From 6b29a5bebb957387fe1aac8fcbfd431e6be237f0 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Fri, 11 Dec 2015 11:10:14 +0100 Subject: tests/: rearrange tests directory Rearrange the directory to obtain a better organization of files and tests-suites. We end with a tree like this: tests | .--- py .--- shell .--- files This was suggested by Pablo. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- tests/regression/README | 141 ---- tests/regression/any/ct.t | 109 --- tests/regression/any/ct.t.payload | 275 -------- tests/regression/any/frag.t | 64 -- tests/regression/any/frag.t.payload | 109 --- tests/regression/any/limit.t | 25 - tests/regression/any/limit.t.payload | 64 -- tests/regression/any/log.t | 26 - tests/regression/any/log.t.payload | 52 -- tests/regression/any/meta.t | 197 ------ tests/regression/any/meta.t.payload | 756 -------------------- tests/regression/any/queue.t | 15 - tests/regression/any/queue.t.payload | 24 - tests/regression/arp/arp.t | 53 -- tests/regression/arp/arp.t.payload | 217 ------ tests/regression/arp/chains.t | 6 - tests/regression/arp/chains.t.payload | 0 tests/regression/bridge/chains.t | 8 - tests/regression/bridge/chains.t.payload | 0 tests/regression/bridge/ether.t | 8 - tests/regression/bridge/ether.t.payload | 44 -- tests/regression/bridge/reject.t | 38 - tests/regression/bridge/reject.t.payload | 106 --- tests/regression/bridge/vlan.t | 34 - tests/regression/bridge/vlan.t.payload | 201 ------ tests/regression/inet/ah.t | 58 -- tests/regression/inet/ah.t.payload.inet | 186 ----- tests/regression/inet/ah.t.payload.ip | 186 ----- tests/regression/inet/ah.t.payload.ip6 | 186 ----- tests/regression/inet/comp.t | 31 - tests/regression/inet/comp.t.payload.inet | 107 --- tests/regression/inet/comp.t.payload.ip | 107 --- tests/regression/inet/comp.t.payload.ip6 | 107 --- tests/regression/inet/dccp.t | 33 - tests/regression/inet/dccp.t.payload.inet | 82 --- tests/regression/inet/dccp.t.payload.ip | 82 --- tests/regression/inet/dccp.t.payload.ip6 | 82 --- tests/regression/inet/esp.t | 23 - tests/regression/inet/esp.t.payload.inet | 93 --- tests/regression/inet/esp.t.payload.ip | 93 --- tests/regression/inet/esp.t.payload.ip6 | 93 --- tests/regression/inet/ether-ip.t | 5 - tests/regression/inet/ether-ip.t.payload | 28 - tests/regression/inet/ether.t | 13 - tests/regression/inet/ether.t.payload | 55 -- tests/regression/inet/ether.t.payload.bridge | 49 -- tests/regression/inet/ether.t.payload.ip | 55 -- tests/regression/inet/ether.t.payload.ip6 | 55 -- tests/regression/inet/ip.t | 7 - tests/regression/inet/ip.t.payload.bridge | 11 - tests/regression/inet/ip.t.payload.inet | 13 - tests/regression/inet/ip.t.payload.ip | 11 - tests/regression/inet/reject.t | 35 - tests/regression/inet/reject.t.payload.inet | 220 ------ tests/regression/inet/sctp.t | 42 -- tests/regression/inet/sctp.t.payload.inet | 200 ------ tests/regression/inet/sctp.t.payload.ip | 200 ------ tests/regression/inet/sctp.t.payload.ip6 | 200 ------ tests/regression/inet/tcp.t | 105 --- tests/regression/inet/tcp.t.payload.inet | 508 -------------- tests/regression/inet/tcp.t.payload.ip | 508 -------------- tests/regression/inet/tcp.t.payload.ip6 | 508 -------------- tests/regression/inet/udp.t | 49 -- tests/regression/inet/udp.t.payload.ip | 222 ------ tests/regression/inet/udplite.t | 42 -- tests/regression/inet/udplite.t.payload.inet | 169 ----- tests/regression/inet/udplite.t.payload.ip | 169 ----- tests/regression/inet/udplite.t.payload.ip6 | 169 ----- tests/regression/ip/chains.t | 15 - tests/regression/ip/dnat.t | 15 - tests/regression/ip/dnat.t.payload.ip | 69 -- tests/regression/ip/dup.t | 6 - tests/regression/ip/dup.t.payload | 21 - tests/regression/ip/ether.t | 8 - tests/regression/ip/ether.t.payload | 50 -- tests/regression/ip/icmp.t | 93 --- tests/regression/ip/icmp.t.payload.ip | 463 ------------ tests/regression/ip/ip.t | 117 ---- tests/regression/ip/ip.t.payload | 386 ---------- tests/regression/ip/ip.t.payload.inet | 506 -------------- tests/regression/ip/masquerade.t | 25 - tests/regression/ip/masquerade.t.payload | 127 ---- tests/regression/ip/redirect.t | 45 -- tests/regression/ip/redirect.t.payload | 201 ------ tests/regression/ip/reject.t | 14 - tests/regression/ip/reject.t.payload | 32 - tests/regression/ip/sets.t | 30 - tests/regression/ip/sets.t.payload.inet | 16 - tests/regression/ip/sets.t.payload.ip | 12 - tests/regression/ip/snat.t | 12 - tests/regression/ip/snat.t.payload | 50 -- tests/regression/ip6/chains.t | 17 - tests/regression/ip6/dnat.t | 5 - tests/regression/ip6/dnat.t.payload.ip6 | 25 - tests/regression/ip6/dst.t | 25 - tests/regression/ip6/dst.t.payload.inet | 94 --- tests/regression/ip6/dst.t.payload.ip6 | 95 --- tests/regression/ip6/dup.t | 6 - tests/regression/ip6/dup.t.payload | 21 - tests/regression/ip6/ether.t | 8 - tests/regression/ip6/ether.t.payload | 49 -- tests/regression/ip6/hbh.t | 25 - tests/regression/ip6/hbh.t.payload.inet | 94 --- tests/regression/ip6/hbh.t.payload.ip6 | 94 --- tests/regression/ip6/icmpv6.t | 96 --- tests/regression/ip6/icmpv6.t.payload.ip6 | 409 ----------- tests/regression/ip6/ip6.t | 143 ---- tests/regression/ip6/ip6.t.payload.inet | 461 ------------ tests/regression/ip6/ip6.t.payload.ip6 | 339 --------- tests/regression/ip6/masquerade.t | 25 - tests/regression/ip6/masquerade.t.payload.ip6 | 127 ---- tests/regression/ip6/mh.t | 49 -- tests/regression/ip6/mh.t.payload.inet | 198 ------ tests/regression/ip6/mh.t.payload.ip6 | 198 ------ tests/regression/ip6/redirect.t | 44 -- tests/regression/ip6/redirect.t.payload.ip6 | 185 ----- tests/regression/ip6/reject.t | 12 - tests/regression/ip6/reject.t.payload.ip6 | 26 - tests/regression/ip6/rt.t | 45 -- tests/regression/ip6/rt.t.payload.inet | 180 ----- tests/regression/ip6/rt.t.payload.ip6 | 180 ----- tests/regression/ip6/sets.t | 22 - tests/regression/ip6/sets.t.payload | 0 tests/regression/ip6/sets.t.payload.inet | 8 - tests/regression/ip6/sets.t.payload.ip6 | 6 - tests/regression/ip6/snat.t | 5 - tests/regression/ip6/snat.t.payload.ip6 | 25 - tests/regression/ip6/vmap.t | 54 -- tests/regression/ip6/vmap.t.payload.inet | 420 ----------- tests/regression/ip6/vmap.t.payload.ip6 | 336 --------- tests/regression/nft-test.py | 968 -------------------------- 131 files changed, 15201 deletions(-) delete mode 100644 tests/regression/README delete mode 100644 tests/regression/any/ct.t delete mode 100644 tests/regression/any/ct.t.payload delete mode 100644 tests/regression/any/frag.t delete mode 100644 tests/regression/any/frag.t.payload delete mode 100644 tests/regression/any/limit.t delete mode 100644 tests/regression/any/limit.t.payload delete mode 100644 tests/regression/any/log.t delete mode 100644 tests/regression/any/log.t.payload delete mode 100644 tests/regression/any/meta.t delete mode 100644 tests/regression/any/meta.t.payload delete mode 100644 tests/regression/any/queue.t delete mode 100644 tests/regression/any/queue.t.payload delete mode 100644 tests/regression/arp/arp.t delete mode 100644 tests/regression/arp/arp.t.payload delete mode 100644 tests/regression/arp/chains.t delete mode 100644 tests/regression/arp/chains.t.payload delete mode 100644 tests/regression/bridge/chains.t delete mode 100644 tests/regression/bridge/chains.t.payload delete mode 100644 tests/regression/bridge/ether.t delete mode 100644 tests/regression/bridge/ether.t.payload delete mode 100644 tests/regression/bridge/reject.t delete mode 100644 tests/regression/bridge/reject.t.payload delete mode 100644 tests/regression/bridge/vlan.t delete mode 100644 tests/regression/bridge/vlan.t.payload delete mode 100644 tests/regression/inet/ah.t delete mode 100644 tests/regression/inet/ah.t.payload.inet delete mode 100644 tests/regression/inet/ah.t.payload.ip delete mode 100644 tests/regression/inet/ah.t.payload.ip6 delete mode 100644 tests/regression/inet/comp.t delete mode 100644 tests/regression/inet/comp.t.payload.inet delete mode 100644 tests/regression/inet/comp.t.payload.ip delete mode 100644 tests/regression/inet/comp.t.payload.ip6 delete mode 100644 tests/regression/inet/dccp.t delete mode 100644 tests/regression/inet/dccp.t.payload.inet delete mode 100644 tests/regression/inet/dccp.t.payload.ip delete mode 100644 tests/regression/inet/dccp.t.payload.ip6 delete mode 100644 tests/regression/inet/esp.t delete mode 100644 tests/regression/inet/esp.t.payload.inet delete mode 100644 tests/regression/inet/esp.t.payload.ip delete mode 100644 tests/regression/inet/esp.t.payload.ip6 delete mode 100644 tests/regression/inet/ether-ip.t delete mode 100644 tests/regression/inet/ether-ip.t.payload delete mode 100644 tests/regression/inet/ether.t delete mode 100644 tests/regression/inet/ether.t.payload delete mode 100644 tests/regression/inet/ether.t.payload.bridge delete mode 100644 tests/regression/inet/ether.t.payload.ip delete mode 100644 tests/regression/inet/ether.t.payload.ip6 delete mode 100644 tests/regression/inet/ip.t delete mode 100644 tests/regression/inet/ip.t.payload.bridge delete mode 100644 tests/regression/inet/ip.t.payload.inet delete mode 100644 tests/regression/inet/ip.t.payload.ip delete mode 100644 tests/regression/inet/reject.t delete mode 100644 tests/regression/inet/reject.t.payload.inet delete mode 100644 tests/regression/inet/sctp.t delete mode 100644 tests/regression/inet/sctp.t.payload.inet delete mode 100644 tests/regression/inet/sctp.t.payload.ip delete mode 100644 tests/regression/inet/sctp.t.payload.ip6 delete mode 100644 tests/regression/inet/tcp.t delete mode 100644 tests/regression/inet/tcp.t.payload.inet delete mode 100644 tests/regression/inet/tcp.t.payload.ip delete mode 100644 tests/regression/inet/tcp.t.payload.ip6 delete mode 100644 tests/regression/inet/udp.t delete mode 100644 tests/regression/inet/udp.t.payload.ip delete mode 100644 tests/regression/inet/udplite.t delete mode 100644 tests/regression/inet/udplite.t.payload.inet delete mode 100644 tests/regression/inet/udplite.t.payload.ip delete mode 100644 tests/regression/inet/udplite.t.payload.ip6 delete mode 100644 tests/regression/ip/chains.t delete mode 100644 tests/regression/ip/dnat.t delete mode 100644 tests/regression/ip/dnat.t.payload.ip delete mode 100644 tests/regression/ip/dup.t delete mode 100644 tests/regression/ip/dup.t.payload delete mode 100644 tests/regression/ip/ether.t delete mode 100644 tests/regression/ip/ether.t.payload delete mode 100644 tests/regression/ip/icmp.t delete mode 100644 tests/regression/ip/icmp.t.payload.ip delete mode 100644 tests/regression/ip/ip.t delete mode 100644 tests/regression/ip/ip.t.payload delete mode 100644 tests/regression/ip/ip.t.payload.inet delete mode 100644 tests/regression/ip/masquerade.t delete mode 100644 tests/regression/ip/masquerade.t.payload delete mode 100644 tests/regression/ip/redirect.t delete mode 100644 tests/regression/ip/redirect.t.payload delete mode 100644 tests/regression/ip/reject.t delete mode 100644 tests/regression/ip/reject.t.payload delete mode 100644 tests/regression/ip/sets.t delete mode 100644 tests/regression/ip/sets.t.payload.inet delete mode 100644 tests/regression/ip/sets.t.payload.ip delete mode 100644 tests/regression/ip/snat.t delete mode 100644 tests/regression/ip/snat.t.payload delete mode 100644 tests/regression/ip6/chains.t delete mode 100644 tests/regression/ip6/dnat.t delete mode 100644 tests/regression/ip6/dnat.t.payload.ip6 delete mode 100644 tests/regression/ip6/dst.t delete mode 100644 tests/regression/ip6/dst.t.payload.inet delete mode 100644 tests/regression/ip6/dst.t.payload.ip6 delete mode 100644 tests/regression/ip6/dup.t delete mode 100644 tests/regression/ip6/dup.t.payload delete mode 100644 tests/regression/ip6/ether.t delete mode 100644 tests/regression/ip6/ether.t.payload delete mode 100644 tests/regression/ip6/hbh.t delete mode 100644 tests/regression/ip6/hbh.t.payload.inet delete mode 100644 tests/regression/ip6/hbh.t.payload.ip6 delete mode 100644 tests/regression/ip6/icmpv6.t delete mode 100644 tests/regression/ip6/icmpv6.t.payload.ip6 delete mode 100644 tests/regression/ip6/ip6.t delete mode 100644 tests/regression/ip6/ip6.t.payload.inet delete mode 100644 tests/regression/ip6/ip6.t.payload.ip6 delete mode 100644 tests/regression/ip6/masquerade.t delete mode 100644 tests/regression/ip6/masquerade.t.payload.ip6 delete mode 100644 tests/regression/ip6/mh.t delete mode 100644 tests/regression/ip6/mh.t.payload.inet delete mode 100644 