network header + 0 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 ecn set ect0 @@ -511,7 +480,7 @@ ip6 test-ip6 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000cf ) ^ 0x00000020 ] + [ bitwise reg 1 = ( reg 1 & 0x000000cf ) ^ 0x00000020 ] [ payload write reg 1 => 1b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 ecn set ce @@ -519,7 +488,7 @@ ip6 test-ip6 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 1b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000cf ) ^ 0x00000030 ] + [ bitwise reg 1 = ( reg 1 & 0x000000cf ) ^ 0x00000030 ] [ payload write reg 1 => 1b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 flowlabel set 0 @@ -527,7 +496,7 @@ ip6 test-ip6 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 flowlabel set 12345 @@ -535,7 +504,7 @@ ip6 test-ip6 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00393000 ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00393000 ] [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ] # iif "lo" ip6 flowlabel set 0xfffff @@ -543,6 +512,6 @@ ip6 test-ip6 input [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ payload load 3b @ network header + 1 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00ffff0f ] + [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00ffff0f ] [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ] diff --git a/tests/py/ip6/map.t.payload b/tests/py/ip6/map.t.payload index 9b393a60..8e900c18 100644 --- a/tests/py/ip6/map.t.payload +++ b/tests/py/ip6/map.t.payload @@ -4,7 +4,7 @@ __map%d test-ip6 0 element 00000000 00000000 00000000 02000000 : 0000002a 0 [end] element 00000000 00000000 00000000 ffff0000 : 00000017 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000000 0x00000000 0x00000000 0xffff0000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x00000000 0x00000000 0x00000000 0xffff0000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] [ lookup reg 1 set __map%d dreg 1 ] [ meta set mark with reg 1 ] diff --git a/tests/py/ip6/masquerade.t.payload.ip6 b/tests/py/ip6/masquerade.t.payload.ip6 index f9f6f074..43ae2ae4 100644 --- a/tests/py/ip6/masquerade.t.payload.ip6 +++ b/tests/py/ip6/masquerade.t.payload.ip6 @@ -112,12 +112,12 @@ ip6 test-ip6 postrouting # iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade __map%d test-ip6 b __map%d test-ip6 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] + element 00001600 : drop 0 [end] element 0000de00 : drop 0 [end] ip6 test-ip6 postrouting [ meta load iifname => reg 1 ] [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000a ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -130,7 +130,7 @@ ip6 test-ip6 postrouting [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ immediate reg 1 0x00000004 ] - [ masq proto_min reg 1 proto_max reg 0 flags 0x2 ] + [ masq proto_min reg 1 flags 0x2 ] # meta l4proto 6 masquerade to :1024-2048 ip6 test-ip6 postrouting diff --git a/tests/py/ip6/meta.t b/tests/py/ip6/meta.t index dce97f5b..c177b081 100644 --- a/tests/py/ip6/meta.t +++ b/tests/py/ip6/meta.t @@ -9,5 +9,11 @@ meta l4proto icmp icmp type echo-request;ok;icmp type echo-request meta l4proto 1 icmp type echo-request;ok;icmp type echo-request icmp type echo-request;ok +meta protocol ip udp dport 67;ok +meta protocol ip6 udp dport 67;ok;udp dport 67 + meta sdif "lo" accept;ok meta sdifname != "vrf1" accept;ok + +meta mark set ip6 dscp << 2 | 0x10;ok +meta mark set ip6 dscp << 26 | 0x10;ok diff --git a/tests/py/ip6/meta.t.json b/tests/py/ip6/meta.t.json index e72350f3..1a2394d8 100644 --- a/tests/py/ip6/meta.t.json +++ b/tests/py/ip6/meta.t.json @@ -140,3 +140,174 @@ "accept": null } ] + +# meta protocol ip udp dport 67 +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] + +# meta protocol ip6 udp dport 67 +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] + +# meta mark set ip6 dscp lshift 2 or 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# meta mark set ip6 dscp lshift 26 or 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] + +# meta mark set ip6 dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# meta mark set ip6 dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] + diff --git a/tests/py/ip6/meta.t.json.output b/tests/py/ip6/meta.t.json.output index dede9b16..61adf184 100644 --- a/tests/py/ip6/meta.t.json.output +++ b/tests/py/ip6/meta.t.json.output @@ -46,3 +46,19 @@ } ] +# meta protocol ip6 udp dport 67 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] + diff --git a/tests/py/ip6/meta.t.payload b/tests/py/ip6/meta.t.payload index be04816e..6a37f1de 100644 --- a/tests/py/ip6/meta.t.payload +++ b/tests/py/ip6/meta.t.payload @@ -44,3 +44,39 @@ ip6 test-ip6 input [ meta load sdifname => reg 1 ] [ cmp neq reg 1 0x31667276 0x00000000 0x00000000 0x00000000 ] [ immediate reg 0 accept ] + +# meta protocol ip udp dport 67 +ip6 test-ip6 input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00004300 ] + +# meta protocol ip6 udp dport 67 +ip6 test-ip6 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00004300 ] + +# meta mark set ip6 dscp << 2 | 0x10 +ip6 test-ip6 input + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ meta set mark with reg 1 ] + +# meta mark set ip6 dscp << 26 | 0x10 +ip6 test-ip6 input + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ meta set mark with reg 1 ] diff --git a/tests/py/ip6/mh.t b/tests/py/ip6/mh.t index 2f90372e..46f4ba05 100644 --- a/tests/py/ip6/mh.t +++ b/tests/py/ip6/mh.t @@ -15,8 +15,6 @@ mh nexthdr 33-45;ok mh nexthdr != 33-45;ok mh nexthdr { 33, 55, 67, 88 };ok mh nexthdr != { 33, 55, 67, 88 };ok -mh nexthdr { 33-55 };ok -mh nexthdr != { 33-55 };ok mh hdrlength 22;ok mh hdrlength != 233;ok @@ -24,8 +22,6 @@ mh hdrlength 33-45;ok mh hdrlength != 33-45;ok mh hdrlength { 33, 55, 67, 88 };ok mh hdrlength != { 33, 55, 67, 88 };ok -mh hdrlength { 33-55 };ok -mh hdrlength != { 33-55 };ok mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message};ok mh type home-agent-switch-message;ok @@ -37,8 +33,6 @@ mh reserved 33-45;ok mh reserved != 33-45;ok mh reserved { 33, 55, 67, 88};ok mh reserved != { 33, 55, 67, 88};ok -mh reserved { 33-55};ok -mh reserved != { 33-55};ok mh checksum 22;ok mh checksum != 233;ok @@ -46,5 +40,3 @@ mh checksum 33-45;ok mh checksum != 33-45;ok mh checksum { 33, 55, 67, 88};ok mh checksum != { 33, 55, 67, 88};ok -mh checksum { 33-55};ok -mh checksum != { 33-55};ok diff --git a/tests/py/ip6/mh.t.json b/tests/py/ip6/mh.t.json index 211477d3..3159b14b 100644 --- a/tests/py/ip6/mh.t.json +++ b/tests/py/ip6/mh.t.json @@ -232,48 +232,6 @@ } ] -# mh nexthdr { 33-55 } -[ - { - "match": { - "left": { - "exthdr": { - "field": "nexthdr", - "name": "mh" - } - }, - "op": "==", - "right": { - "set": [ - { - "range": [ 33, 55 ] - } - ] - } - } - } -] - -# mh nexthdr != { 33-55 } -[ - { - "match": { - "left": { - "exthdr": { - "field": "nexthdr", - "name": "mh" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # mh hdrlength 22 [ { @@ -388,46 +346,6 @@ } ] -# mh hdrlength { 33-55 } -[ - { - "match": { - "left": { - "exthdr": { - "field": "hdrlength", - "name": "mh" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# mh hdrlength != { 33-55 } -[ - { - "match": { - "left": { - "exthdr": { - "field": "hdrlength", - "name": "mh" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} [ { @@ -606,46 +524,6 @@ } ] -# mh reserved { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "reserved", - "name": "mh" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# mh reserved != { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "reserved", - "name": "mh" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # mh checksum 22 [ { @@ -760,43 +638,3 @@ } ] -# mh checksum { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "checksum", - "name": "mh" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# mh checksum != { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "checksum", - "name": "mh" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - diff --git a/tests/py/ip6/mh.t.payload.inet b/tests/py/ip6/mh.t.payload.inet index 2c473fbd..54eaa70e 100644 --- a/tests/py/ip6/mh.t.payload.inet +++ b/tests/py/ip6/mh.t.payload.inet @@ -95,26 +95,6 @@ inet test-inet input [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# mh nexthdr { 33-55 } -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# mh nexthdr != { 33-55 } -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # mh hdrlength 22 inet test-inet input [ meta load nfproto => reg 1 ] @@ -164,26 +144,6 @@ inet test-inet input [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# mh hdrlength { 33-55 } -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# mh hdrlength != { 33-55 } -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} __set%d test-inet 3 __set%d test-inet 0 @@ -257,26 +217,6 @@ inet test-inet input [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# mh reserved { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# mh reserved != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # mh checksum 22 inet test-inet input [ meta load nfproto => reg 1 ] @@ -325,24 +265,3 @@ inet test-inet input [ cmp eq reg 1 0x0000000a ] [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] - -# mh checksum { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# mh checksum != