diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/regression/bridge/ether.t | 8 | ||||
-rw-r--r-- | tests/regression/bridge/ether.t.payload | 44 | ||||
-rw-r--r-- | tests/regression/inet/ether-ip.t | 5 | ||||
-rw-r--r-- | tests/regression/inet/ether-ip.t.payload | 28 | ||||
-rw-r--r-- | tests/regression/ip/ether.t | 8 | ||||
-rw-r--r-- | tests/regression/ip/ether.t.payload | 50 | ||||
-rw-r--r-- | tests/regression/ip6/ether.t | 8 | ||||
-rw-r--r-- | tests/regression/ip6/ether.t.payload | 49 |
8 files changed, 200 insertions, 0 deletions
diff --git a/tests/regression/bridge/ether.t b/tests/regression/bridge/ether.t new file mode 100644 index 00000000..6257dfcd --- /dev/null +++ b/tests/regression/bridge/ether.t @@ -0,0 +1,8 @@ +*bridge;test-bridge + +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 +tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok +ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok diff --git a/tests/regression/bridge/ether.t.payload b/tests/regression/bridge/ether.t.payload new file mode 100644 index 00000000..8fdb0a95 --- /dev/null +++ b/tests/regression/bridge/ether.t.payload @@ -0,0 +1,44 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + +# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +bridge test-bridge input + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ immediate reg 0 accept ] + diff --git a/tests/regression/inet/ether-ip.t b/tests/regression/inet/ether-ip.t new file mode 100644 index 00000000..3726db45 --- /dev/null +++ b/tests/regression/inet/ether-ip.t @@ -0,0 +1,5 @@ +*inet;test-inet +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok diff --git a/tests/regression/inet/ether-ip.t.payload b/tests/regression/inet/ether-ip.t.payload new file mode 100644 index 00000000..62e37a59 --- /dev/null +++ b/tests/regression/inet/ether-ip.t.payload @@ -0,0 +1,28 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] diff --git a/tests/regression/ip/ether.t b/tests/regression/ip/ether.t new file mode 100644 index 00000000..4d30f51c --- /dev/null +++ b/tests/regression/ip/ether.t @@ -0,0 +1,8 @@ +*ip;test-ip + +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 accept +tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok +tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok +ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok diff --git a/tests/regression/ip/ether.t.payload b/tests/regression/ip/ether.t.payload new file mode 100644 index 00000000..0d234dab --- /dev/null +++ b/tests/regression/ip/ether.t.payload @@ -0,0 +1,50 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +ip test-ip input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 +ip test-ip input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +ip test-ip input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + +# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +ip test-ip input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ immediate reg 0 accept ] + diff --git a/tests/regression/ip6/ether.t b/tests/regression/ip6/ether.t new file mode 100644 index 00000000..98be273f --- /dev/null +++ b/tests/regression/ip6/ether.t @@ -0,0 +1,8 @@ +*ip6;test-ip6 + +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 accept +tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 +tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2;ok +ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept;ok diff --git a/tests/regression/ip6/ether.t.payload b/tests/regression/ip6/ether.t.payload new file mode 100644 index 00000000..c7342cc0 --- /dev/null +++ b/tests/regression/ip6/ether.t.payload @@ -0,0 +1,49 @@ +# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + +# ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept +ip6 test-ip6 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + [ immediate reg 0 accept ] |