From 226a0e072d5c1edeb53cb61b959b011168c5c29a Mon Sep 17 00:00:00 2001 From: Stephen Suryaputra Date: Wed, 3 Jul 2019 20:30:52 -0400 Subject: exthdr: add support for matching IPv4 options Add capability to have rules matching IPv4 options. This is developed mainly to support dropping of IP packets with loose and/or strict source route route options. Signed-off-by: Stephen Suryaputra Signed-off-by: Pablo Neira Ayuso --- tests/py/ip6/hbh.t.payload.inet | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) (limited to 'tests/py/ip6/hbh.t.payload.inet') diff --git a/tests/py/ip6/hbh.t.payload.inet b/tests/py/ip6/hbh.t.payload.inet index cf7e3535..e358351d 100644 --- a/tests/py/ip6/hbh.t.payload.inet +++ b/tests/py/ip6/hbh.t.payload.inet @@ -2,21 +2,21 @@ inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ cmp eq reg 1 0x00000016 ] # hbh hdrlength != 233 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ cmp neq reg 1 0x000000e9 ] # hbh hdrlength 33-45 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ cmp gte reg 1 0x00000021 ] [ cmp lte reg 1 0x0000002d ] @@ -24,7 +24,7 @@ inet test-inet filter-input inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ range neq reg 1 0x00000021 0x0000002d ] # hbh hdrlength {33, 55, 67, 88} @@ -34,7 +34,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ lookup reg 1 set __set%d ] # hbh hdrlength != {33, 55, 67, 88} @@ -44,7 +44,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # hbh hdrlength { 33-55} @@ -54,7 +54,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ lookup reg 1 set __set%d ] # hbh hdrlength != { 33-55} @@ -64,7 +64,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} @@ -74,7 +74,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d ] # hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} @@ -84,28 +84,28 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # hbh nexthdr 22 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ cmp eq reg 1 0x00000016 ] # hbh nexthdr != 233 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ cmp neq reg 1 0x000000e9 ] # hbh nexthdr 33-45 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ cmp gte reg 1 0x00000021 ] [ cmp lte reg 1 0x0000002d ] @@ -113,7 +113,7 @@ inet test-inet filter-input inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ range neq reg 1 0x00000021 0x0000002d ] # hbh nexthdr {33, 55, 67, 88} @@ -123,7 +123,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d ] # hbh nexthdr != {33, 55, 67, 88} @@ -133,7 +133,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # hbh nexthdr { 33-55} @@ -143,7 +143,7 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d ] # hbh nexthdr != { 33-55} @@ -153,20 +153,20 @@ __set%d test-inet 0 inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # hbh nexthdr ip inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ cmp eq reg 1 0x00000000 ] # hbh nexthdr != ip inet test-inet filter-input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] - [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ] [ cmp neq reg 1 0x00000000 ] -- cgit v1.2.3