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - diff --git a/tests/py/ip6/mh.t.payload.ip6 b/tests/py/ip6/mh.t.payload.ip6 index 93744dac..73bd4226 100644 --- a/tests/py/ip6/mh.t.payload.ip6 +++ b/tests/py/ip6/mh.t.payload.ip6 @@ -71,22 +71,6 @@ ip6 test-ip6 input [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# mh nexthdr { 33-55 } -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# mh nexthdr != { 33-55 } -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # mh hdrlength 22 ip6 test-ip6 input [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ] @@ -124,22 +108,6 @@ ip6 test-ip6 input [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# mh hdrlength { 33-55 } -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# mh hdrlength != { 33-55 } -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} __set%d test-ip6 3 __set%d test-ip6 0 @@ -195,22 +163,6 @@ ip6 test-ip6 input [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# mh reserved { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# mh reserved != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # mh checksum 22 ip6 test-ip6 input [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ] @@ -247,20 +199,3 @@ __set%d test-ip6 0 ip6 test-ip6 input [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] - -# mh checksum { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# mh checksum != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - diff --git a/tests/py/ip6/redirect.t b/tests/py/ip6/redirect.t index 778d53f3..70ef7f9f 100644 --- a/tests/py/ip6/redirect.t +++ b/tests/py/ip6/redirect.t @@ -46,4 +46,4 @@ ip6 daddr fe00::1-fe00::200 udp dport 53 counter redirect;ok iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect;ok # redirect with maps -ip6 nexthdr 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080};ok +redirect to :tcp dport map { 22 : 8000, 80 : 8080};ok diff --git a/tests/py/ip6/redirect.t.json b/tests/py/ip6/redirect.t.json index 0059c7ac..c18223fa 100644 --- a/tests/py/ip6/redirect.t.json +++ b/tests/py/ip6/redirect.t.json @@ -557,21 +557,9 @@ } ] -# ip6 nexthdr 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080} +# redirect to :tcp dport map { 22 : 8000, 80 : 8080} [ { - "match": { - "left": { - "payload": { - "field": "nexthdr", - "protocol": "ip6" - } - }, - "op": "==", - "right": 6 - } - }, - { "redirect": { "port": { "map": { diff --git a/tests/py/ip6/redirect.t.payload.ip6 b/tests/py/ip6/redirect.t.payload.ip6 index 104b9fd6..cfc29013 100644 --- a/tests/py/ip6/redirect.t.payload.ip6 +++ b/tests/py/ip6/redirect.t.payload.ip6 @@ -178,12 +178,12 @@ ip6 test-ip6 output # iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect __map%d test-ip6 b __map%d test-ip6 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] + element 00001600 : drop 0 [end] element 0000de00 : drop 0 [end] ip6 test-ip6 output [ meta load iifname => reg 1 ] [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000a ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -191,12 +191,12 @@ ip6 test-ip6 output [ lookup reg 1 set __map%d dreg 0 ] [ redir ] -# ip6 nexthdr 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080} +# redirect to :tcp dport map { 22 : 8000, 80 : 8080} __map%d test-ip6 b __map%d test-ip6 0 element 00001600 : 0000401f 0 [end] element 00005000 : 0000901f 0 [end] ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] + [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set __map%d dreg 1 ] diff --git a/tests/py/ip6/reject.t b/tests/py/ip6/reject.t index 7fa04eec..bfdd094e 100644 --- a/tests/py/ip6/reject.t +++ b/tests/py/ip6/reject.t @@ -3,13 +3,14 @@ *ip6;test-ip6;output reject;ok -reject with icmpv6 type no-route;ok -reject with icmpv6 type admin-prohibited;ok -reject with icmpv6 type addr-unreachable;ok -reject with icmpv6 type port-unreachable;ok;reject -reject with icmpv6 type policy-fail;ok -reject with icmpv6 type reject-route;ok +reject with icmpv6 no-route;ok +reject with icmpv6 admin-prohibited;ok +reject with icmpv6 addr-unreachable;ok +reject with icmpv6 port-unreachable;ok;reject +reject with icmpv6 policy-fail;ok +reject with icmpv6 reject-route;ok +reject with icmpv6 3;ok;reject with icmpv6 addr-unreachable mark 0x80000000 reject with tcp reset;ok;meta mark 0x80000000 reject with tcp reset -reject with icmpv6 type host-unreachable;fail -reject with icmp type host-unreachable;fail +reject with icmpv6 host-unreachable;fail +reject with icmp host-unreachable;fail diff --git a/tests/py/ip6/reject.t.json b/tests/py/ip6/reject.t.json index ae57c333..312a7dab 100644 --- a/tests/py/ip6/reject.t.json +++ b/tests/py/ip6/reject.t.json @@ -5,7 +5,7 @@ } ] -# reject with icmpv6 type no-route +# reject with icmpv6 no-route [ { "reject": { @@ -15,7 +15,7 @@ } ] -# reject with icmpv6 type admin-prohibited +# reject with icmpv6 admin-prohibited [ { "reject": { @@ -25,7 +25,7 @@ } ] -# reject with icmpv6 type addr-unreachable +# reject with icmpv6 addr-unreachable [ { "reject": { @@ -35,7 +35,7 @@ } ] -# reject with icmpv6 type port-unreachable +# reject with icmpv6 port-unreachable [ { "reject": { @@ -45,7 +45,7 @@ } ] -# reject with icmpv6 type policy-fail +# reject with icmpv6 policy-fail [ { "reject": { @@ -55,7 +55,7 @@ } ] -# reject with icmpv6 type reject-route +# reject with icmpv6 reject-route [ { "reject": { @@ -65,6 +65,16 @@ } ] +# reject with icmpv6 3 +[ + { + "reject": { + "expr": "addr-unreachable", + "type": "icmpv6" + } + } +] + # mark 0x80000000 reject with tcp reset [ { diff --git a/tests/py/ip6/reject.t.json.output b/tests/py/ip6/reject.t.json.output index 4e2058fe..04f12f56 100644 --- a/tests/py/ip6/reject.t.json.output +++ b/tests/py/ip6/reject.t.json.output @@ -1,7 +1,10 @@ -# reject with icmpv6 type port-unreachable +# reject [ { - "reject": null + "reject": { + "expr": "port-unreachable", + "type": "icmpv6" + } } ] diff --git a/tests/py/ip6/reject.t.payload.ip6 b/tests/py/ip6/reject.t.payload.ip6 index dd4491ae..3d4321b0 100644 --- a/tests/py/ip6/reject.t.payload.ip6 +++ b/tests/py/ip6/reject.t.payload.ip6 @@ -2,30 +2,34 @@ ip6 test-ip6 output [ reject type 0 code 4 ] -# reject with icmpv6 type no-route +# reject with icmpv6 no-route ip6 test-ip6 output [ reject type 0 code 0 ] -# reject with icmpv6 type admin-prohibited +# reject with icmpv6 admin-prohibited ip6 test-ip6 output [ reject type 0 code 1 ] -# reject with icmpv6 type addr-unreachable +# reject with icmpv6 addr-unreachable ip6 test-ip6 output [ reject type 0 code 3 ] -# reject with icmpv6 type port-unreachable +# reject with icmpv6 port-unreachable ip6 test-ip6 output [ reject type 0 code 4 ] -# reject with icmpv6 type policy-fail +# reject with icmpv6 policy-fail ip6 test-ip6 output [ reject type 0 code 5 ] -# reject with icmpv6 type reject-route +# reject with icmpv6 reject-route ip6 test-ip6 output [ reject type 0 code 6 ] +# reject with icmpv6 3 +ip6 test-ip6 output + [ reject type 0 code 3 ] + # mark 0x80000000 reject with tcp reset ip6 test-ip6 output [ meta load l4proto => reg 1 ] diff --git a/tests/py/ip6/rt.t b/tests/py/ip6/rt.t index c3feaabe..c33d38a5 100644 --- a/tests/py/ip6/rt.t +++ b/tests/py/ip6/rt.t @@ -15,8 +15,6 @@ rt nexthdr 33-45;ok rt nexthdr != 33-45;ok rt nexthdr { 33, 55, 67, 88};ok rt nexthdr != { 33, 55, 67, 88};ok -rt nexthdr { 33-55};ok -rt nexthdr != { 33-55};ok rt hdrlength 22;ok rt hdrlength != 233;ok @@ -24,8 +22,6 @@ rt hdrlength 33-45;ok rt hdrlength != 33-45;ok rt hdrlength { 33, 55, 67, 88};ok rt hdrlength != { 33, 55, 67, 88};ok -rt hdrlength { 33-55};ok -rt hdrlength != { 33-55};ok rt type 22;ok rt type != 233;ok @@ -33,8 +29,6 @@ rt type 33-45;ok rt type != 33-45;ok rt type { 33, 55, 67, 88};ok rt type != { 33, 55, 67, 88};ok -rt type { 33-55};ok -rt type != { 33-55};ok rt seg-left 22;ok rt seg-left != 233;ok @@ -42,5 +36,3 @@ rt seg-left 33-45;ok rt seg-left != 33-45;ok rt seg-left { 33, 55, 67, 88};ok rt seg-left != { 33, 55, 67, 88};ok -rt seg-left { 33-55};ok -rt seg-left != { 33-55};ok diff --git a/tests/py/ip6/rt.t.json b/tests/py/ip6/rt.t.json index 86a46402..b12873d6 100644 --- a/tests/py/ip6/rt.t.json +++ b/tests/py/ip6/rt.t.json @@ -232,46 +232,6 @@ } ] -# rt nexthdr { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "nexthdr", - "name": "rt" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# rt nexthdr != { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "nexthdr", - "name": "rt" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # rt hdrlength 22 [ { @@ -386,46 +346,6 @@ } ] -# rt hdrlength { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "hdrlength", - "name": "rt" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# rt hdrlength != { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "hdrlength", - "name": "rt" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # rt type 22 [ { @@ -540,46 +460,6 @@ } ] -# rt type { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "type", - "name": "rt" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# rt type != { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "type", - "name": "rt" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - # rt seg-left 22 [ { @@ -694,43 +574,3 @@ } ] -# rt seg-left { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "seg-left", - "name": "rt" - } - }, - "op": "==", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - -# rt seg-left != { 33-55} -[ - { - "match": { - "left": { - "exthdr": { - "field": "seg-left", - "name": "rt" - } - }, - "op": "!=", - "right": { - "set": [ - { "range": [ 33, 55 ] } - ] - } - } - } -] - diff --git a/tests/py/ip6/rt.t.payload.inet b/tests/py/ip6/rt.t.payload.inet index eafb4a00..864d3114 100644 --- a/tests/py/ip6/rt.t.payload.inet +++ b/tests/py/ip6/rt.t.payload.inet @@ -95,26 +95,6 @@ inet test-inet input [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# rt nexthdr { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# rt nexthdr != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # rt hdrlength 22 inet test-inet input [ meta load nfproto => reg 1 ] @@ -164,26 +144,6 @@ inet test-inet input [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# rt hdrlength { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# rt hdrlength != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # rt type 22 inet test-inet input [ meta load nfproto => reg 1 ] @@ -233,26 +193,6 @@ inet test-inet input [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# rt type { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# rt type != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # rt seg-left 22 inet test-inet input [ meta load nfproto => reg 1 ] @@ -302,23 +242,3 @@ inet test-inet input [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# rt seg-left { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# rt seg-left != { 33-55} -__set%d test-inet 7 -__set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - diff --git a/tests/py/ip6/rt.t.payload.ip6 b/tests/py/ip6/rt.t.payload.ip6 index 929cf9e1..c7b52f82 100644 --- a/tests/py/ip6/rt.t.payload.ip6 +++ b/tests/py/ip6/rt.t.payload.ip6 @@ -71,22 +71,6 @@ ip6 test-ip6 input [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# rt nexthdr { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# rt nexthdr != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # rt hdrlength 22 ip6 test-ip6 input [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ] @@ -124,22 +108,6 @@ ip6 test-ip6 input [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# rt hdrlength { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# rt hdrlength != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # rt type 22 ip6 test-ip6 input [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ] @@ -177,22 +145,6 @@ ip6 test-ip6 input [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# rt type { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# rt type != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - # rt seg-left 22 ip6 test-ip6 input [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ] @@ -230,19 +182,3 @@ ip6 test-ip6 input [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] -# rt seg-left { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set __set%d ] - -# rt seg-left != { 33-55} -__set%d test-ip6 7 -__set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set __set%d 0x1 ] - diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t index add82eb8..cc26bd22 100644 --- a/tests/py/ip6/sets.t +++ b/tests/py/ip6/sets.t @@ -1,9 +1,10 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip6;test-ip6;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress !w type ipv6_addr;ok !x type inet_proto;ok @@ -40,4 +41,11 @@ ip6 saddr != @set33 drop;fail !set5 type ipv6_addr . ipv6_addr;ok ip6 saddr . ip6 daddr @set5 drop;ok add @set5 { ip6 saddr . ip6 daddr };ok + +!map1 type ipv6_addr . ipv6_addr : mark;ok +add @map1 { ip6 saddr . ip6 daddr : meta mark };ok + delete @set5 { ip6 saddr . ip6 daddr };ok + +!map2 type ipv6_addr . ipv6_addr . inet_service : ipv6_addr . inet_service;ok +add @map2 { ip6 saddr . ip6 daddr . th dport : 1234::1 . 80 };ok
\ No newline at end of file diff --git a/tests/py/ip6/sets.t.json b/tests/py/ip6/sets.t.json index 948c1f16..99236099 100644 --- a/tests/py/ip6/sets.t.json +++ b/tests/py/ip6/sets.t.json @@ -116,3 +116,72 @@ } } ] + +# add @map1 { ip6 saddr . ip6 daddr : meta mark } +[ + { + "map": { + "data": { + "meta": { + "key": "mark" + } + }, + "elem": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip6" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip6" + } + } + ] + }, + "map": "@map1", + "op": "add" + } + } +] + +# add @map2 { ip6 saddr . ip6 daddr . th dport : 1234::1 . 80 } +[ + { + "map": { + "data": { + "concat": [ + "1234::1", + 80 + ] + }, + "elem": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip6" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip6" + } + }, + { + "payload": { + "field": "dport", + "protocol": "th" + } + } + ] + }, + "map": "@map2", + "op": "add" + } + } +] diff --git a/tests/py/ip6/sets.t.payload.inet b/tests/py/ip6/sets.t.payload.inet index 47ad86a2..2dbb818a 100644 --- a/tests/py/ip6/sets.t.payload.inet +++ b/tests/py/ip6/sets.t.payload.inet @@ -31,6 +31,15 @@ inet test-inet input [ payload load 16b @ network header + 24 => reg 2 ] [ dynset add reg_key 1 set set5 ] +# add @map1 { ip6 saddr . ip6 daddr : meta mark } +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ payload load 16b @ network header + 24 => reg 2 ] + [ meta load mark => reg 3 ] + [ dynset add reg_key 1 set map1 sreg_data 3 ] + # delete @set5 { ip6 saddr . ip6 daddr } inet test-inet input [ meta load nfproto => reg 1 ] @@ -38,3 +47,14 @@ inet test-inet input [ payload load 16b @ network header + 8 => reg 1 ] [ payload load 16b @ network header + 24 => reg 2 ] [ dynset delete reg_key 1 set set5 ] + +# add @map2 { ip6 saddr . ip6 daddr . th dport : 1234::1 . 80 } +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ payload load 16b @ network header + 24 => reg 2 ] + [ payload load 2b @ transport header + 2 => reg 3 ] + [ immediate reg 17 0x00003412 0x00000000 0x00000000 0x01000000 ] + [ immediate reg 21 0x00005000 ] + [ dynset add reg_key 1 set map2 sreg_data 17 ] diff --git a/tests/py/ip6/sets.t.payload.ip6 b/tests/py/ip6/sets.t.payload.ip6 index a5febb9f..7234b989 100644 --- a/tests/py/ip6/sets.t.payload.ip6 +++ b/tests/py/ip6/sets.t.payload.ip6 @@ -29,3 +29,18 @@ ip6 test-ip6 input [ payload load 16b @ network header + 24 => reg 2 ] [ dynset delete reg_key 1 set set5 ] +# add @map1 { ip6 saddr . ip6 daddr : meta mark } +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ payload load 16b @ network header + 24 => reg 2 ] + [ meta load mark => reg 3 ] + [ dynset add reg_key 1 set map1 sreg_data 3 ] + +# add @map2 { ip6 saddr . ip6 daddr . th dport : 1234::1 . 80 } +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ payload load 16b @ network header + 24 => reg 2 ] + [ payload load 2b @ transport header + 2 => reg 3 ] + [ immediate reg 17 0x00003412 0x00000000 0x00000000 0x01000000 ] + [ immediate reg 21 0x00005000 ] + [ dynset add reg_key 1 set map2 sreg_data 17 ] diff --git a/tests/py/ip6/sets.t.payload.netdev b/tests/py/ip6/sets.t.payload.netdev index dab74159..2ad0f434 100644 --- a/tests/py/ip6/sets.t.payload.netdev +++ b/tests/py/ip6/sets.t.payload.netdev @@ -39,3 +39,22 @@ netdev test-netdev ingress [ payload load 16b @ network header + 24 => reg 2 ] [ dynset delete reg_key 1 set set5 ] +# add @map1 { ip6 saddr . ip6 daddr : meta mark } +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ payload load 16b @ network header + 24 => reg 2 ] + [ meta load mark => reg 3 ] + [ dynset add reg_key 1 set map1 sreg_data 3 ] + +# add @map2 { ip6 saddr . ip6 daddr . th dport : 1234::1 . 80 } +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ payload load 16b @ network header + 24 => reg 2 ] + [ payload load 2b @ transport header + 2 => reg 3 ] + [ immediate reg 17 0x00003412 0x00000000 0x00000000 0x01000000 ] + [ immediate reg 21 0x00005000 ] + [ dynset add reg_key 1 set map2 sreg_data 17 ] diff --git a/tests/py/ip6/snat.t b/tests/py/ip6/snat.t index c259f934..564f0894 100644 --- a/tests/py/ip6/snat.t +++ b/tests/py/ip6/snat.t @@ -2,5 +2,5 @@ *ip6;test-ip6;postrouting -tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok;tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100 +tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok diff --git a/tests/py/ip6/snat.t.payload.ip6 b/tests/py/ip6/snat.t.payload.ip6 index e7fd8ff8..66a29672 100644 --- a/tests/py/ip6/snat.t.payload.ip6 +++ b/tests/py/ip6/snat.t.payload.ip6 @@ -21,5 +21,5 @@ ip6 test-ip6 postrouting [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] [ immediate reg 3 0x00006400 ] - [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 flags 0x2 ] + [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 flags 0x2 ] diff --git a/tests/py/ip6/srh.t.payload b/tests/py/ip6/srh.t.payload index b6247456..364940a9 100644 --- a/tests/py/ip6/srh.t.payload +++ b/tests/py/ip6/srh.t.payload @@ -11,7 +11,7 @@ ip6 test-ip6 input # srh last-entry { 0, 4-127, 255 } __set%d test-ip6 7 size 5 __set%d test-ip6 0 - element 00000000 : 0 [end] element 00000001 : 1 [end] element 00000004 : 0 [end] element 00000080 : 1 [end] element 000000ff : 0 [end] userdata = { + element 00000000 : 0 [end] element 00000001 : 1 [end] element 00000004 : 0 [end] element 00000080 : 1 [end] element 000000ff : 0 [end] userdata = { \x01\x04\x01\x00\x00\x00 } ip6 test-ip6 input [ exthdr load ipv6 1b @ 43 + 4 => reg 1 ] [ lookup reg 1 set __set%d ] @@ -29,7 +29,7 @@ ip6 test-ip6 input # srh flags { 0, 4-127, 255 } __set%d test-ip6 7 size 5 __set%d test-ip6 0 - element 00000000 : 0 [end] element 00000001 : 1 [end] element 00000004 : 0 [end] element 00000080 : 1 [end] element 000000ff : 0 [end] userdata = { + element 00000000 : 0 [end] element 00000001 : 1 [end] element 00000004 : 0 [end] element 00000080 : 1 [end] element 000000ff : 0 [end] userdata = { \x01\x04\x01\x00\x00\x00 } ip6 test-ip6 input [ exthdr load ipv6 1b @ 43 + 5 => reg 1 ] [ lookup reg 1 set __set%d ] @@ -47,7 +47,7 @@ ip6 test-ip6 input # srh tag { 0, 4-127, 0xffff } __set%d test-ip6 7 size 5 __set%d test-ip6 0 - element 00000000 : 0 [end] element 00000100 : 1 [end] element 00000400 : 0 [end] element 00008000 : 1 [end] element 0000ffff : 0 [end] userdata = { + element 00000000 : 0 [end] element 00000100 : 1 [end] element 00000400 : 0 [end] element 00008000 : 1 [end] element 