From 5d837d270d5a8b3a4d3fdca12d0f0800b8287cdd Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Mon, 20 Dec 2021 12:30:18 +0100 Subject: src: add tcp option reset support This allows to replace a tcp option with nops, similar to the TCPOPTSTRIP feature of iptables. Signed-off-by: Florian Westphal --- tests/py/any/tcpopt.t | 6 ++++++ tests/py/any/tcpopt.t.json | 35 +++++++++++++++++++++++++++++++++++ tests/py/any/tcpopt.t.payload | 12 ++++++++++++ 3 files changed, 53 insertions(+) (limited to 'tests/py') diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t index 3d4be2a2..177f01c4 100644 --- a/tests/py/any/tcpopt.t +++ b/tests/py/any/tcpopt.t @@ -54,3 +54,9 @@ tcp option mptcp exists;ok tcp option mptcp subtype 0;ok tcp option mptcp subtype 1;ok tcp option mptcp subtype { 0, 2};ok + +reset tcp option mptcp;ok +reset tcp option 2;ok;reset tcp option maxseg +reset tcp option 123;ok +reset tcp option meh;fail +reset tcp option 256;fail diff --git a/tests/py/any/tcpopt.t.json b/tests/py/any/tcpopt.t.json index 5cc6f8f4..4466f14f 100644 --- a/tests/py/any/tcpopt.t.json +++ b/tests/py/any/tcpopt.t.json @@ -585,3 +585,38 @@ } } ] + +# reset tcp option mptcp +[ + { + "reset": { + "tcp option": { + "name": "mptcp" + } + } + } +] + +# reset tcp option 2 +[ + { + "reset": { + "tcp option": { + "name": "maxseg" + } + } + } +] + +# reset tcp option 123 +[ + { + "reset": { + "tcp option": { + "base": 123, + "len": 0, + "offset": 0 + } + } + } +] diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload index 121cc97f..99b8985f 100644 --- a/tests/py/any/tcpopt.t.payload +++ b/tests/py/any/tcpopt.t.payload @@ -188,3 +188,15 @@ inet [ exthdr load tcpopt 1b @ 30 + 2 => reg 1 ] [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] + +# reset tcp option mptcp +ip test-ip4 input + [ exthdr reset tcpopt 30 ] + +# reset tcp option 2 +ip test-ip4 input + [ exthdr reset tcpopt 2 ] + +# reset tcp option 123 +ip test-ip4 input + [ exthdr reset tcpopt 123 ] -- cgit v1.2.3