tests/regression/ip6/mh.t.payload.ip6 delete mode 100644 tests/regression/ip6/redirect.t delete mode 100644 tests/regression/ip6/redirect.t.payload.ip6 delete mode 100644 tests/regression/ip6/reject.t delete mode 100644 tests/regression/ip6/reject.t.payload.ip6 delete mode 100644 tests/regression/ip6/rt.t delete mode 100644 tests/regression/ip6/rt.t.payload.inet delete mode 100644 tests/regression/ip6/rt.t.payload.ip6 delete mode 100644 tests/regression/ip6/sets.t delete mode 100644 tests/regression/ip6/sets.t.payload delete mode 100644 tests/regression/ip6/sets.t.payload.inet delete mode 100644 tests/regression/ip6/sets.t.payload.ip6 delete mode 100644 tests/regression/ip6/snat.t delete mode 100644 tests/regression/ip6/snat.t.payload.ip6 delete mode 100644 tests/regression/ip6/vmap.t delete mode 100644 tests/regression/ip6/vmap.t.payload.inet delete mode 100644 tests/regression/ip6/vmap.t.payload.ip6 delete mode 100755 tests/regression/nft-test.py (limited to 'tests/regression') diff --git a/tests/regression/README b/tests/regression/README deleted file mode 100644 index 82d73a27..00000000 --- a/tests/regression/README +++ /dev/null @@ -1,141 +0,0 @@ -Author: Ana Rey -Date: 18/Sept/2014 - -Here, the automated regression testing for nftables and some test -files. - -This script checks that the rule input and output of nft matches. -More details here below. - -A) What is this testing? - -This script tests two different paths: - -* The rule input from the command-line. This checks the different steps - from the command line to the kernel. This includes the parsing, - evaluation and netlink generation steps. - -* The output listing that is obtained from the kernel. This checks the - different steps from the kernel to the command line: The netlink - message parsing, postprocess and textify steps to display the rule - listing. - -As a final step, this script compares that the rule that is added can -be listed by nft. - -B) What options are available? - -The script offers the following options: - -* Execute test files: - -./nft-test.py # Run all test files -./nft-test.py path/file.t # Run this test file - -If there is a problem, it shows the differences between the rule that -is added and the rule that is listed by nft. - -In case you hit an error, the script doesn't keep testing for more -families. Unless you specify the --force-family option. - -* Execute broken tests: - -./nft-test.sh -e - -This runs tests for rules that need a fix: This mode runs the lines that -that start with a "-" symbol. - -* Debugging: - -./nft-test.sh -d - -This shows all the commands that the script executes, so you can watch -its internal behaviour. - -* Keep testing all families on error. - -./nft-test.sh -f - -Don't stop testing for more families in case of error. - -C) What is the structure of the test file? - -A test file contains a set of rules that are added in the system. - -Here, an example of a test file: - - *ip;test-ipv4 # line 1 - *ip6;test-ipv6 # line 2 - *inet;test-inet # line 3 - - :input;type filter hook input priority 0 # line 4 - - ah hdrlength != 11-23;ok;ah hdrlength < 11 ah hdrlength > 23 # line 5 - - tcp dport != {22-25} # line 6 - - !set1 ipv4_addr;ok # line 7 - ?set1 192.168.3.8 192.168.3.9;ok # line 8 - # This is a commented-line. # line 9 - -Line 1 defines a table. The name of the table is 'test-ip' and the -family is ip. Lines 2 and 3 defines more tables for different families -so the rules in this test file are also tested there. - -Line 4 defines the chain. The name of this chain is "input". The type is -"filter", the hook is "input" and the priority is 0. - -Line 5 defines the rule, the ";" character is used as separator of several -parts: - -* Part 1: "ah hdrlength != 11-23" is the rule to check. -* Part 2: "ok" is the result expected with the execute of this rule. -* Part 3: "ah hdrlength < 11 ah hdrlength > 23". This is the expected - output. You can leave this empty if the output is the same as the - input. - -Line 6 is a marked line. This means that this rule is tested if -'-e' is passed as argument to nft-test.py. - -Line 7 adds a new set. The name of this set is "set1" and the type -of this set is "ipv4_add". - -Line 8 adds two elements into the 'set1' set: "192.168.3.8" and -"192.168.3.9". A whitespace separates the elements of the set. - -Line 9 uses the "#" symbol that means that this line is commented out. - -D) The test folders - -The test files are divided in several directories: ip, ip6, inet, arp, -bridge and any. - - * "ip" folder contains the test files that are executed in ip and inet - table. - - * "ip6" folder contains the test files that are executed in ip6 and inet - table. - - * "inet" folder contains the test files that are executed in the ip, ip6 - and inet table. - - * "arp" folder contains the test files that are executed in the arp - table. - - * "bridge" folder: Here are the test files are executed in bridge - tables. - - * "any" folder: Here are the test files are executed in ip, ip6, inet, - arp and bridge tables. - -E) Meaning of messages: - -* A warning message means the rule input and output of nft mismatches. -* An error message means the nft-tool shows an error when we add it or - the listing is broken after the rule is added. - -F) Acknowledgements - -Thanks to the Outreach Program for Women (OPW) for sponsoring this test -infrastructure and my mentor Pablo Neira. - --EOF- diff --git a/tests/regression/any/ct.t b/tests/regression/any/ct.t deleted file mode 100644 index 059402e2..00000000 --- a/tests/regression/any/ct.t +++ /dev/null @@ -1,109 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet - -:output;type filter hook output priority 0 - -ct state new,established, related, untracked;ok;ct state established,related,new,untracked -ct state != related;ok -ct state {new,established, related, untracked};ok -- ct state != {new,established, related, untracked};ok -ct state invalid drop;ok -ct state established accept;ok -ct state 8;ok;ct state new -ct state xxx;fail - -ct direction original;ok -ct direction != original;ok -ct direction reply;ok -ct direction != reply;ok -ct direction {reply, original};ok -- ct direction != {reply, original};ok -ct direction xxx;fail - -ct status expected;ok -ct status != expected;ok -ct status seen-reply;ok -ct status != seen-reply;ok -ct status {expected, seen-reply, assured, confirmed, dying};ok -ct status xxx;fail - -# SYMBOL("snat", IPS_SRC_NAT) -# SYMBOL("dnat", IPS_DST_NAT) -- ct status snat;ok -- ct status dnat;ok - -ct mark 0;ok;ct mark 0x00000000 -ct mark or 0x23 == 0x11;ok;ct mark | 0x00000023 == 0x00000011 -ct mark or 0x3 != 0x1;ok;ct mark | 0x00000003 != 0x00000001 -ct mark and 0x23 == 0x11;ok;ct mark & 0x00000023 == 0x00000011 -ct mark and 0x3 != 0x1;ok;ct mark & 0x00000003 != 0x00000001 -ct mark xor 0x23 == 0x11;ok;ct mark 0x00000032 -ct mark xor 0x3 != 0x1;ok;ct mark != 0x00000002 - -ct mark 0x00000032;ok -ct mark != 0x00000032;ok -ct mark 0x00000032-0x00000045;ok -ct mark != 0x00000032-0x00000045;ok -ct mark {0x32, 0x2222, 0x42de3};ok;ct mark { 0x00042de3, 0x00002222, 0x00000032} -- ct mark != {0x32, 0x2222, 0x42de3};ok - -# ct mark != {0x32, 0x2222, 0x42de3};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -ct mark set 0x11 xor 0x1331;ok;ct mark set 0x00001320 -ct mark set 0x11333 and 0x11;ok;ct mark set 0x00000011 -ct mark set 0x12 or 0x11;ok;ct mark set 0x00000013 -ct mark set 0x11;ok;ct mark set 0x00000011 - -ct expiration 30;ok;ct expiration 30s -ct expiration 22;ok;ct expiration 22s -ct expiration != 233;ok;ct expiration != 3m53s -ct expiration 33-45;ok;ct expiration 33s-45s -ct expiration != 33-45;ok;ct expiration != 33s-45s -ct expiration {33, 55, 67, 88};ok;ct expiration { 1m7s, 33s, 55s, 1m28s} -- ct expiration != {33, 55, 67, 88};ok;ct expiration { 1m7s, 33s, 55s, 1m28s} -ct expiration {33-55};ok;ct expiration { 33s-55s} -# BUG: ct expiration {33-55} -# Broken output: ct expiration { "4271d23h25m52s"-"8738d3h11m59s" } -- ct expiration != {33-55};ok - -ct helper "ftp";ok -ct helper "12345678901234567";fail - -# BUG: ct l3proto "Layer 3 protocol of the connection" -# nft add rule ip test input ct l3proto arp -# :1:35-37: Error: Can t parse symbolic invalid expressions - - -# If table is ip6 or inet or bridge family,, It is failed. I can not test it -# ct saddr 1.2.3.4;ok - -# BUG: ct saddr 192.168.3.4 -# :1:1-43: Error: Could not process rule: Invalid argument -# add rule ip test input ct saddr 192.168.3.4 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- ct saddr 192.168.3.4;ok -- ct daddr 192.168.3.4;ok - -# BUG: ct protocol tcp -# :1:1-37: Error: Could not process rule: Invalid argument -# input ct protocol bgp :1:36-38: Error: Could not resolve protocol name -# ct protocol tcp;ok -- ct protocol tcp;ok - -- ct proto-src udp;ok -- ct proto-dst udp;ok -# BUG: ct proto-src udp and ct proto-dst udp -# :1:37-39: Error: datatype mismatch, expected invalid, expression has type Internet protocol -# add rule ip test input ct proto-src udp -# ~~~~~~~~~~~~ ^^^ -# :1:37-39: Error: datatype mismatch, expected invalid, expression has type Internet protocol -# add rule ip test input ct proto-dst udp -# ~~~~~~~~~~~~ ^^^ - -ct state . ct mark { new . 0x12345678};ok -ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634};ok -ct direction . ct mark { original . 0x12345678};ok -ct state . ct mark vmap { new . 0x12345678 : drop};ok diff --git a/tests/regression/any/ct.t.payload b/tests/regression/any/ct.t.payload deleted file mode 100644 index 2bebaccd..00000000 --- a/tests/regression/any/ct.t.payload +++ /dev/null @@ -1,275 +0,0 @@ -# ct state new,established, related, untracked -ip test-ip4 output - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000004e ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# ct state != related -ip test-ip4 output - [ ct load state => reg 1 ] - [ cmp neq reg 1 0x00000004 ] - -# ct state {new,established, related, untracked} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000008 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000040 : 0 [end] -ip test-ip4 output - [ ct load state => reg 1 ] - [ lookup reg 1 set set%d ] - -# ct state invalid drop -ip test-ip4 output - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ immediate reg 0 drop ] - -# ct state established accept -ip test-ip4 output - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ immediate reg 0 accept ] - -# ct state 8 -ip test-ip4 output - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000008 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# ct direction original -ip test-ip4 output - [ ct load direction => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# ct direction != original -ip test-ip4 output - [ ct load direction => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# ct direction reply -ip test-ip4 output - [ ct load direction => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# ct direction != reply -ip test-ip4 output - [ ct load direction => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# ct direction {reply, original} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000000 : 0 [end] -ip test-ip4 output - [ ct load direction => reg 1 ] - [ lookup reg 1 set set%d ] - -# ct status expected -ip test-ip4 output - [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# ct status != expected -ip test-ip4 output - [ ct load status => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# ct status seen-reply -ip test-ip4 output - [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# ct status != seen-reply -ip test-ip4 output - [ ct load status => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - -# ct status {expected, seen-reply, assured, confirmed, dying} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000200 : 0 [end] -ip test-ip4 output - [ ct load status => reg 1 ] - [ lookup reg 1 set set%d ] - -# ct mark 0 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# ct mark or 0x23 == 0x11 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffdc ) ^ 0x00000023 ] - [ cmp eq reg 1 0x00000011 ] - -# ct mark or 0x3 != 0x1 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] - [ cmp neq reg 1 0x00000001 ] - -# ct mark and 0x23 == 0x11 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000023 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000011 ] - -# ct mark and 0x3 != 0x1 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000001 ] - -# ct mark xor 0x23 == 0x11 