0000ffff : 0 [end] userdata = { \x01\x04\x01\x00\x00\x00 } ip6 test-ip6 input [ exthdr load ipv6 2b @ 43 + 6 => reg 1 ] [ lookup reg 1 set __set%d ] diff --git a/tests/py/ip6/vmap.t b/tests/py/ip6/vmap.t index 434f5d92..2d54b822 100644 --- a/tests/py/ip6/vmap.t +++ b/tests/py/ip6/vmap.t @@ -1,9 +1,10 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip6;test-ip6;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress ip6 saddr vmap { abcd::3 : accept };ok ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234:1234;fail diff --git a/tests/py/ip6/vmap.t.payload.inet b/tests/py/ip6/vmap.t.payload.inet index 53f19eb9..931cc6bd 100644 --- a/tests/py/ip6/vmap.t.payload.inet +++ b/tests/py/ip6/vmap.t.payload.inet @@ -1,7 +1,7 @@ # ip6 saddr vmap { abcd::3 : accept } __map%d test-inet b __map%d test-inet 0 - element 0000cdab 00000000 00000000 03000000 : 0 [end] + element 0000cdab 00000000 00000000 03000000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -11,7 +11,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 34123412 34123412 : 0 [end] + element 34123412 34123412 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -21,7 +21,7 @@ inet test-inet input # ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34120000 34123412 34123412 34123412 : 0 [end] + element 34120000 34123412 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -31,7 +31,7 @@ inet test-inet input # ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00003412 34123412 34123412 34123412 : 0 [end] + element 00003412 34123412 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -41,7 +41,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34120000 34123412 34123412 : 0 [end] + element 34123412 34120000 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -51,7 +51,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 00003412 34123412 34123412 : 0 [end] + element 34123412 00003412 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -61,7 +61,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 34120000 34123412 : 0 [end] + element 34123412 34123412 34120000 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -71,7 +71,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 00003412 34123412 : 0 [end] + element 34123412 34123412 00003412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -81,7 +81,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 34123412 34120000 : 0 [end] + element 34123412 34123412 34123412 34120000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -91,7 +91,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 34123412 00003412 : 0 [end] + element 34123412 34123412 34123412 00003412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -101,7 +101,7 @@ inet test-inet input # ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00000000 34123412 34123412 34123412 : 0 [end] + element 00000000 34123412 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -111,7 +111,7 @@ inet test-inet input # ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00003412 34120000 34123412 34123412 : 0 [end] + element 00003412 34120000 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -121,7 +121,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 00000000 34123412 34123412 : 0 [end] + element 34123412 00000000 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -131,7 +131,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 00003412 34120000 34123412 : 0 [end] + element 34123412 00003412 34120000 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -141,7 +141,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 00000000 34123412 : 0 [end] + element 34123412 34123412 00000000 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -151,7 +151,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 00003412 34120000 : 0 [end] + element 34123412 34123412 00003412 34120000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -161,7 +161,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 34123412 00000000 : 0 [end] + element 34123412 34123412 34123412 00000000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -171,7 +171,7 @@ inet test-inet input # ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00000000 34120000 34123412 34123412 : 0 [end] + element 00000000 34120000 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -181,7 +181,7 @@ inet test-inet input # ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00003412 00000000 34123412 34123412 : 0 [end] + element 00003412 00000000 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -191,7 +191,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 00000000 34120000 34123412 : 0 [end] + element 34123412 00000000 34120000 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -201,7 +201,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 00003412 00000000 34123412 : 0 [end] + element 34123412 00003412 00000000 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -211,7 +211,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 00000000 34120000 : 0 [end] + element 34123412 34123412 00000000 34120000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -221,7 +221,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 00003412 00000000 : 0 [end] + element 34123412 34123412 00003412 00000000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -231,7 +231,7 @@ inet test-inet input # ip6 saddr vmap { ::1234:1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00000000 00000000 34123412 34123412 : 0 [end] + element 00000000 00000000 34123412 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -241,7 +241,7 @@ inet test-inet input # ip6 saddr vmap { 1234::1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00003412 00000000 34120000 34123412 : 0 [end] + element 00003412 00000000 34120000 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -251,7 +251,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234::1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 00000000 00000000 34123412 : 0 [end] + element 34123412 00000000 00000000 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -261,7 +261,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234::1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 00003412 00000000 34120000 : 0 [end] + element 34123412 00003412 00000000 34120000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -271,7 +271,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:1234:: : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 00000000 00000000 : 0 [end] + element 34123412 34123412 00000000 00000000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -281,7 +281,7 @@ inet test-inet input # ip6 saddr vmap { ::1234:1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00000000 00000000 34120000 34123412 : 0 [end] + element 00000000 00000000 34120000 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -291,7 +291,7 @@ inet test-inet input # ip6 saddr vmap { 1234::1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00003412 00000000 00000000 34123412 : 0 [end] + element 00003412 00000000 00000000 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -301,7 +301,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234::1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 00000000 00000000 34120000 : 0 [end] + element 34123412 00000000 00000000 34120000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -311,7 +311,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:1234:: : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 00003412 00000000 00000000 : 0 [end] + element 34123412 00003412 00000000 00000000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -321,7 +321,7 @@ inet test-inet input # ip6 saddr vmap { ::1234:1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00000000 00000000 00000000 34123412 : 0 [end] + element 00000000 00000000 00000000 34123412 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -331,7 +331,7 @@ inet test-inet input # ip6 saddr vmap { 1234::1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00003412 00000000 00000000 34120000 : 0 [end] + element 00003412 00000000 00000000 34120000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -341,7 +341,7 @@ inet test-inet input # ip6 saddr vmap { 1234:1234:: : accept} __map%d test-inet b __map%d test-inet 0 - element 34123412 00000000 00000000 00000000 : 0 [end] + element 34123412 00000000 00000000 00000000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -351,7 +351,7 @@ inet test-inet input # ip6 saddr vmap { ::1234 : accept} __map%d test-inet b __map%d test-inet 0 - element 00000000 00000000 00000000 34120000 : 0 [end] + element 00000000 00000000 00000000 34120000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -361,7 +361,7 @@ inet test-inet input # ip6 saddr vmap { 1234:: : accept} __map%d test-inet b __map%d test-inet 0 - element 00003412 00000000 00000000 00000000 : 0 [end] + element 00003412 00000000 00000000 00000000 : accept 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -371,7 +371,7 @@ inet test-inet input # ip6 saddr vmap { ::/64 : accept} __map%d test-inet f __map%d test-inet 0 - element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] + element 00000000 00000000 00000000 00000000 : accept 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -381,7 +381,7 @@ inet test-inet input # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 aaaa0000 : drop 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -391,7 +391,7 @@ inet test-inet input # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 bbbb0000 : drop 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -401,7 +401,7 @@ inet test-inet input # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 cccc0000 : drop 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] @@ -411,7 +411,7 @@ inet test-inet input # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} __map%d test-inet b __map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 dddd0000 : drop 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] diff --git a/tests/py/ip6/vmap.t.payload.ip6 b/tests/py/ip6/vmap.t.payload.ip6 index 620979f0..6e077b27 100644 --- a/tests/py/ip6/vmap.t.payload.ip6 +++ b/tests/py/ip6/vmap.t.payload.ip6 @@ -1,7 +1,7 @@ # ip6 saddr vmap { abcd::3 : accept } __map%d test-ip6 b __map%d test-ip6 0 - element 0000cdab 00000000 00000000 03000000 : 0 [end] + element 0000cdab 00000000 00000000 03000000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -9,7 +9,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 34123412 34123412 : 0 [end] + element 34123412 34123412 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -17,7 +17,7 @@ ip6 test-ip6 input # ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34120000 34123412 34123412 34123412 : 0 [end] + element 34120000 34123412 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -25,7 +25,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00003412 34123412 34123412 34123412 : 0 [end] + element 00003412 34123412 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -33,7 +33,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34120000 34123412 34123412 : 0 [end] + element 34123412 34120000 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -41,7 +41,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 00003412 34123412 34123412 : 0 [end] + element 34123412 00003412 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -49,7 +49,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 34120000 34123412 : 0 [end] + element 34123412 34123412 34120000 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -57,7 +57,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 00003412 34123412 : 0 [end] + element 34123412 34123412 00003412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -65,7 +65,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 34123412 34120000 : 0 [end] + element 34123412 34123412 34123412 34120000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -73,7 +73,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 34123412 00003412 : 0 [end] + element 34123412 34123412 34123412 00003412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -81,7 +81,7 @@ ip6 test-ip6 input # ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00000000 34123412 34123412 34123412 : 0 [end] + element 00000000 34123412 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -89,7 +89,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00003412 34120000 34123412 34123412 : 0 [end] + element 00003412 34120000 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -97,7 +97,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 00000000 34123412 34123412 : 0 [end] + element 34123412 00000000 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -105,7 +105,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 00003412 34120000 34123412 : 0 [end] + element 34123412 00003412 34120000 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -113,7 +113,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 00000000 34123412 : 0 [end] + element 34123412 34123412 00000000 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -121,7 +121,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 00003412 34120000 : 0 [end] + element 34123412 34123412 00003412 34120000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -129,7 +129,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 34123412 00000000 : 0 [end] + element 34123412 34123412 34123412 00000000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -137,7 +137,7 @@ ip6 test-ip6 input # ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00000000 34120000 34123412 34123412 : 0 [end] + element 00000000 34120000 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -145,7 +145,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00003412 00000000 34123412 34123412 : 0 [end] + element 00003412 00000000 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -153,7 +153,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 00000000 34120000 34123412 : 0 [end] + element 34123412 00000000 34120000 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -161,7 +161,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 00003412 00000000 34123412 : 0 [end] + element 34123412 00003412 00000000 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -169,7 +169,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 00000000 34120000 : 0 [end] + element 34123412 34123412 00000000 34120000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -177,7 +177,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 00003412 00000000 : 0 [end] + element 34123412 34123412 00003412 00000000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -185,7 +185,7 @@ ip6 test-ip6 input # ip6 saddr vmap { ::1234:1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00000000 00000000 34123412 34123412 : 0 [end] + element 00000000 00000000 34123412 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -193,7 +193,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234::1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00003412 00000000 34120000 34123412 : 0 [end] + element 00003412 00000000 34120000 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -201,7 +201,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234::1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 00000000 00000000 34123412 : 0 [end] + element 34123412 00000000 00000000 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -209,7 +209,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234::1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 00003412 00000000 34120000 : 0 [end] + element 34123412 00003412 00000000 34120000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -217,7 +217,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:1234:: : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 00000000 00000000 : 0 [end] + element 34123412 34123412 00000000 00000000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -225,7 +225,7 @@ ip6 test-ip6 input # ip6 saddr vmap { ::1234:1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00000000 00000000 34120000 34123412 : 0 [end] + element 00000000 00000000 34120000 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -233,7 +233,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234::1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00003412 00000000 00000000 34123412 : 0 [end] + element 00003412 00000000 00000000 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -241,7 +241,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234::1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 00000000 00000000 34120000 : 0 [end] + element 34123412 00000000 00000000 34120000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -249,7 +249,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:1234:: : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 00003412 00000000 00000000 : 0 [end] + element 34123412 00003412 00000000 00000000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -257,7 +257,7 @@ ip6 test-ip6 input # ip6 saddr vmap { ::1234:1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00000000 00000000 00000000 34123412 : 0 [end] + element 00000000 00000000 00000000 34123412 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -265,7 +265,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234::1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00003412 00000000 00000000 34120000 : 0 [end] + element 00003412 00000000 00000000 34120000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -273,7 +273,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:1234:: : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 00000000 00000000 00000000 : 0 [end] + element 34123412 00000000 00000000 00000000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -281,7 +281,7 @@ ip6 test-ip6 input # ip6 saddr vmap { ::1234 : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00000000 00000000 00000000 34120000 : 0 [end] + element 00000000 00000000 00000000 34120000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -289,7 +289,7 @@ ip6 test-ip6 input # ip6 saddr vmap { 1234:: : accept} __map%d test-ip6 b __map%d test-ip6 0 - element 00003412 00000000 00000000 00000000 : 0 [end] + element 00003412 00000000 00000000 00000000 : accept 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -297,7 +297,7 @@ ip6 test-ip6 input # ip6 saddr vmap { ::/64 : accept} __map%d test-ip6 f __map%d test-ip6 0 - element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] + element 00000000 00000000 00000000 00000000 : accept 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -305,7 +305,7 @@ ip6 test-ip6 input # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 aaaa0000 : drop 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -313,7 +313,7 @@ ip6 test-ip6 input # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 bbbb0000 : drop 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -321,7 +321,7 @@ ip6 test-ip6 input # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 cccc0000 : drop 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] @@ -329,7 +329,7 @@ ip6 test-ip6 input # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} __map%d test-ip6 b __map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 dddd0000 : drop 0 [end] ip6 test-ip6 input [ payload load 16b @ network header + 8 => reg 1 ] [ lookup reg 1 set __map%d dreg 0 ] diff --git a/tests/py/ip6/vmap.t.payload.netdev b/tests/py/ip6/vmap.t.payload.netdev index 0ae5d5b0..45f2c0b0 100644 --- a/tests/py/ip6/vmap.t.payload.netdev +++ b/tests/py/ip6/vmap.t.payload.netdev @@ -1,7 +1,7 @@ # ip6 saddr vmap { abcd::3 : accept } __map%d test-netdev b __map%d test-netdev 0 - element 0000cdab 00000000 00000000 03000000 : 0 [end] + element 0000cdab 00000000 00000000 03000000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -11,7 +11,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 34123412 34123412 : 0 [end] + element 34123412 34123412 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -21,7 +21,7 @@ netdev test-netdev ingress # ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34120000 34123412 34123412 34123412 : 0 [end] + element 34120000 34123412 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -31,7 +31,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00003412 34123412 34123412 34123412 : 0 [end] + element 00003412 34123412 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -41,7 +41,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34120000 34123412 34123412 : 0 [end] + element 34123412 34120000 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -51,7 +51,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 00003412 34123412 34123412 : 0 [end] + element 34123412 00003412 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -61,7 +61,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 34120000 34123412 : 0 [end] + element 34123412 34123412 34120000 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -71,7 +71,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 00003412 34123412 : 0 [end] + element 34123412 34123412 00003412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -81,7 +81,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 34123412 34120000 : 0 [end] + element 34123412 34123412 34123412 34120000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -91,7 +91,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 34123412 00003412 : 0 [end] + element 34123412 34123412 34123412 00003412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -101,7 +101,7 @@ netdev test-netdev ingress # ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00000000 34123412 34123412 34123412 : 0 [end] + element 00000000 34123412 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -111,7 +111,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00003412 34120000 34123412 34123412 : 0 [end] + element 00003412 34120000 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -121,7 +121,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 00000000 34123412 34123412 : 0 [end] + element 34123412 00000000 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -131,7 +131,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 00003412 34120000 34123412 : 0 [end] + element 34123412 00003412 34120000 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -141,7 +141,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 00000000 34123412 : 0 [end] + element 34123412 34123412 00000000 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -151,7 +151,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 00003412 34120000 : 0 [end] + element 34123412 34123412 00003412 34120000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -161,7 +161,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 34123412 00000000 : 0 [end] + element 34123412 34123412 34123412 00000000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -171,7 +171,7 @@ netdev test-netdev ingress # ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00000000 34120000 34123412 34123412 : 0 [end] + element 00000000 34120000 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -181,7 +181,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00003412 00000000 34123412 34123412 : 0 [end] + element 00003412 00000000 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -191,7 +191,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 00000000 34120000 34123412 : 0 [end] + element 34123412 00000000 34120000 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -201,7 +201,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 00003412 00000000 34123412 : 0 [end] + element 34123412 00003412 00000000 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -211,7 +211,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 00000000 34120000 : 0 [end] + element 34123412 34123412 00000000 34120000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -221,7 +221,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 00003412 00000000 : 0 [end] + element 34123412 34123412 00003412 00000000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -231,7 +231,7 @@ netdev test-netdev ingress # ip6 saddr vmap { ::1234:1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00000000 00000000 34123412 34123412 : 0 [end] + element 00000000 00000000 34123412 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -241,7 +241,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234::1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00003412 00000000 34120000 34123412 : 0 [end] + element 00003412 00000000 34120000 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -251,7 +251,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234::1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 00000000 00000000 34123412 : 0 [end] + element 34123412 00000000 00000000 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -261,7 +261,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234::1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 00003412 00000000 34120000 : 0 [end] + element 34123412 00003412 00000000 34120000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -271,7 +271,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:1234:: : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 00000000 00000000 : 0 [end] + element 34123412 34123412 00000000 00000000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -281,7 +281,7 @@ netdev test-netdev ingress # ip6 saddr vmap { ::1234:1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00000000 00000000 34120000 34123412 : 0 [end] + element 00000000 00000000 34120000 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -291,7 +291,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234::1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00003412 00000000 00000000 34123412 : 0 [end] + element 00003412 00000000 00000000 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -301,7 +301,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234::1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 00000000 00000000 34120000 : 0 [end] + element 34123412 00000000 00000000 34120000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -311,7 +311,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:1234:: : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 00003412 00000000 00000000 : 0 [end] + element 34123412 00003412 00000000 00000000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -321,7 +321,7 @@ netdev test-netdev ingress # ip6 saddr vmap { ::1234:1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00000000 00000000 00000000 34123412 : 0 [end] + element 00000000 00000000 00000000 34123412 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -331,7 +331,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234::1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00003412 00000000 00000000 34120000 : 0 [end] + element 00003412 00000000 00000000 34120000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -341,7 +341,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:1234:: : accept} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 00000000 00000000 00000000 : 0 [end] + element 34123412 00000000 00000000 00000000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -351,7 +351,7 @@ netdev test-netdev ingress # ip6 saddr vmap { ::1234 : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00000000 00000000 00000000 34120000 : 0 [end] + element 00000000 00000000 00000000 34120000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -361,7 +361,7 @@ netdev test-netdev ingress # ip6 saddr vmap { 1234:: : accept} __map%d test-netdev b __map%d test-netdev 0 - element 00003412 00000000 00000000 00000000 : 0 [end] + element 00003412 00000000 00000000 00000000 : accept 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -371,7 +371,7 @@ netdev test-netdev ingress # ip6 saddr vmap { ::/64 : accept} __map%d test-netdev f __map%d test-netdev 0 - element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] + element 00000000 00000000 00000000 00000000 : accept 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -381,7 +381,7 @@ netdev test-netdev ingress # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 aaaa0000 : drop 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -391,7 +391,7 @@ netdev test-netdev ingress # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 bbbb0000 : drop 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -401,7 +401,7 @@ netdev test-netdev ingress # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 cccc0000 : drop 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] @@ -411,7 +411,7 @@ netdev test-netdev ingress # ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} __map%d test-netdev b __map%d test-netdev 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] + element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 dddd0000 : drop 0 [end] netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] diff --git a/tests/py/any/dup.t b/tests/py/netdev/dup.t index 181b4195..56328022 100644 --- a/tests/py/any/dup.t +++ b/tests/py/netdev/dup.t @@ -1,6 +1,7 @@ :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress dup to "lo";ok dup to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"};ok diff --git a/tests/py/any/dup.t.json b/tests/py/netdev/dup.t.json index dc56f649..dc56f649 100644 --- a/tests/py/any/dup.t.json +++ b/tests/py/netdev/dup.t.json diff --git a/tests/py/any/dup.t.payload b/tests/py/netdev/dup.t.payload index 51ff782c..51ff782c 100644 --- a/tests/py/any/dup.t.payload +++ b/tests/py/netdev/dup.t.payload diff --git a/tests/py/any/fwd.t b/tests/py/netdev/fwd.t index 2e34d55a..6051560a 100644 --- a/tests/py/any/fwd.t +++ b/tests/py/netdev/fwd.t @@ -1,6 +1,7 @@ :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress fwd to "lo";ok fwd to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"};ok diff --git a/tests/py/any/fwd.t.json b/tests/py/netdev/fwd.t.json index 583606c0..583606c0 100644 --- a/tests/py/any/fwd.t.json +++ b/tests/py/netdev/fwd.t.json diff --git a/tests/py/any/fwd.t.json.output b/tests/py/netdev/fwd.t.json.output index 8433e492..8433e492 100644 --- a/tests/py/any/fwd.t.json.output +++ b/tests/py/netdev/fwd.t.json.output diff --git a/tests/py/any/fwd.t.payload b/tests/py/netdev/fwd.t.payload index f03077a6..f03077a6 100644 --- a/tests/py/any/fwd.t.payload +++ b/tests/py/netdev/fwd.t.payload diff --git a/tests/py/netdev/reject.t b/tests/py/netdev/reject.t new file mode 100644 index 00000000..c66e649c --- /dev/null +++ b/tests/py/netdev/reject.t @@ -0,0 +1,40 @@ +:ingress;type filter hook ingress device lo priority 0 + +*netdev;test-netdev;ingress + +reject with icmp host-unreachable;ok +reject with icmp net-unreachable;ok +reject with icmp prot-unreachable;ok +reject with icmp port-unreachable;ok +reject with icmp net-prohibited;ok +reject with icmp host-prohibited;ok +reject with icmp admin-prohibited;ok + +reject with icmpv6 no-route;ok +reject with icmpv6 admin-prohibited;ok +reject with icmpv6 addr-unreachable;ok +reject with icmpv6 port-unreachable;ok +reject with icmpv6 policy-fail;ok +reject with icmpv6 reject-route;ok + +mark 12345 reject with tcp reset;ok;meta l4proto 6 meta mark 0x00003039 reject with tcp reset + +reject;ok +meta protocol ip reject;ok;reject with icmp port-unreachable +meta protocol ip6 reject;ok;reject with icmpv6 port-unreachable + +reject with icmpx host-unreachable;ok +reject with icmpx no-route;ok +reject with icmpx admin-prohibited;ok +reject with icmpx port-unreachable;ok;reject + +meta protocol ip reject with icmp host-unreachable;ok;reject with icmp host-unreachable +meta protocol ip6 reject with icmpv6 no-route;ok;reject with icmpv6 no-route + +meta protocol ip6 reject with icmp host-unreachable;fail +meta protocol ip ip protocol icmp reject with icmpv6 no-route;fail +meta protocol ip6 ip protocol icmp reject with icmp host-unreachable;fail +meta l4proto udp reject with tcp reset;fail + +meta protocol ip reject with icmpx admin-prohibited;ok +meta protocol ip6 reject with icmpx admin-prohibited;ok diff --git a/tests/py/netdev/reject.t.json b/tests/py/netdev/reject.t.json new file mode 100644 index 00000000..9968aaf8 --- /dev/null +++ b/tests/py/netdev/reject.t.json @@ -0,0 +1,293 @@ +# reject with icmp host-unreachable +[ + { + "reject": { + "expr": "host-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp net-unreachable +[ + { + "reject": { + "expr": "net-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp prot-unreachable +[ + { + "reject": { + "expr": "prot-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmp" + } + } +] + +# reject with icmp net-prohibited +[ + { + "reject": { + "expr": "net-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp host-prohibited +[ + { + "reject": { + "expr": "host-prohibited", + "type": "icmp" + } + } +] + +# reject with icmp admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmp" + } + } +] + +# reject with icmpv6 no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 addr-unreachable +[ + { + "reject": { + "expr": "addr-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 policy-fail +[ + { + "reject": { + "expr": "policy-fail", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 reject-route +[ + { + "reject": { + "expr": "reject-route", + "type": "icmpv6" + } + } +] + +# mark 12345 reject with tcp reset +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 6 + } + }, + { + "match": { + "left": { + "meta": { + "key": "mark" + } + }, + "op": "==", + "right": 12345 + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + +# reject +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpx" + } + } +] + +# meta protocol ip reject +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmp" + } + } +] + +# meta protocol ip6 reject +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpx host-unreachable +[ + { + "reject": { + "expr": "host-unreachable", + "type": "icmpx" + } + } +] + +# reject with icmpx no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpx" + } + } +] + +# reject with icmpx admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + +# reject with icmpx port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpx" + } + } +] + +# meta protocol ip reject with icmp host-unreachable +[ + { + "reject": { + "expr": "host-unreachable", + "type": "icmp" + } + } +] + +# meta protocol ip6 reject with icmpv6 no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + +# meta protocol ip reject with icmpx admin-prohibited +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + +# meta protocol ip6 reject with icmpx admin-prohibited +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + diff --git a/tests/py/netdev/reject.t.payload b/tests/py/netdev/reject.t.payload new file mode 100644 index 00000000..d014adab --- /dev/null +++ b/tests/py/netdev/reject.t.payload @@ -0,0 +1,142 @@ +# reject with icmp host-unreachable +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 1 ] + +# reject with icmp net-unreachable +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 0 ] + +# reject with icmp prot-unreachable +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 2 ] + +# reject with icmp port-unreachable +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 3 ] + +# reject with icmp net-prohibited +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 9 ] + +# reject with icmp host-prohibited +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 10 ] + +# reject with icmp admin-prohibited +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 13 ] + +# reject with icmpv6 no-route +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 0 ] + +# reject with icmpv6 admin-prohibited +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 1 ] + +# reject with icmpv6 addr-unreachable +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 3 ] + +# reject with icmpv6 port-unreachable +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 4 ] + +# reject with icmpv6 policy-fail +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 5 ] + +# reject with icmpv6 reject-route +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 6 ] + +# mark 12345 reject with tcp reset +netdev + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x00003039 ] + [ reject type 1 code 0 ] + +# reject +netdev + [ reject type 2 code 1 ] + +# meta protocol ip reject +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 3 ] + +# meta protocol ip6 reject +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 4 ] + +# reject with icmpx host-unreachable +netdev + [ reject type 2 code 2 ] + +# reject with icmpx no-route +netdev + [ reject type 2 code 0 ] + +# reject with icmpx admin-prohibited +netdev + [ reject type 2 code 3 ] + +# reject with icmpx port-unreachable +netdev + [ reject type 2 code 1 ] + +# meta protocol ip reject with icmp host-unreachable +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 1 ] + +# meta protocol ip6 reject with icmpv6 no-route +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 0 ] + +# meta protocol ip reject with icmpx admin-prohibited +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 2 code 3 ] + +# meta protocol ip6 reject with icmpx admin-prohibited +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 2 code 3 ] + diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py index df97ed8e..00799e28 100755 --- a/tests/py/nft-test.py +++ b/tests/py/nft-test.py @@ -28,7 +28,7 @@ os.environ['TZ'] = 'UTC-2' from nftables import Nftables -TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6"] +TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6", "netdev"] LOGFILE = "/tmp/nftables-test.log" log_file = None table_list = [] @@ -39,7 +39,7 @@ signal_received = 0 class Colors: - if sys.stdout.isatty(): + if sys.stdout.isatty() and sys.stderr.isatty(): HEADER = '\033[95m' GREEN = '\033[92m' YELLOW = '\033[93m' @@ -86,11 +86,12 @@ class Table: class Set: """Class that represents a set""" - def __init__(self, family, table, name, type, timeout, flags): + def __init__(self, family, table, name, type, data, timeout, flags): self.family = family self.table = table self.name = name self.type = type + self.data = data self.timeout = timeout self.flags = flags @@ -366,7 +367,11 @@ def set_add(s, test_result, filename, lineno): if flags != "": flags = "flags %s; " % flags - cmd = "add set %s %s { type %s;%s %s}" % (table, s.name, s.type, s.timeout, flags) + if s.data == "": + cmd = "add set %s %s { %s;%s %s}" % (table, s.name, s.type, s.timeout, flags) + else: + cmd = "add map %s %s { %s : %s;%s %s}" % (table, s.name, s.type, s.data, s.timeout, flags) + ret = execute_cmd(cmd, filename, lineno) if (ret == 0 and test_result == "fail") or \ @@ -384,6 +389,44 @@ def set_add(s, test_result, filename, lineno): return 0 +def map_add(s, test_result, filename, lineno): + ''' + Adds a map + ''' + if not table_list: + reason = "Missing table to add rule" + print_error(reason, filename, lineno) + return -1 + + for table in table_list: + s.table = table.name + s.family = table.family + if _map_exist(s, filename, lineno): + reason = "Map %s already exists in %s" % (s.name, table) + print_error(reason, filename, lineno) + return -1 + + flags = s.flags + if flags != "": + flags = "flags %s; " % flags + + cmd = "add map %s %s { %s : %s;%s %s}" % (table, s.name, s.type, s.data, s.timeout, flags) + + ret = execute_cmd(cmd, filename, lineno) + + if (ret == 0 and test_result == "fail") or \ + (ret != 0 and test_result == "ok"): + reason = "%s: I cannot add the set %s" % (cmd, s.name) + print_error(reason, filename, lineno) + return -1 + + if not _map_exist(s, filename, lineno): + reason = "I have just added the set %s to " \ + "the table %s but it does not exist" % (s.name, table) + print_error(reason, filename, lineno) + return -1 + + def set_add_elements(set_element, set_name, state, filename, lineno): ''' Adds elements to the set. @@ -407,7 +450,11 @@ def set_add_elements(set_element, set_name, state, filename, lineno): ret = execute_cmd(cmd, filename, lineno) if (state == "fail" and ret == 0) or (state == "ok" and ret != 0): - test_state = "This rule should have failed." + if state == "fail": + test_state = "This rule should have failed." + else: + test_state = "This rule should not have failed." + reason = cmd + ": " + test_state print_error(reason, filename, lineno) return -1 @@ -486,6 +533,16 @@ def _set_exist(s, filename, lineno): return True if (ret == 0) else False +def _map_exist(s, filename, lineno): + ''' + Check if the map exists. + ''' + cmd = "list map %s %s %s" % (s.family, s.table, s.name) + ret = execute_cmd(cmd, filename, lineno) + + return True if (ret == 0) else False + + def set_check_element(rule1, rule2): ''' Check if element exists in anonymous sets. @@ -712,8 +769,10 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): if rule[1].strip() == "ok": payload_expected = None + payload_path = None try: payload_log = open("%s.payload" % filename_path) + payload_path = payload_log.name payload_expected = payload_find_expected(payload_log, rule[0]) except: payload_log = None @@ -750,12 +809,15 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): reason = "Invalid JSON syntax in expected output: %s" % json_expected print_error(reason) return [-1, warning, error, unit_tests] + if json_expected == json_input: + print_warning("Recorded JSON output matches input for: %s" % rule[0]) for table in table_list: if rule[1].strip() == "ok": table_payload_expected = None try: payload_log = open("%s.payload.%s" % (filename_path, table.family)) + payload_path = payload_log.name table_payload_expected = payload_find_expected(payload_log, rule[0]) except: if not payload_log: @@ -802,17 +864,26 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): if state == "ok" and not payload_check(table_payload_expected, payload_log, cmd): error += 1 - gotf = open("%s.payload.got" % filename_path, 'a') + + try: + gotf = open("%s.got" % payload_path) + gotf_payload_expected = payload_find_expected(gotf, rule[0]) + gotf.close() + except: + gotf_payload_expected = None payload_log.seek(0, 0) - gotf.write("# %s\n" % rule[0]) - while True: - line = payload_log.readline() - if line == "": - break - gotf.write(line) - gotf.close() - print_warning("Wrote payload for rule %s" % rule[0], - gotf.name, 1) + if not payload_check(gotf_payload_expected, payload_log, cmd): + gotf = open("%s.got" % payload_path, 'a') + payload_log.seek(0, 0) + gotf.write("# %s\n" % rule[0]) + while True: + line = payload_log.readline() + if line == "": + break + gotf.write(line) + gotf.close() + print_warning("Wrote payload for rule %s" % rule[0], + gotf.name, 1) # Check for matching ruleset listing numeric_proto_old = nftables.set_numeric_proto_output(True) @@ -1022,6 +1093,8 @@ def execute_cmd(cmd, filename, lineno, stdout_log=False, debug=False): if debug_option: print(cmd) + log_file.flush() + if debug: debug_old = nftables.get_debug() nftables.set_debug(debug) @@ -1073,14 +1146,32 @@ def set_process(set_line, filename, lineno): tokens = set_line[0].split(" ") set_name = tokens[0] - set_type = tokens[2] + parse_typeof = tokens[1] == "typeof" + set_type = tokens[1] + " " + tokens[2] + set_data = "" set_flags = "" i = 3 + if parse_typeof and tokens[i] == "id": + set_type += " " + tokens[i] + i += 1; + while len(tokens) > i and tokens[i] == ".": set_type += " . " + tokens[i+1] i += 2 + while len(tokens) > i and tokens[i] == ":": + set_data = tokens[i+1] + i += 2 + + while len(tokens) > i and tokens[i] == ".": + set_data += " . " + tokens[i+1] + i += 2 + + if parse_typeof and tokens[i] == "mark": + set_data += " " + tokens[i] + i += 1; + if len(tokens) == i+2 and tokens[i] == "timeout": timeout = "timeout " + tokens[i+1] + ";" i += 2 @@ -1090,9 +1181,13 @@ def set_process(set_line, filename, lineno): elif len(tokens) != i: print_error(set_name + " bad flag: " + tokens[i], filename, lineno) - s = Set("", "", set_name, set_type, timeout, set_flags) + s = Set("", "", set_name, set_type, set_data, timeout, set_flags) + + if set_data == "": + ret = set_add(s, test_result, filename, lineno) + else: + ret = map_add(s, test_result, filename, lineno) - ret = set_add(s, test_result, filename, lineno) if ret == 0: all_set[set_name] = set() @@ -1340,6 +1435,33 @@ def run_test_file(filename, force_all_family_option, specific_file): return [tests, passed, total_warning, total_error, total_unit_run] +def spawn_netns(): + # prefer unshare module + try: + import unshare + unshare.unshare(unshare.CLONE_NEWNET) + return True + except: + pass + + # sledgehammer style: + # - call ourselves prefixed by 'unshare -n' if found + # - pass extra --no-netns parameter to avoid another recursion + try: + import shutil + + unshare = shutil.which("unshare") + if unshare is None: + return False + + sys.argv.append("--no-netns") + if debug_option: + print("calling: ", [unshare, "-n", sys.executable] + sys.argv) + os.execv(unshare, [unshare, "-n", sys.executable] + sys.argv) + except: + pass + + return False def main(): parser = argparse.ArgumentParser(description='Run nft tests') @@ -1367,6 +1489,10 @@ def main(): parser.add_argument('-l', '--library', default=None, help='path to libntables.so.1, overrides --host') + parser.add_argument('-N', '--no-netns', action='store_true', + dest='no_netns', + help='Do not run in own network namespace') + parser.add_argument('-s', '--schema', action='store_true', dest='enable_schema', help='verify json input/output against schema') @@ -1391,15 +1517,12 @@ def main(): print("You need to be root to run this, sorry") return + if not args.no_netns and not spawn_netns(): + print_warning("cannot run in own namespace, connectivity might break") + # Change working directory to repository root os.chdir(TESTS_PATH + "/../..") - try: - import unshare - unshare.unshare(unshare.CLONE_NEWNET) - except: - print_warning("cannot run in own namespace, connectivity might break") - check_lib_path = True if args.library is None: if args.host: diff --git a/tests/py/tools/test-sanitizer.sh b/tests/py/tools/test-sanitizer.sh new file mode 100755 index 00000000..92354d2b --- /dev/null +++ b/tests/py/tools/test-sanitizer.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +# Do some simple sanity checks on tests: +# - Report tests where reply matches command +# - Report tests with non-ok exit but reply +# - Check for duplicate test commands in *.t files +# - Check for duplicate or stale payload records in *.t.payload* files +# - Check for duplicate or stale json equivalents in *.t.json files + +cd $(dirname $0)/../ + +[[ $1 ]] && tests="$@" || tests="*/*.t" + +reportfile="" +report() { # (file, msg) + [[ "$reportfile" == "$1" ]] || { + reportfile="$1" + echo "" + echo "In $reportfile:" + } + shift + echo "$@" +} + +for t in $tests; do + [[ -f $t ]] || continue + + readarray -t cmdlines <<< $(grep -v -e '^ *[:*#-?]' -e '^ *$' $t) + + cmds="" + for cmdline in "${cmdlines[@]}"; do + readarray -t -d ';' cmdparts <<< "$cmdline" + cmd="${cmdparts[0]}" + rc="${cmdparts[1]}" + out="${cmdparts[2]}" + + [[ -n $cmd ]] || continue + + #echo "cmdline: $cmdline" + #echo "cmd: $cmd" + #echo "rc: $rc" + #echo "out: $out" + + [[ "$cmd" != "$out" ]] || \ + report $t "reply matches cmd: $cmd" + [[ "$rc" != "ok" && "$out" ]] && \ + report $t "output record with non-ok exit: $cmd" + + cmds+="${cmd}\n" + done + + readarray -t dups <<< $(echo -e "$cmds" | sort | uniq -d) + for dup in "${dups[@]}"; do + [[ -n $dup ]] || continue + report $t "duplicate command: $dup" + done + + for p in $t.payload* $t.json; do + [[ -f $p ]] || continue + [[ $p == *.got ]] && continue + [[ $p == *.json ]] && t="json" || t="payload" + + pcmds=$(grep '^#' $p) + readarray -t dups <<< $(echo "$pcmds" | sort | uniq -d) + readarray -t stales <<< $(echo "$pcmds" | while read hash pcmd; do + echo -e "$cmds" | grep -qxF "${pcmd}" || echo "# ${pcmd}" + done) + + for stale in "${stales[@]}"; do + [[ -n $stale ]] || continue + report $p "stale $t record: $stale" + done + for dup in "${dups[@]}"; do + [[ -n $dup ]] || continue + report $p "duplicate $t record: $dup" + done + done +done |