From 226a0e072d5c1edeb53cb61b959b011168c5c29a Mon Sep 17 00:00:00 2001 From: Stephen Suryaputra Date: Wed, 3 Jul 2019 20:30:52 -0400 Subject: exthdr: add support for matching IPv4 options Add capability to have rules matching IPv4 options. This is developed mainly to support dropping of IP packets with loose and/or strict source route route options. Signed-off-by: Stephen Suryaputra Signed-off-by: Pablo Neira Ayuso --- tests/py/ip6/frag.t.payload.inet | 70 ++++++++++++++++++++-------------------- 1 file changed, 35 insertions(+), 35 deletions(-) (limited to 'tests/py/ip6/frag.t.payload.inet') diff --git a/tests/py/ip6/frag.t.payload.inet b/tests/py/ip6/frag.t.payload.inet index 06305330..ef44f1ae 100644 --- a/tests/py/ip6/frag.t.payload.inet +++ b/tests/py/ip6/frag.t.payload.inet @@ -2,14 +2,14 @@ inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] [ cmp eq reg 1 0x00000006 ] # frag nexthdr != icmp inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] [ cmp neq reg 1 0x00000001 ] # frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp} @@ -19,7 +19,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] [ lookup reg 1 set __set%d ] # frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp} @@ -29,42 +29,42 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # frag nexthdr esp inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] [ cmp eq reg 1 0x00000032 ] # frag nexthdr ah inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ] [ cmp eq reg 1 0x00000033 ] # frag reserved 22 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] [ cmp eq reg 1 0x00000016 ] # frag reserved != 233 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] [ cmp neq reg 1 0x000000e9 ] # frag reserved 33-45 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] [ cmp gte reg 1 0x00000021 ] [ cmp lte reg 1 0x0000002d ] @@ -72,7 +72,7 @@ inet test-inet output inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] [ range neq reg 1 0x00000021 0x0000002d ] # frag reserved { 33, 55, 67, 88} @@ -82,7 +82,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] [ lookup reg 1 set __set%d ] # frag reserved != { 33, 55, 67, 88} @@ -92,7 +92,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # frag reserved { 33-55} @@ -102,7 +102,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] [ lookup reg 1 set __set%d ] # frag reserved != { 33-55} @@ -112,14 +112,14 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # frag frag-off 22 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 2b @ 44 + 2 => reg 1 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000b000 ] @@ -127,7 +127,7 @@ inet test-inet output inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 2b @ 44 + 2 => reg 1 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] [ cmp neq reg 1 0x00004807 ] @@ -135,7 +135,7 @@ inet test-inet output inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 2b @ 44 + 2 => reg 1 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] [ cmp gte reg 1 0x00000801 ] [ cmp lte reg 1 0x00006801 ] @@ -144,7 +144,7 @@ inet test-inet output inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 2b @ 44 + 2 => reg 1 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] [ range neq reg 1 0x00000801 0x00006801 ] @@ -155,7 +155,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 2b @ 44 + 2 => reg 1 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] @@ -166,7 +166,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 2b @ 44 + 2 => reg 1 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] @@ -177,7 +177,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 2b @ 44 + 2 => reg 1 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] @@ -188,7 +188,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 2b @ 44 + 2 => reg 1 ] + [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ] [ lookup reg 1 set __set%d 0x1 ] @@ -196,7 +196,7 @@ inet test-inet output inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 3 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000001 ] @@ -204,28 +204,28 @@ inet test-inet output inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # frag id 22 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ cmp eq reg 1 0x16000000 ] # frag id != 33 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ cmp neq reg 1 0x21000000 ] # frag id 33-45 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ cmp gte reg 1 0x21000000 ] [ cmp lte reg 1 0x2d000000 ] @@ -233,7 +233,7 @@ inet test-inet output inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ range neq reg 1 0x21000000 0x2d000000 ] # frag id { 33, 55, 67, 88} @@ -243,7 +243,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ lookup reg 1 set __set%d ] # frag id != { 33, 55, 67, 88} @@ -253,7 +253,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # frag id { 33-55} @@ -263,7 +263,7 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ lookup reg 1 set __set%d ] # frag id != { 33-55} @@ -273,14 +273,14 @@ __set%d test-inet 0 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # frag reserved2 1 inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 3 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00000006 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000002 ] @@ -288,7 +288,7 @@ inet test-inet output inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 3 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000000 ] @@ -296,7 +296,7 @@ inet test-inet output inet test-inet output [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 44 + 3 => reg 1 ] + [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000001 ] -- cgit v1.2.3