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# ct mark xor 0x3 != 0x1 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - -# ct mark 0x00000032 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# ct mark != 0x00000032 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# ct mark 0x00000032-0x00000045 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0x32000000 ] - [ cmp lte reg 1 0x45000000 ] - -# ct mark != 0x00000032-0x00000045 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0x32000000 ] - [ cmp gt reg 1 0x45000000 ] - -# ct mark {0x32, 0x2222, 0x42de3} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000032 : 0 [end] element 00002222 : 0 [end] element 00042de3 : 0 [end] -ip test-ip4 output - [ ct load mark => reg 1 ] - [ lookup reg 1 set set%d ] - -# ct mark set 0x11 xor 0x1331 -ip test-ip4 output - [ immediate reg 1 0x00001320 ] - [ ct set mark with reg 1 ] - -# ct mark set 0x11333 and 0x11 -ip test-ip4 output - [ immediate reg 1 0x00000011 ] - [ ct set mark with reg 1 ] - -# ct mark set 0x12 or 0x11 -ip test-ip4 output - [ immediate reg 1 0x00000013 ] - [ ct set mark with reg 1 ] - -# ct mark set 0x11 -ip test-ip4 output - [ immediate reg 1 0x00000011 ] - [ ct set mark with reg 1 ] - -# ct expiration 30 -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ cmp eq reg 1 0x0000001e ] - -# ct expiration 22 -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# ct expiration != 233 -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# ct expiration 33-45 -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# ct expiration != 33-45 -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# ct expiration {33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ lookup reg 1 set set%d ] - -# ct expiration {33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - -# ct helper "ftp" -ip test-ip4 output - [ ct load helper => reg 1 ] - [ cmp eq reg 1 0x00707466 0x00000000 0x00000000 0x00000000 ] - -# ct state . ct mark { new . 0x12345678} -set%d test 3 -set%d test 0 - element 00000008 12345678 : 0 [end] -ip test-ip4 output - [ ct load state => reg 1 ] - [ ct load mark => reg 9 ] - [ lookup reg 1 set set%d ] - -# ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000008 12345678 : 0 [end] element 00000008 34127856 : 0 [end] element 00000002 12785634 : 0 [end] -ip test-ip4 output - [ ct load state => reg 1 ] - [ ct load mark => reg 9 ] - [ lookup reg 1 set set%d ] - -# ct direction . ct mark { original . 0x12345678} -set%d test 3 -set%d test 0 - element 00000000 12345678 : 0 [end] -ip test-ip4 output - [ ct load direction => reg 1 ] - [ ct load mark => reg 9 ] - [ lookup reg 1 set set%d ] - -# ct state . ct mark vmap { new . 0x12345678 : drop} -map%d test-ip4 b -map%d test-ip4 0 - element 00000008 12345678 : 0 [end] -ip test-ip4 output - [ ct load state => reg 1 ] - [ ct load mark => reg 9 ] - [ lookup reg 1 set map%d dreg 0 ] - diff --git a/tests/regression/any/frag.t b/tests/regression/any/frag.t deleted file mode 100644 index d61a3d4f..00000000 --- a/tests/regression/any/frag.t +++ /dev/null @@ -1,64 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*arp;test-arp -*bridge;test-bridge -:output;type filter hook output priority 0 - -frag nexthdr tcp;ok;frag nexthdr 6 -frag nexthdr != icmp;ok;frag nexthdr != 1 -frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok;frag nexthdr { 51, 136, 132, 6, 108, 50, 17, 33} -- frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok -frag nexthdr esp;ok;frag nexthdr 50 -frag nexthdr ah;ok;frag nexthdr 51 - -frag reserved 22;ok -frag reserved != 233;ok -frag reserved 33-45;ok -frag reserved != 33-45;ok -frag reserved { 33, 55, 67, 88};ok -- frag reserved != { 33, 55, 67, 88};ok -frag reserved { 33-55};ok -- frag reserved != { 33-55};ok - -# BUG: frag frag-off 22 and frag frag-off { 33-55} -# This breaks table listing: "netlink: Error: Relational expression size mismatch" - -- frag frag-off 22;ok -- frag frag-off != 233;ok -- frag frag-off 33-45;ok -- frag frag-off != 33-45;ok -- frag frag-off { 33, 55, 67, 88};ok -- frag frag-off != { 33, 55, 67, 88};ok -- frag frag-off { 33-55};ok -- frag frag-off != { 33-55};ok - -# BUG frag reserved2 33 and frag reserved2 1 -# $ sudo nft add rule ip test input frag reserved2 33 -# :1:39-40: Error: Value 33 exceeds valid range 0-3 -# add rule ip test input frag reserved2 33 -# ^^ -# sudo nft add rule ip test input frag reserved2 1 -# :1:1-39: Error: Could not process rule: Invalid argument -# add rule ip test input frag reserved2 1 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -# BUG more-fragments 1 and frag more-fragments 4 -# frag more-fragments 1 -# :1:1-44: Error: Could not process rule: Invalid argument -# add rule ip test input frag more-fragments 1 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -# $ sudo nft add rule ip test input frag more-fragments 4 -# :1:44-44: Error: Value 4 exceeds valid range 0-1 -# add rule ip test input frag more-fragments 4 -# ^ - -frag id 1;ok -frag id 22;ok -frag id != 33;ok -frag id 33-45;ok -frag id != 33-45;ok -frag id { 33, 55, 67, 88};ok -- frag id != { 33, 55, 67, 88};ok -frag id { 33-55};ok -- frag id != { 33-55};ok diff --git a/tests/regression/any/frag.t.payload b/tests/regression/any/frag.t.payload deleted file mode 100644 index a91ab3fa..00000000 --- a/tests/regression/any/frag.t.payload +++ /dev/null @@ -1,109 +0,0 @@ -# frag nexthdr tcp -ip test-ip4 output - [ exthdr load 1b @ 44 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - -# frag nexthdr != icmp -ip test-ip4 output - [ exthdr load 1b @ 44 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -ip test-ip4 output - [ exthdr load 1b @ 44 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# frag nexthdr esp -ip test-ip4 output - [ exthdr load 1b @ 44 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# frag nexthdr ah -ip test-ip4 output - [ exthdr load 1b @ 44 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - -# frag reserved 22 -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# frag reserved != 233 -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# frag reserved 33-45 -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# frag reserved != 33-45 -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# frag reserved { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# frag reserved { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# frag id 1 -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# frag id 22 -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# frag id != 33 -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ cmp neq reg 1 0x21000000 ] - -# frag id 33-45 -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# frag id != 33-45 -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# frag id { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# frag id { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/any/limit.t b/tests/regression/any/limit.t deleted file mode 100644 index 96ffe609..00000000 --- a/tests/regression/any/limit.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*arp;test-arp -*bridge;test-bridge -:output;type filter hook output priority 0 - -limit rate 400/minute;ok -limit rate 20/second;ok -limit rate 400/hour;ok -limit rate 40/day;ok -limit rate 400/week;ok -limit rate 1023/second burst 10 packets;ok - -limit rate 1 kbytes/second;ok -limit rate 2 kbytes/second;ok -limit rate 1025 kbytes/second;ok -limit rate 1023 mbytes/second;ok -limit rate 10230 mbytes/second;ok -limit rate 1023000 mbytes/second;ok - -limit rate 1025 bytes/second burst 512 bytes;ok -limit rate 1025 kbytes/second burst 1023 kbytes;ok -limit rate 1025 mbytes/second burst 1025 kbytes;ok -limit rate 1025000 mbytes/second burst 1023 mbytes;ok diff --git a/tests/regression/any/limit.t.payload b/tests/regression/any/limit.t.payload deleted file mode 100644 index a3c87d84..00000000 --- a/tests/regression/any/limit.t.payload +++ /dev/null @@ -1,64 +0,0 @@ -# limit rate 400/minute -ip test-ip4 output - [ limit rate 400/minute burst 0 type packets ] - -# limit rate 20/second -ip test-ip4 output - [ limit rate 20/second burst 0 type packets ] - -# limit rate 400/hour -ip test-ip4 output - [ limit rate 400/hour burst 0 type packets ] - -# limit rate 400/week -ip test-ip4 output - [ limit rate 400/week burst 0 type packets ] - -# limit rate 40/day -ip test-ip4 output - [ limit rate 40/day burst 0 type packets ] - -# limit rate 1023/second burst 10 packets -ip test-ip4 output - [ limit rate 1023/second burst 10 type packets ] - -# limit rate 1 kbytes/second -ip test-ip4 output - [ limit rate 1024/second burst 0 type bytes ] - -# limit rate 2 kbytes/second -ip test-ip4 output - [ limit rate 2048/second burst 0 type bytes ] - -# limit rate 1025 kbytes/second -ip test-ip4 output - [ limit rate 1049600/second burst 0 type bytes ] - -# limit rate 1023 mbytes/second -ip test-ip4 output - [ limit rate 1072693248/second burst 0 type bytes ] - -# limit rate 10230 mbytes/second -ip test-ip4 output - [ limit rate 10726932480/second burst 0 type bytes ] - -# limit rate 1023000 mbytes/second -ip test-ip4 output - [ limit rate 1072693248000/second burst 0 type bytes ] - -# limit rate 1025 bytes/second burst 512 bytes -ip test-ip4 output - [ limit rate 1025/second burst 512 type bytes ] - -# limit rate 1025 kbytes/second burst 1023 kbytes -ip test-ip4 output - [ limit rate 1049600/second burst 1047552 type bytes ] - -# limit rate 1025 mbytes/second burst 1025 kbytes -ip test-ip4 output - [ limit rate 1074790400/second burst 1049600 type bytes ] - -# limit rate 1025000 mbytes/second burst 1023 mbytes -ip test-ip4 output - [ limit rate 1074790400000/second burst 1072693248 type bytes ] - diff --git a/tests/regression/any/log.t b/tests/regression/any/log.t deleted file mode 100644 index 0eed5807..00000000 --- a/tests/regression/any/log.t +++ /dev/null @@ -1,26 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*arp;test-arp -*bridge;test-bridge -:output;type filter hook output priority 0 - -log;ok -log level emerg;ok -log level alert;ok -log level crit;ok -log level err;ok -log level warn;ok;log -log level notice;ok -log level info;ok -log level debug;ok - -log level emerg group 2;fail -log level alert group 2 prefix "log test2";fail - -log prefix aaaaa-aaaaaa group 2 snaplen 33;ok;log prefix "aaaaa-aaaaaa" group 2 snaplen 33 -# TODO: Add an exception: 'queue-threshold' attribute needs 'group' attribute -# The correct rule is log group 2 queue-threshold 2 -log group 2 queue-threshold 2;ok -log group 2 snaplen 33;ok -log group 2 prefix \"nft-test: \";ok;log prefix "nft-test: " group 2 diff --git a/tests/regression/any/log.t.payload b/tests/regression/any/log.t.payload deleted file mode 100644 index 689668b6..00000000 --- a/tests/regression/any/log.t.payload +++ /dev/null @@ -1,52 +0,0 @@ -# log -ip test-ip4 output - [ log prefix (null) ] - -# log level emerg -ip test-ip4 output - [ log prefix (null) level 0 flags 0] - -# log level alert -ip test-ip4 output - [ log prefix (null) level 1 flags 0] - -# log level crit -ip test-ip4 output - [ log prefix (null) level 2 flags 0] - -# log level err -ip test-ip4 output - [ log prefix (null) level 3 flags 0] - -# log level warn -ip test-ip4 output - [ log prefix (null) level 4 flags 0] - -# log level notice -ip test-ip4 output - [ log prefix (null) level 5 flags 0] - -# log level info -ip test-ip4 output - [ log prefix (null) level 6 flags 0] - -# log level debug -ip test-ip4 output - [ log prefix (null) level 7 flags 0] - -# log prefix aaaaa-aaaaaa group 2 snaplen 33 -ip test-ip4 output - [ log prefix aaaaa-aaaaaa group 2 snaplen 33 qthreshold 0] - -# log group 2 queue-threshold 2 -ip test-ip4 output - [ log prefix (null) group 2 snaplen 0 qthreshold 2] - -# log group 2 snaplen 33 -ip test-ip4 output - [ log prefix (null) group 2 snaplen 33 qthreshold 0] - -# log group 2 prefix \"nft-test: \" -ip test-ip4 output - [ log prefix nft-test: group 2 snaplen 0 qthreshold 0] - diff --git a/tests/regression/any/meta.t b/tests/regression/any/meta.t deleted file mode 100644 index c03e7f4e..00000000 --- a/tests/regression/any/meta.t +++ /dev/null @@ -1,197 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*arp;test-arp -*bridge;test-bridge - -:input;type filter hook input priority 0 - -meta length 1000;ok -meta length 22;ok -meta length != 233;ok -meta length 33-45;ok -meta length != 33-45;ok -meta length { 33, 55, 67, 88};ok -- meta length != { 33, 55, 67, 88};ok -meta length { 33-55};ok -- meta length != { 33-55};ok - -meta protocol { ip, arp, ip6, vlan };ok;meta protocol { ip6, ip, vlan, arp} -- meta protocol != {ip, arp, ip6, vlan};ok -meta protocol ip;ok -meta protocol != ip;ok - -meta nfproto ipv4;ok -meta nfproto ipv6;ok -meta nfproto {ipv4, ipv6};ok - -meta l4proto 22;ok -meta l4proto != 233;ok -meta l4proto 33-45;ok -meta l4proto != 33-45;ok -meta l4proto { 33, 55, 67, 88};ok;meta l4proto { 33, 55, 67, 88} -- meta l4proto != { 33, 55, 67, 88};ok -meta l4proto { 33-55};ok -- meta l4proto != { 33-55};ok - -- meta priority :aabb;ok -- meta priority bcad:dadc;ok -- meta priority aabb:;ok -- meta priority != :aabb;ok -- meta priority != bcad:dadc;ok -- meta priority != aabb:;ok -- meta priority bcad:dada-bcad:dadc;ok -- meta priority != bcad:dada-bcad:dadc;ok -- meta priority {bcad:dada, bcad:dadc, aaaa:bbbb};ok -- meta priority != {bcad:dada, bcad:dadc, aaaa:bbbb};ok - -meta mark 0x4;ok;mark 0x00000004 -meta mark 0x32;ok;mark 0x00000032 -meta mark and 0x03 == 0x01;ok;mark & 0x00000003 == 0x00000001 -meta mark and 0x03 != 0x01;ok;mark & 0x00000003 != 0x00000001 -meta mark 0x10;ok;mark 0x00000010 -meta mark != 0x10;ok;mark != 0x00000010 - -meta mark or 0x03 == 0x01;ok;mark | 0x00000003 == 0x00000001 -meta mark or 0x03 != 0x01;ok;mark | 0x00000003 != 0x00000001 -meta mark xor 0x03 == 0x01;ok;mark 0x00000002 -meta mark xor 0x03 != 0x01;ok;mark != 0x00000002 - -meta iif eth0 accept;ok;iif eth0 accept -meta iif eth0 accept;ok;iif eth0 accept -meta iif != eth0 accept;ok;iif != eth0 accept -meta iif != eth0 accept;ok;iif != eth0 accept - -meta iifname "eth0";ok;iifname "eth0" -meta iifname != "eth0";ok;iifname != "eth0" -meta iifname {"eth0", "lo"};ok -- meta iifname != {"eth0", "lo"};ok -meta iifname "eth*";ok;iifname "eth*" -meta iifname "eth\*";ok;iifname "eth\*" - -meta iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok -- meta iiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok -meta iiftype != ether;ok;iiftype != ether -meta iiftype ether;ok;iiftype ether -meta iiftype != ppp;ok;iiftype != ppp -meta iiftype ppp;ok;iiftype ppp - -meta oif lo accept;ok;oif lo accept -meta oif != lo accept;ok;oif != lo accept -meta oif {eth0, lo} accept;ok -- meta oif != {eth0, lo} accept;ok - -meta oifname "eth0";ok;oifname "eth0" -meta oifname != "eth0";ok;oifname != "eth0" -meta oifname { "eth0", "lo"};ok -- meta iifname != {"eth0", "lo"};ok -meta oifname "eth*";ok;oifname "eth*" -meta oifname "eth\*";ok;oifname "eth\*" - -meta oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok -- meta oiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok -meta oiftype != ether;ok;oiftype != ether -meta oiftype ether;ok;oiftype ether - -meta skuid {bin, root, daemon} accept;ok;skuid { 0, 1, 2} accept -- meta skuid != {bin, root, daemon} accept;ok -meta skuid root;ok;skuid 0 -meta skuid != root;ok;skuid != 0 -meta skuid lt 3000 accept;ok;skuid < 3000 accept -meta skuid gt 3000 accept;ok;skuid > 3000 accept -meta skuid eq 3000 accept;ok;skuid 3000 accept -meta skuid 3001-3005 accept;ok;skuid 3001-3005 accept -meta skuid != 2001-2005 accept;ok;skuid != 2001-2005 accept -meta skuid { 2001-2005} accept;ok;skuid { 2001-2005} accept -- meta skuid != { 2001-2005} accept;ok - -meta skgid {bin, root, daemon} accept;ok;skgid { 0, 1, 2} accept -- meta skgid != {bin, root, daemon} accept;ok -meta skgid root;ok;skgid 0 -meta skgid != root;ok;skgid != 0 -meta skgid lt 3000 accept;ok;skgid < 3000 accept -meta skgid gt 3000 accept;ok;skgid > 3000 accept -meta skgid eq 3000 accept;ok;skgid 3000 accept -meta skgid 2001-2005 accept;ok;skgid 2001-2005 accept -meta skgid != 2001-2005 accept;ok;skgid != 2001-2005 accept -meta skgid { 2001-2005} accept;ok;skgid { 2001-2005} accept -- meta skgid != { 2001-2005} accept;ok;skgid != { 2001-2005} accept - -# BUG: meta nftrace 2 and meta nftrace 1 -# $ sudo nft add rule ip test input meta nftrace 2 -# :1:37-37: Error: Value 2 exceeds valid range 0-1 -# add rule ip test input meta nftrace 2 -# ^ -# $ sudo nft add rule ip test input meta nftrace 1 -# :1:1-37: Error: Could not process rule: Operation not supported -# add rule ip test input meta nftrace 1 -# -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -meta mark set 0xffffffc8 xor 0x16;ok;mark set 0xffffffde -meta mark set 0x16 and 0x16;ok;mark set 0x00000016 -meta mark set 0xffffffe9 or 0x16;ok;mark set 0xffffffff -meta mark set 0xffffffde and 0x16;ok;mark set 0x00000016 -meta mark set 0xf045ffde or 0x10;ok;mark set 0xf045ffde -meta mark set 0xffffffde or 0x16;ok;mark set 0xffffffde -meta mark set 0x32 or 0xfffff;ok;mark set 0x000fffff -meta mark set 0xfffe xor 0x16;ok;mark set 0x0000ffe8 - -meta iif lo;ok;iif lo -meta oif lo;ok;oif lo -meta oifname "eth2" accept;ok;oifname "eth2" accept -meta skuid 3000;ok;skuid 3000 -meta skgid 3000;ok;skgid 3000 -# BUG: meta nftrace 1;ok -# :1:1-37: Error: Could not process rule: Operation not supported -- meta nftrace 1;ok -meta rtclassid cosmos;ok;rtclassid cosmos - -meta pkttype broadcast;ok;pkttype broadcast -meta pkttype unicast;ok;pkttype unicast -meta pkttype multicast;ok;pkttype multicast -meta pkttype != broadcast;ok;pkttype != broadcast -meta pkttype != unicast;ok;pkttype != unicast -meta pkttype != multicast;ok;pkttype != multicast -meta pkttype broadcastttt;fail -meta pkttype { broadcast, multicast} accept;ok - -meta cpu 1;ok;cpu 1 -meta cpu != 1;ok;cpu != 1 -meta cpu 1-3;ok;cpu 1-3 -meta cpu != 1-2;ok;cpu != 1-2 -meta cpu { 2,3};ok;cpu { 2,3} --meta cpu != { 2,3};ok; cpu != { 2,3} - -meta iifgroup 0;ok;iifgroup default -meta iifgroup != 0;ok;iifgroup != default -meta iifgroup default;ok;iifgroup default -meta iifgroup != default;ok;iifgroup != default -meta iifgroup {default};ok;iifgroup {default} -- meta iifgroup != {default};ok -meta iifgroup { 11,33};ok -meta iifgroup {11-33};ok -- meta iifgroup != {11,33};ok -- meta iifgroup != {11-33};ok -meta oifgroup 0;ok;oifgroup default -meta oifgroup != 0;ok;oifgroup != default -meta oifgroup default;ok;oifgroup default -meta oifgroup != default;ok;oifgroup != default -meta oifgroup {default};ok;oifgroup {default} -- meta oifgroup != {default};ok -meta oifgroup { 11,33};ok -meta oifgroup {11-33};ok -- meta oifgroup != {11,33};ok -- meta oifgroup != {11-33};ok - -meta cgroup 1048577;ok;cgroup 1048577 -meta cgroup != 1048577;ok;cgroup != 1048577 -meta cgroup { 1048577, 1048578 };ok;cgroup { 1048577, 1048578} -# meta cgroup != { 1048577, 1048578};ok;cgroup != { 1048577, 1048578} -meta cgroup 1048577-1048578;ok;cgroup 1048577-1048578 -meta cgroup != 1048577-1048578;ok;cgroup != 1048577-1048578 -meta cgroup {1048577-1048578};ok;cgroup { 1048577-1048578} -# meta cgroup != { 1048577-1048578};ok;cgroup != { 1048577-1048578} - -meta iif . meta oif { lo . eth0 };ok -meta iif . meta oif . meta mark { lo . eth0 . 0x0000000a };ok -meta iif . meta oif vmap { lo . eth0 : drop };ok diff --git a/tests/regression/any/meta.t.payload b/tests/regression/any/meta.t.payload deleted file mode 100644 index 9f7a6d99..00000000 --- a/tests/regression/any/meta.t.payload +++ /dev/null @@ -1,756 +0,0 @@ -# meta length 1000 -ip test-ip4 input - [ meta load len => reg 1 ] - [ cmp eq reg 1 0x000003e8 ] - -# meta length 22 -ip test-ip4 input - [ meta load len => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# meta length != 233 -ip test-ip4 input - [ meta load len => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# meta length 33-45 -ip test-ip4 input - [ meta load len => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# meta length != 33-45 -ip test-ip4 input - [ meta load len => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# meta length { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip test-ip4 input - [ meta load len => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta length { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ meta load len => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - -# meta protocol { ip, arp, ip6, vlan } -set%d test-ip4 3 -set%d test-ip4 0 - element 00000008 : 0 [end] element 00000608 : 0 [end] element 0000dd86 : 0 [end] element 00000081 : 0 [end] -ip test-ip4 input - [ meta load protocol => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta protocol ip -ip test-ip4 input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - -# meta protocol != ip -ip test-ip4 input - [ meta load protocol => reg 1 ] - [ cmp neq reg 1 0x00000008 ] - -# meta nfproto ipv4 -ip test-ip4 input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - -# meta nfproto ipv6 -ip test-ip4 input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - -# meta nfproto {ipv4, ipv6} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000002 : 0 [end] element 0000000a : 0 [end] -ip test-ip4 input - [ meta load nfproto => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta l4proto 22 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# meta l4proto != 233 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# meta l4proto 33-45 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 2, 1) ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# meta l4proto != 33-45 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 2, 1) ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# meta l4proto { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta l4proto { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 2, 1) ] - [ lookup reg 1 set set%d ] - -# meta mark 0x4 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp eq reg 1 0x00000004 ] - -# meta mark 0x32 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# meta mark and 0x03 == 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000001 ] - -# meta mark and 0x03 != 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000001 ] - -# meta mark 0x10 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp eq reg 1 0x00000010 ] - -# meta mark != 0x10 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp neq reg 1 0x00000010 ] - -# meta mark or 0x03 == 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] - [ cmp eq reg 1 0x00000001 ] - -# meta mark or 0x03 != 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] - [ cmp neq reg 1 0x00000001 ] - -# meta mark xor 0x03 == 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - -# meta mark xor 0x03 != 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - -# meta iif eth0 accept -ip test-ip4 input - [ meta load iif => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# meta iif eth0 accept -ip test-ip4 input - [ meta load iif => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# meta iif != eth0 accept -ip test-ip4 input - [ meta load iif => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# meta iif != eth0 accept -ip test-ip4 input - [ meta load iif => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# meta iifname "eth0" -ip test-ip4 input - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - -# meta iifname != "eth0" -ip test-ip4 input - [ meta load iifname => reg 1 ] - [ cmp neq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - -# meta iifname {"eth0", "lo"} -set%d test-ip4 3 -set%d test-ip4 0 - element 30687465 00000000 00000000 00000000 : 0 [end] element 00006f6c 00000000 00000000 00000000 : 0 [end] -ip test-ip4 input - [ meta load iifname => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta iifname "eth*" -ip test-ip4 input - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x00687465 ] - -# meta iifname "eth\*" -ip test-ip4 input - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x2a687465 0x00000000 0x00000000 0x00000000 ] - -# meta iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000301 : 0 [end] element 00000304 : 0 [end] element 00000308 : 0 [end] element 0000030a : 0 [end] -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta iiftype != ether -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# meta iiftype ether -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta iiftype != ppp -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp neq reg 1 0x00000200 ] - -# meta iiftype ppp -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000200 ] - -# meta oif lo accept -ip test-ip4 input - [ meta load oif => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ immediate reg 0 accept ] - -# meta oif != lo accept -ip test-ip4 input - [ meta load oif => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - [ immediate reg 0 accept ] - -# meta oif {eth0, lo} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000002 : 0 [end] element 00000001 : 0 [end] -ip test-ip4 input - [ meta load oif => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta oifname "eth0" -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - -# meta oifname != "eth0" -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ cmp neq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - -# meta oifname { "eth0", "lo"} -set%d test-ip4 3 -set%d test-ip4 0 - element 30687465 00000000 00000000 00000000 : 0 [end] element 00006f6c 00000000 00000000 00000000 : 0 [end] -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta oifname "eth*" -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ cmp eq reg 1 0x00687465 ] - -# meta oifname "eth\*" -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ cmp eq reg 1 0x2a687465 0x00000000 0x00000000 0x00000000 ] - -# meta oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000301 : 0 [end] element 00000304 : 0 [end] element 00000308 : 0 [end] element 0000030a : 0 [end] -ip test-ip4 input - [ meta load oiftype => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta oiftype != ether -ip test-ip4 input - [ meta load oiftype => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# meta oiftype ether -ip test-ip4 input - [ meta load oiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta skuid {bin, root, daemon} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000000 : 0 [end] element 00000002 : 0 [end] -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta skuid root -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta skuid != root -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta skuid lt 3000 accept -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0xb80b0000 ] - [ immediate reg 0 accept ] - -# meta skuid gt 3000 accept -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gt reg 1 0xb80b0000 ] - [ immediate reg 0 accept ] - -# meta skuid eq 3000 accept -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ cmp eq reg 1 0x00000bb8 ] - [ immediate reg 0 accept ] - -# meta skuid 3001-3005 accept -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0xb90b0000 ] - [ cmp lte reg 1 0xbd0b0000 ] - [ immediate reg 0 accept ] - -# meta skuid != 2001-2005 accept -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0xd1070000 ] - [ cmp gt reg 1 0xd5070000 ] - [ immediate reg 0 accept ] - -# meta skuid { 2001-2005} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta skgid {bin, root, daemon} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000000 : 0 [end] element 00000002 : 0 [end] -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta skgid root -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta skgid != root -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta skgid lt 3000 accept -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0xb80b0000 ] - [ immediate reg 0 accept ] - -# meta skgid gt 3000 accept -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gt reg 1 0xb80b0000 ] - [ immediate reg 0 accept ] - -# meta skgid eq 3000 accept -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ cmp eq reg 1 0x00000bb8 ] - [ immediate reg 0 accept ] - -# meta skgid 2001-2005 accept -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0xd1070000 ] - [ cmp lte reg 1 0xd5070000 ] - [ immediate reg 0 accept ] - -# meta skgid != 2001-2005 accept -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0xd1070000 ] - [ cmp gt reg 1 0xd5070000 ] - [ immediate reg 0 accept ] - -# meta skgid { 2001-2005} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta mark set 0xffffffc8 xor 0x16 -ip test-ip4 input - [ immediate reg 1 0xffffffde ] - [ meta set mark with reg 1 ] - -# meta mark set 0x16 and 0x16 -ip test-ip4 input - [ immediate reg 1 0x00000016 ] - [ meta set mark with reg 1 ] - -# meta mark set 0xffffffe9 or 0x16 -ip test-ip4 input - [ immediate reg 1 0xffffffff ] - [ meta set mark with reg 1 ] - -# meta mark set 0xffffffde and 0x16 -ip test-ip4 input - [ immediate reg 1 0x00000016 ] - [ meta set mark with reg 1 ] - -# meta mark set 0xf045ffde or 0x10 -ip test-ip4 input - [ immediate reg 1 0xf045ffde ] - [ meta set mark with reg 1 ] - -# meta mark set 0xffffffde or 0x16 -ip test-ip4 input - [ immediate reg 1 0xffffffde ] - [ meta set mark with reg 1 ] - -# meta mark set 0x32 or 0xfffff -ip test-ip4 input - [ immediate reg 1 0x000fffff ] - [ meta set mark with reg 1 ] - -# meta mark set 0xfffe xor 0x16 -ip test-ip4 input - [ immediate reg 1 0x0000ffe8 ] - [ meta set mark with reg 1 ] - -# meta iif lo -ip test-ip4 input - [ meta load iif => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta oif lo -ip test-ip4 input - [ meta load oif => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta oifname "eth2" accept -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ cmp eq reg 1 0x32687465 0x00000000 0x00000000 0x00000000 ] - [ immediate reg 0 accept ] - -# meta skuid 3000 -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ cmp eq reg 1 0x00000bb8 ] - -# meta skgid 3000 -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ cmp eq reg 1 0x00000bb8 ] - -# meta rtclassid cosmos -ip test-ip4 input - [ meta load rtclassid => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta pkttype broadcast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta pkttype unicast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta pkttype multicast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - -# meta pkttype != broadcast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# meta pkttype != unicast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta pkttype != multicast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - -# meta pkttype { broadcast, multicast} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000002 : 0 [end] -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta cpu 1 -ip test-ip4 input - [ meta load cpu => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta cpu != 1 -ip test-ip4 input - [ meta load cpu => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# meta cpu 1-3 -ip test-ip4 input - [ meta load cpu => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0x01000000 ] - [ cmp lte reg 1 0x03000000 ] - -# meta cpu != 1-2 -ip test-ip4 input - [ meta load cpu => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0x01000000 ] - [ cmp gt reg 1 0x02000000 ] - -# meta cpu { 2,3} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000002 : 0 [end] element 00000003 : 0 [end] -ip test-ip4 input - [ meta load cpu => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta iifgroup 0 -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta iifgroup != 0 -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta iifgroup default -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta iifgroup != default -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta iifgroup {default} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000000 : 0 [end] -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta iifgroup { 11,33} -set%d test-ip4 3 -set%d test-ip4 0 - element 0000000b : 0 [end] element 00000021 : 0 [end] -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta iifgroup {11-33} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 0b000000 : 0 [end] element 22000000 : 1 [end] -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - -# meta oifgroup 0 -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta oifgroup != 0 -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta oifgroup default -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta oifgroup != default -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta oifgroup {default} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000000 : 0 [end] -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta oifgroup { 11,33} -set%d test-ip4 3 -set%d test-ip4 0 - element 0000000b : 0 [end] element 00000021 : 0 [end] -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta oifgroup {11-33} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 0b000000 : 0 [end] element 22000000 : 1 [end] -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - -# meta cgroup 1048577 -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ cmp eq reg 1 0x00100001 ] - -# meta cgroup != 1048577 -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ cmp neq reg 1 0x00100001 ] - -# meta cgroup { 1048577, 1048578 } -set%d test-ip4 3 -set%d test-ip4 0 - element 00100001 : 0 [end] element 00100002 : 0 [end] -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta cgroup 1048577-1048578 -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0x01001000 ] - [ cmp lte reg 1 0x02001000 ] - -# meta cgroup != 1048577-1048578 -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0x01001000 ] - [ cmp gt reg 1 0x02001000 ] - -# meta cgroup {1048577-1048578} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 01001000 : 0 [end] element 03001000 : 1 [end] -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - - -# meta iif . meta oif { lo . eth0 } -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 00000002 : 0 [end] -ip test-ip4 output - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ lookup reg 1 set set%d ] - -# meta iif . meta oif . meta mark { lo . eth0 . 0x0000000a } -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 00000002 0000000a : 0 [end] -ip test-ip4 output - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ meta load mark => reg 10 ] - [ lookup reg 1 set set%d ] - -# meta iif . meta oif vmap { lo . eth0 : drop } -map%d test-ip4 b -map%d test-ip4 0 - element 00000001 00000002 : 0 [end] -ip test-ip4 output - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ lookup reg 1 set map%d dreg 0 ] - diff --git a/tests/regression/any/queue.t b/tests/regression/any/queue.t deleted file mode 100644 index 600c1121..00000000 --- a/tests/regression/any/queue.t +++ /dev/null @@ -1,15 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*arp;test-arp -*bridge;test-bridge - -:output;type filter hook output priority 0 - -queue;ok;queue num 0 -queue num 2;ok -queue num 2-3;ok -- queue num {3, 4, 6};ok -queue num 4-5 fanout bypass;ok;queue num 4-5 bypass,fanout -queue num 4-5 fanout;ok -queue num 4-5 bypass;ok diff --git a/tests/regression/any/queue.t.payload b/tests/regression/any/queue.t.payload deleted file mode 100644 index 43a6650c..00000000 --- a/tests/regression/any/queue.t.payload +++ /dev/null @@ -1,24 +0,0 @@ -# queue -ip test-ip4 output - [ queue num 0] - -# queue num 2 -ip test-ip4 output - [ queue num 2] - -# queue num 2-3 -ip test-ip4 output - [ queue num 2-3] - -# queue num 4-5 fanout bypass -ip test-ip4 output - [ queue num 4-5 bypass fanout] - -# queue num 4-5 fanout -ip test-ip4 output - [ queue num 4-5 fanout] - -# queue num 4-5 bypass -ip test-ip4 output - [ queue num 4-5 bypass] - diff --git a/tests/regression/arp/arp.t b/tests/regression/arp/arp.t deleted file mode 100644 index c4e07d57..00000000 --- a/tests/regression/arp/arp.t +++ /dev/null @@ -1,53 +0,0 @@ -*arp;test-arp -# filter chains available are: input, output, forward -:input;type filter hook input priority 0 - -arp htype 1;ok -arp htype != 1;ok -arp htype 22;ok -arp htype != 233;ok -arp htype 33-45;ok -arp htype != 33-45;ok -arp htype { 33, 55, 67, 88};ok -- arp htype != { 33, 55, 67, 88};ok -arp htype { 33-55};ok -- arp htype != { 33-55};ok - -arp ptype 0x0800;ok;arp ptype ip - -arp hlen 22;ok -arp hlen != 233;ok -arp hlen 33-45;ok -arp hlen != 33-45;ok -arp hlen { 33, 55, 67, 88};ok -- arp hlen != { 33, 55, 67, 88};ok -arp hlen { 33-55};ok -- arp hlen != { 33-55};ok - -arp plen 22;ok -arp plen != 233;ok -arp plen 33-45;ok -arp plen != 33-45;ok -arp plen { 33, 55, 67, 88};ok -- arp plen != { 33, 55, 67, 88};ok -arp plen { 33-55};ok -- arp plen != {33-55};ok - -arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request};ok -- arp operation != {nak, inreply, inrequest, rreply, rrequest, reply, request};ok -arp operation request;ok -arp operation reply;ok -arp operation rrequest;ok -arp operation rreply;ok -arp operation inrequest;ok -arp operation inreply;ok -arp operation nak;ok -arp operation reply;ok -arp operation != request;ok -arp operation != reply;ok -arp operation != rrequest;ok -arp operation != rreply;ok -arp operation != inrequest;ok -arp operation != inreply;ok -arp operation != nak;ok -arp operation != reply;ok diff --git a/tests/regression/arp/arp.t.payload b/tests/regression/arp/arp.t.payload deleted file mode 100644 index bfa37cdd..00000000 --- a/tests/regression/arp/arp.t.payload +++ /dev/null @@ -1,217 +0,0 @@ -# arp htype 1 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] - -# arp htype != 1 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp neq reg 1 0x00000100 ] - -# arp htype 22 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# arp htype != 233 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# arp htype 33-45 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# arp htype != 33-45 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# arp htype { 33, 55, 67, 88} -set%d test-arp 3 -set%d test-arp 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp htype { 33-55} -set%d test-arp 7 -set%d test-arp 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp ptype 0x0800 -arp test-arp input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - -# arp hlen 22 -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# arp hlen != 233 -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# arp hlen 33-45 -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# arp hlen != 33-45 -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# arp hlen { 33, 55, 67, 88} -set%d test-arp 3 -set%d test-arp 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp hlen { 33-55} -set%d test-arp 7 -set%d test-arp 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp plen 22 -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# arp plen != 233 -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# arp plen 33-45 -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# arp plen != 33-45 -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# arp plen { 33, 55, 67, 88} -set%d test-arp 3 -set%d test-arp 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp plen { 33-55} -set%d test-arp 7 -set%d test-arp 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request} -set%d test-arp 3 -set%d test-arp 0 - element 00000a00 : 0 [end] element 00000900 : 0 [end] element 00000800 : 0 [end] element 00000400 : 0 [end] element 00000300 : 0 [end] element 00000200 : 0 [end] element 00000100 : 0 [end] -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp operation request -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] - -# arp operation reply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000200 ] - -# arp operation rrequest -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000300 ] - -# arp operation rreply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000400 ] - -# arp operation inrequest -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000800 ] - -# arp operation inreply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000900 ] - -# arp operation nak -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000a00 ] - -# arp operation reply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000200 ] - -# arp operation != request -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000100 ] - -# arp operation != reply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000200 ] - -# arp operation != rrequest -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000300 ] - -# arp operation != rreply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000400 ] - -# arp operation != inrequest -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000800 ] - -# arp operation != inreply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000900 ] - -# arp operation != nak -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000a00 ] - -# arp operation != reply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000200 ] - diff --git a/tests/regression/arp/chains.t b/tests/regression/arp/chains.t deleted file mode 100644 index cf08c1af..00000000 --- a/tests/regression/arp/chains.t +++ /dev/null @@ -1,6 +0,0 @@ -*arp;test-arp - -# filter chains available are: input, output, forward -:input;type filter hook input priority 0 -:forward;type filter hook forward priority 0 -:output;type filter hook output priority 0 diff --git a/tests/regression/arp/chains.t.payload b/tests/regression/arp/chains.t.payload deleted file mode 100644 index e69de29b..00000000 diff --git a/tests/regression/bridge/chains.t b/tests/regression/bridge/chains.t deleted file mode 100644 index 8070de4f..00000000 --- a/tests/regression/bridge/chains.t +++ /dev/null @@ -1,8 +0,0 @@ -*bridge;test-bridge - -# filter chains available are: prerouting, input, output, forward, postrouting -:filter-pre;type filter hook input priority 0 -:filter-output;type filter hook output priority 0 -:filter-forward;type filter hook forward priority 0 -:filter-input;type filter hook input priority 0 -:filter-post;type filter hook input priority 0 diff --git a/tests/regression/bridge/chains.t.payload b/tests/regression/bridge/chains.t.payload deleted file mode 100644 index e69de29b..00000000 diff --git a/tests/regression/bridge/ether.t b/tests/regression/bridge/ether.t deleted file mode 100644 index 6257dfcd..00000000 --- a/tests/regression/bridge/ether.t +++ /dev/null @@ -1,8 +0,0 @@ -*bridge;test-bridge - -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept -tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 -tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok -ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok diff --git a/tests/regression/bridge/ether.t.payload b/tests/regression/bridge/ether.t.payload deleted file mode 100644 index 8fdb0a95..00000000 --- a/tests/regression/bridge/ether.t.payload +++ /dev/null @@ -1,44 +0,0 @@ -# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 8b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00080411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 8b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00080411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 8b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00080411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - -# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept -bridge test-bridge input - [ payload load 8b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00080411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ immediate reg 0 accept ] - diff --git a/tests/regression/bridge/reject.t b/tests/regression/bridge/reject.t deleted file mode 100644 index 43e54611..00000000 --- a/tests/regression/bridge/reject.t +++ /dev/null @@ -1,38 +0,0 @@ -*bridge;test-bridge -:input;type filter hook input priority 0 - -# The output is specific for bridge family -reject with icmp type host-unreachable;ok;ether type ip reject with icmp type host-unreachable -reject with icmp type net-unreachable;ok;ether type ip reject with icmp type net-unreachable -reject with icmp type prot-unreachable;ok;ether type ip reject with icmp type prot-unreachable -reject with icmp type port-unreachable;ok;ether type ip reject -reject with icmp type net-prohibited;ok;ether type ip reject with icmp type net-prohibited -reject with icmp type host-prohibited;ok;ether type ip reject with icmp type host-prohibited -reject with icmp type admin-prohibited;ok;ether type ip reject with icmp type admin-prohibited - -reject with icmpv6 type no-route;ok;ether type ip6 reject with icmpv6 type no-route -reject with icmpv6 type admin-prohibited;ok;ether type ip6 reject with icmpv6 type admin-prohibited -reject with icmpv6 type addr-unreachable;ok;ether type ip6 reject with icmpv6 type addr-unreachable -reject with icmpv6 type port-unreachable;ok;ether type ip6 reject - -ip protocol tcp reject with tcp reset;ok;ip protocol 6 reject with tcp reset - -reject;ok -ether type ip reject;ok -ether type ip6 reject;ok - -reject with icmpx type host-unreachable;ok -reject with icmpx type no-route;ok -reject with icmpx type admin-prohibited;ok -reject with icmpx type port-unreachable;ok;reject - -ether type ipv6 reject with icmp type host-unreachable;fail -ether type ip6 reject with icmp type host-unreachable;fail -ether type ip reject with icmpv6 type no-route;fail -ether type vlan reject;fail -ether type arp reject;fail -ether type vlan reject;fail -ether type arp reject;fail -ether type vlan reject with tcp reset;fail -ether type arp reject with tcp reset;fail -ip protocol udp reject with tcp reset;fail diff --git a/tests/regression/bridge/reject.t.payload b/tests/regression/bridge/reject.t.payload deleted file mode 100644 index f5a0e6a8..00000000 --- a/tests/regression/bridge/reject.t.payload +++ /dev/null @@ -1,106 +0,0 @@ -# reject with icmp type host-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 1 ] - -# reject with icmp type net-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 0 ] - -# reject with icmp type prot-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 13 ] - -# reject with icmpv6 type no-route -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x0000dd86 ] - [ reject type 0 code 0 ] - -# reject with icmpv6 type admin-prohibited -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x0000dd86 ] - [ reject type 0 code 1 ] - -# reject with icmpv6 type addr-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x0000dd86 ] - [ reject type 0 code 3 ] - -# reject with icmpv6 type port-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x0000dd86 ] - [ reject type 0 code 4 ] - -# ip protocol tcp reject with tcp reset -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ reject type 1 code 0 ] - -# reject -bridge test-bridge input - [ reject type 2 code 1 ] - -# ether type ip reject -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 3 ] - -# ether type ip6 reject -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x0000dd86 ] - [ reject type 0 code 4 ] - -# reject with icmpx type host-unreachable -bridge test-bridge input - [ reject type 2 code 2 ] - -# reject with icmpx type no-route -bridge test-bridge input - [ reject type 2 code 0 ] - -# reject with icmpx type admin-prohibited -bridge test-bridge input - [ reject type 2 code 3 ] - -# reject with icmpx type port-unreachable -bridge test-bridge input - [ reject type 2 code 1 ] - diff --git a/tests/regression/bridge/vlan.t b/tests/regression/bridge/vlan.t deleted file mode 100644 index f86561a2..00000000 --- a/tests/regression/bridge/vlan.t +++ /dev/null @@ -1,34 +0,0 @@ -*bridge;test-bridge -:input;type filter hook input priority 0 - -vlan id 4094;ok -vlan id 0;ok -# bad vlan id -vlan id 4096;fail -vlan id 4094 vlan cfi 0;ok -vlan id 4094 vlan cfi != 1;ok -vlan id 4094 vlan cfi 1;ok -# bad cfi -vlan id 4094 vlan cfi 2;fail -vlan id 4094 vlan cfi 1 vlan pcp 8;fail -vlan id 4094 vlan cfi 1 vlan pcp 7;ok -vlan id 4094 vlan cfi 1 vlan pcp 3;ok - -ether type vlan vlan id 4094;ok;vlan id 4094 -ether type vlan vlan id 0;ok;vlan id 0 -ether type vlan vlan id 4094 vlan cfi 0;ok;vlan id 4094 vlan cfi 0 -ether type vlan vlan id 4094 vlan cfi 1;ok;vlan id 4094 vlan cfi 1 -ether type vlan vlan id 4094 vlan cfi 2;fail - -vlan id 4094 tcp dport 22;ok -vlan id 1 ip saddr 10.0.0.1;ok -vlan id 1 ip saddr 10.0.0.0/23;ok -vlan id 1 ip saddr 10.0.0.0/23 udp dport 53;ok -ether type vlan vlan id 1 ip saddr 10.0.0.0/23 udp dport 53;ok;vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 - -vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3;ok -vlan id { 1, 2, 4, 100, 4096 };fail - -# illegal dependencies -ether type ip vlan id 1;fail -ether type ip vlan id 1 ip saddr 10.0.0.1;fail diff --git a/tests/regression/bridge/vlan.t.payload b/tests/regression/bridge/vlan.t.payload deleted file mode 100644 index 02242d22..00000000 --- a/tests/regression/bridge/vlan.t.payload +++ /dev/null @@ -1,201 +0,0 @@ -# vlan id 4094 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - -# vlan id 0 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# vlan id 4094 vlan cfi 0 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# vlan id 4094 vlan cfi != 1 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000010 ] - -# vlan id 4094 vlan cfi 1 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000010 ] - -# ether type vlan vlan id 4094 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - -# ether type vlan vlan id 0 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# ether type vlan vlan id 4094 vlan cfi 0 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# ether type vlan vlan id 4094 vlan cfi 1 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000010 ] - -# vlan id 4094 tcp dport 22 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# vlan id 1 ip saddr 10.0.0.1 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000100 ] - [ payload load 2b @ link header + 16 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x0100000a ] - -# vlan id 1 ip saddr 10.0.0.0/23 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000100 ] - [ payload load 2b @ link header + 16 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000a ] - -# vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000100 ] - [ payload load 2b @ link header + 16 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - -# ether type vlan vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000100 ] - [ payload load 2b @ link header + 16 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - -# vlan id 4094 vlan cfi 1 vlan pcp 7 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000010 ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x000000e0 ] - -# vlan id 4094 vlan cfi 1 vlan pcp 3 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000010 ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000060 ] - -# vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3 -set%d test-bridge 3 -set%d test-bridge 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000400 : 0 [end] element 00006400 : 0 [end] element 0000ff0f : 0 [end] -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ lookup reg 1 set set%d ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] - [ cmp gte reg 1 0x00000001 ] - [ cmp lte reg 1 0x00000003 ] - diff --git a/tests/regression/inet/ah.t b/tests/regression/inet/ah.t deleted file mode 100644 index 666659d3..00000000 --- a/tests/regression/inet/ah.t +++ /dev/null @@ -1,58 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -# nexthdr Bug to list table. - -- ah nexthdr esp;ok -- ah nexthdr ah;ok -- ah nexthdr comp;ok -- ah nexthdr udp;ok -- ah nexthdr udplite;ok -- ah nexthdr tcp;ok -- ah nexthdr dccp;ok -- ah nexthdr sctp;ok - -- ah nexthdr { esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok;ah nexthdr { 6, 132, 50, 17, 136, 33, 51, 108} -- ah nexthdr != { esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok - -ah hdrlength 11-23;ok -ah hdrlength != 11-23;ok -ah hdrlength { 11-23};ok -- ah hdrlength != { 11-23};ok -ah hdrlength {11, 23, 44 };ok -- ah hdrlength != {11-23 };ok - -ah reserved 22;ok -ah reserved != 233;ok -ah reserved 33-45;ok -ah reserved != 33-45;ok -ah reserved {23, 100};ok -- ah reserved != {33, 55, 67, 88};ok -ah reserved { 33-55};ok -- ah reserved != { 33-55};ok - -ah spi 111;ok -ah spi != 111;ok -ah spi 111-222;ok -ah spi != 111-222;ok -ah spi {111, 122};ok -- ah spi != {111, 122};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -ah spi { 111-122};ok -- ah spi != { 111-122};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -# sequence -ah sequence 123;ok -ah sequence != 123;ok -ah sequence {23, 25, 33};ok -- ah sequence != {23, 25, 33};ok -ah sequence { 23-33};ok -- ah sequence != { 33-44};ok -ah sequence 23-33;ok -ah sequence != 23-33;ok diff --git a/tests/regression/inet/ah.t.payload.inet b/tests/regression/inet/ah.t.payload.inet deleted file mode 100644 index d8755980..00000000 --- a/tests/regression/inet/ah.t.payload.inet +++ /dev/null @@ -1,186 +0,0 @@ -# ah hdrlength 11-23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x0000000b ] - [ cmp lte reg 1 0x00000017 ] - -# ah hdrlength != 11-23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x0000000b ] - [ cmp gt reg 1 0x00000017 ] - -# ah hdrlength { 11-23} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah hdrlength {11, 23, 44 } -set%d test-inet 3 -set%d test-inet 0 - element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ah reserved != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ah reserved 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ah reserved != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ah reserved {23, 100} -set%d test-inet 3 -set%d test-inet 0 - element 00001700 : 0 [end] element 00006400 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi 111 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x6f000000 ] - -# ah spi != 111 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x6f000000 ] - -# ah spi 111-222 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# ah spi != 111-222 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# ah spi {111, 122} -set%d test-inet 3 -set%d test-inet 0 - element 6f000000 : 0 [end] element 7a000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi { 111-122} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 123 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x7b000000 ] - -# ah sequence != 123 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x7b000000 ] - -# ah sequence {23, 25, 33} -set%d test-inet 3 -set%d test-inet 0 - element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence { 23-33} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 23-33 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x17000000 ] - [ cmp lte reg 1 0x21000000 ] - -# ah sequence != 23-33 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x17000000 ] - [ cmp gt reg 1 0x21000000 ] - diff --git a/tests/regression/inet/ah.t.payload.ip b/tests/regression/inet/ah.t.payload.ip deleted file mode 100644 index 6a58bb1f..00000000 --- a/tests/regression/inet/ah.t.payload.ip +++ /dev/null @@ -1,186 +0,0 @@ -# ah hdrlength 11-23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x0000000b ] - [ cmp lte reg 1 0x00000017 ] - -# ah hdrlength != 11-23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x0000000b ] - [ cmp gt reg 1 0x00000017 ] - -# ah hdrlength { 11-23} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah hdrlength {11, 23, 44 } -set%d test-ip4 3 -set%d test-ip4 0 - element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ah reserved != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ah reserved 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ah reserved != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ah reserved {23, 100} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00006400 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi 111 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x6f000000 ] - -# ah spi != 111 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x6f000000 ] - -# ah spi 111-222 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# ah spi != 111-222 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# ah spi {111, 122} -set%d test-ip4 3 -set%d test-ip4 0 - element 6f000000 : 0 [end] element 7a000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi { 111-122} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 123 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x7b000000 ] - -# ah sequence != 123 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x7b000000 ] - -# ah sequence {23, 25, 33} -set%d test-ip4 3 -set%d test-ip4 0 - element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence { 23-33} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 23-33 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x17000000 ] - [ cmp lte reg 1 0x21000000 ] - -# ah sequence != 23-33 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x17000000 ] - [ cmp gt reg 1 0x21000000 ] - diff --git a/tests/regression/inet/ah.t.payload.ip6 b/tests/regression/inet/ah.t.payload.ip6 deleted file mode 100644 index ce89754b..00000000 --- a/tests/regression/inet/ah.t.payload.ip6 +++ /dev/null @@ -1,186 +0,0 @@ -# ah hdrlength 11-23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x0000000b ] - [ cmp lte reg 1 0x00000017 ] - -# ah hdrlength != 11-23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x0000000b ] - [ cmp gt reg 1 0x00000017 ] - -# ah hdrlength { 11-23} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah hdrlength {11, 23, 44 } -set%d test-ip6 3 -set%d test-ip6 0 - element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ah reserved != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ah reserved 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ah reserved != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ah reserved {23, 100} -set%d test-ip6 3 -set%d test-ip6 0 - element 00001700 : 0 [end] element 00006400 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi 111 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x6f000000 ] - -# ah spi != 111 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x6f000000 ] - -# ah spi 111-222 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# ah spi != 111-222 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# ah spi {111, 122} -set%d test-ip6 3 -set%d test-ip6 0 - element 6f000000 : 0 [end] element 7a000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi { 111-122} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 123 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x7b000000 ] - -# ah sequence != 123 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x7b000000 ] - -# ah sequence {23, 25, 33} -set%d test-ip6 3 -set%d test-ip6 0 - element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence { 23-33} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 23-33 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x17000000 ] - [ cmp lte reg 1 0x21000000 ] - -# ah sequence != 23-33 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x17000000 ] - [ cmp gt reg 1 0x21000000 ] - diff --git a/tests/regression/inet/comp.t b/tests/regression/inet/comp.t deleted file mode 100644 index f4753bbc..00000000 --- a/tests/regression/inet/comp.t +++ /dev/null @@ -1,31 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet - -:input;type filter hook input priority 0 - -# BUG: nft: payload.c:88: payload_expr_pctx_update: Assertion `left->payload.base + 1 <= (__PROTO_BASE_MAX - 1)' failed. -- comp nexthdr esp;ok;comp nexthdr 50 -comp nexthdr != esp;ok;comp nexthdr != 50 - -- comp nexthdr {esp, ah, comp, udp, udplite, tcp, tcp, dccp, sctp};ok -# comp flags ## 8-bit field. Reserved for future use. MUST be set to zero. - -# Bug comp flags: to list. List the decimal value. -comp flags 0x0;ok -comp flags != 0x23;ok -comp flags 0x33-0x45;ok -comp flags != 0x33-0x45;ok -comp flags {0x33, 0x55, 0x67, 0x88};ok -- comp flags != {0x33, 0x55, 0x67, 0x88};ok -comp flags { 0x33-0x55};ok -- comp flags != { 0x33-0x55};ok - -comp cpi 22;ok -comp cpi != 233;ok -comp cpi 33-45;ok -comp cpi != 33-45;ok -comp cpi {33, 55, 67, 88};ok -- comp cpi != {33, 55, 67, 88};ok -comp cpi { 33-55};ok -- comp cpi != { 33-55};ok diff --git a/tests/regression/inet/comp.t.payload.inet b/tests/regression/inet/comp.t.payload.inet deleted file mode 100644 index c00bcc71..00000000 --- a/tests/regression/inet/comp.t.payload.inet +++ /dev/null @@ -1,107 +0,0 @@ -# comp nexthdr != esp -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# comp flags 0x0 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# comp flags != 0x23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp neq reg 1 0x00000023 ] - -# comp flags 0x33-0x45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000033 ] - [ cmp lte reg 1 0x00000045 ] - -# comp flags != 0x33-0x45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x00000033 ] - [ cmp gt reg 1 0x00000045 ] - -# comp flags {0x33, 0x55, 0x67, 0x88} -set%d test-inet 3 -set%d test-inet 0 - element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp flags { 0x33-0x55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# comp cpi != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# comp cpi 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# comp cpi != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# comp cpi {33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/comp.t.payload.ip b/tests/regression/inet/comp.t.payload.ip deleted file mode 100644 index e226c9a5..00000000 --- a/tests/regression/inet/comp.t.payload.ip +++ /dev/null @@ -1,107 +0,0 @@ -# comp nexthdr != esp -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# comp flags 0x0 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# comp flags != 0x23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp neq reg 1 0x00000023 ] - -# comp flags 0x33-0x45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000033 ] - [ cmp lte reg 1 0x00000045 ] - -# comp flags != 0x33-0x45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x00000033 ] - [ cmp gt reg 1 0x00000045 ] - -# comp flags {0x33, 0x55, 0x67, 0x88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp flags { 0x33-0x55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# comp cpi != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# comp cpi 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# comp cpi != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# comp cpi {33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/comp.t.payload.ip6 b/tests/regression/inet/comp.t.payload.ip6 deleted file mode 100644 index 135e5a2e..00000000 --- a/tests/regression/inet/comp.t.payload.ip6 +++ /dev/null @@ -1,107 +0,0 @@ -# comp nexthdr != esp -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# comp flags 0x0 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# comp flags != 0x23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp neq reg 1 0x00000023 ] - -# comp flags 0x33-0x45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000033 ] - [ cmp lte reg 1 0x00000045 ] - -# comp flags != 0x33-0x45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x00000033 ] - [ cmp gt reg 1 0x00000045 ] - -# comp flags {0x33, 0x55, 0x67, 0x88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp flags { 0x33-0x55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# comp cpi != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# comp cpi 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# comp cpi != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# comp cpi {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/dccp.t b/tests/regression/inet/dccp.t deleted file mode 100644 index e323992e..00000000 --- a/tests/regression/inet/dccp.t +++ /dev/null @@ -1,33 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -dccp sport 21-35;ok -dccp sport != 21-35;ok -dccp sport {23, 24, 25};ok -- dccp sport != { 27, 34};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -dccp sport { 20-50 };ok -dccp sport ftp-data - re-mail-ck;ok;dccp sport 20-50 -dccp sport 20-50;ok -dccp sport { 20-50};ok -- dccp sport != {27-34};ok -# dccp sport != {27-34};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -# dccp dport 21-35;ok -# dccp dport != 21-35;ok -dccp dport {23, 24, 25};ok -# dccp dport != {27, 34};ok -dccp dport { 20-50};ok -# dccp dport != {27-34};ok - -# BUG dccp type -# dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok -# dccp type != {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok -# dccp type request;ok -# dccp type != request;ok diff --git a/tests/regression/inet/dccp.t.payload.inet b/tests/regression/inet/dccp.t.payload.inet deleted file mode 100644 index ecd8863f..00000000 --- a/tests/regression/inet/dccp.t.payload.inet +++ /dev/null @@ -1,82 +0,0 @@ -# dccp sport 21-35 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001500 ] - [ cmp lte reg 1 0x00002300 ] - -# dccp sport != 21-35 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001500 ] - [ cmp gt reg 1 0x00002300 ] - -# dccp sport {23, 24, 25} -set%d test-inet 3 -set%d test-inet 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport { 20-50 } -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport ftp-data - re-mail-ck -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport 20-50 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport {23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/dccp.t.payload.ip b/tests/regression/inet/dccp.t.payload.ip deleted file mode 100644 index 9e1cc2ec..00000000 --- a/tests/regression/inet/dccp.t.payload.ip +++ /dev/null @@ -1,82 +0,0 @@ -# dccp sport 21-35 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001500 ] - [ cmp lte reg 1 0x00002300 ] - -# dccp sport != 21-35 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001500 ] - [ cmp gt reg 1 0x00002300 ] - -# dccp sport {23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport { 20-50 } -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport ftp-data - re-mail-ck -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport 20-50 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport {23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/dccp.t.payload.ip6 b/tests/regression/inet/dccp.t.payload.ip6 deleted file mode 100644 index c0e1d70a..00000000 --- a/tests/regression/inet/dccp.t.payload.ip6 +++ /dev/null @@ -1,82 +0,0 @@ -# dccp sport 21-35 -ip test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001500 ] - [ cmp lte reg 1 0x00002300 ] - -# dccp sport != 21-35 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001500 ] - [ cmp gt reg 1 0x00002300 ] - -# dccp sport {23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport { 20-50 } -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport ftp-data - re-mail-ck -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport 20-50 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport {23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/esp.t b/tests/regression/inet/esp.t deleted file mode 100644 index 3a8502d9..00000000 --- a/tests/regression/inet/esp.t +++ /dev/null @@ -1,23 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -esp spi 100;ok -esp spi != 100;ok -esp spi 111-222;ok -esp spi != 111-222;ok -esp spi { 100, 102};ok -- esp spi != { 100, 102};ok -esp spi { 100-102};ok -- esp spi {100-102};ok - -esp sequence 22;ok -esp sequence 22-24;ok -esp sequence != 22-24;ok -esp sequence { 22, 24};ok -- esp sequence != { 22, 24};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. -esp sequence { 22-25};ok -- esp sequence != { 22-25};ok diff --git a/tests/regression/inet/esp.t.payload.inet b/tests/regression/inet/esp.t.payload.inet deleted file mode 100644 index 4ba9ea8e..00000000 --- a/tests/regression/inet/esp.t.payload.inet +++ /dev/null @@ -1,93 +0,0 @@ -# esp spi 100 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x64000000 ] - -# esp spi != 100 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x64000000 ] - -# esp spi 111-222 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# esp spi != 111-222 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# esp spi { 100, 102} -set%d test-inet 3 -set%d test-inet 0 - element 64000000 : 0 [end] element 66000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp spi { 100-102} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# esp sequence 22-24 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x16000000 ] - [ cmp lte reg 1 0x18000000 ] - -# esp sequence != 22-24 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x16000000 ] - [ cmp gt reg 1 0x18000000 ] - -# esp sequence { 22, 24} -set%d test-inet 3 -set%d test-inet 0 - element 16000000 : 0 [end] element 18000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence { 22-25} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/esp.t.payload.ip b/tests/regression/inet/esp.t.payload.ip deleted file mode 100644 index 5a66b042..00000000 --- a/tests/regression/inet/esp.t.payload.ip +++ /dev/null @@ -1,93 +0,0 @@ -# esp spi 100 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x64000000 ] - -# esp spi != 100 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x64000000 ] - -# esp spi 111-222 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# esp spi != 111-222 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# esp spi { 100, 102} -set%d test-ip4 3 -set%d test-ip4 0 - element 64000000 : 0 [end] element 66000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp spi { 100-102} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# esp sequence 22-24 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x16000000 ] - [ cmp lte reg 1 0x18000000 ] - -# esp sequence != 22-24 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x16000000 ] - [ cmp gt reg 1 0x18000000 ] - -# esp sequence { 22, 24} -set%d test-ip4 3 -set%d test-ip4 0 - element 16000000 : 0 [end] element 18000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence { 22-25} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/esp.t.payload.ip6 b/tests/regression/inet/esp.t.payload.ip6 deleted file mode 100644 index 7c784262..00000000 --- a/tests/regression/inet/esp.t.payload.ip6 +++ /dev/null @@ -1,93 +0,0 @@ -# esp spi 100 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x64000000 ] - -# esp spi != 100 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x64000000 ] - -# esp spi 111-222 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# esp spi != 111-222 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# esp spi { 100, 102} -set%d test-ip6 3 -set%d test-ip6 0 - element 64000000 : 0 [end] element 66000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp spi { 100-102} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# esp sequence 22-24 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x16000000 ] - [ cmp lte reg 1 0x18000000 ] - -# esp sequence != 22-24 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x16000000 ] - [ cmp gt reg 1 0x18000000 ] - -# esp sequence { 22, 24} -set%d test-ip6 3 -set%d test-ip6 0 - element 16000000 : 0 [end] element 18000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence { 22-25} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/ether-ip.t b/tests/regression/inet/ether-ip.t deleted file mode 100644 index 3726db45..00000000 --- a/tests/regression/inet/ether-ip.t +++ /dev/null @@ -1,5 +0,0 @@ -*inet;test-inet -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept -tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok diff --git a/tests/regression/inet/ether-ip.t.payload b/tests/regression/inet/ether-ip.t.payload deleted file mode 100644 index 62e37a59..00000000 --- a/tests/regression/inet/ether-ip.t.payload +++ /dev/null @@ -1,28 +0,0 @@ -# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 8b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00080411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] diff --git a/tests/regression/inet/ether.t b/tests/regression/inet/ether.t deleted file mode 100644 index 9d0f9729..00000000 --- a/tests/regression/inet/ether.t +++ /dev/null @@ -1,13 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*bridge;test-bridge - -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 accept -tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept -tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept;ok - -ether saddr 00:0f:54:0c:11:04 accept;ok -ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4;ok diff --git a/tests/regression/inet/ether.t.payload b/tests/regression/inet/ether.t.payload deleted file mode 100644 index 86f30c37..00000000 --- a/tests/regression/inet/ether.t.payload +++ /dev/null @@ -1,55 +0,0 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 accept -inet test-inet input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 -inet test-inet input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - diff --git a/tests/regression/inet/ether.t.payload.bridge b/tests/regression/inet/ether.t.payload.bridge deleted file mode 100644 index 4a6bccbe..00000000 --- a/tests/regression/inet/ether.t.payload.bridge +++ /dev/null @@ -1,49 +0,0 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 accept -bridge test-bridge input - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 -bridge test-bridge input - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - diff --git a/tests/regression/inet/ether.t.payload.ip b/tests/regression/inet/ether.t.payload.ip deleted file mode 100644 index 2d33f0ce..00000000 --- a/tests/regression/inet/ether.t.payload.ip +++ /dev/null @@ -1,55 +0,0 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 accept -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - diff --git a/tests/regression/inet/ether.t.payload.ip6 b/tests/regression/inet/ether.t.payload.ip6 deleted file mode 100644 index 9065952d..00000000 --- a/tests/regression/inet/ether.t.payload.ip6 +++ /dev/null @@ -1,55 +0,0 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 accept -ip6 test-ip6 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 -ip6 test-ip6 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - diff --git a/tests/regression/inet/ip.t b/tests/regression/inet/ip.t deleted file mode 100644 index a56c5c97..00000000 --- a/tests/regression/inet/ip.t +++ /dev/null @@ -1,7 +0,0 @@ -*ip;test-ip4 -*inet;test-inet -*bridge;test-bridge - -:input;type filter hook input priority 0 - -ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe };ok diff --git a/tests/regression/inet/ip.t.payload.bridge b/tests/regression/inet/ip.t.payload.bridge deleted file mode 100644 index 606e3b34..00000000 --- a/tests/regression/inet/ip.t.payload.bridge +++ /dev/null @@ -1,11 +0,0 @@ -# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } -set%d test-bridge 3 -set%d test-bridge 0 - element 01010101 02020202 fecafeca 0000feca : 0 [end] -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 6b @ link header + 6 => reg 10 ] - [ lookup reg 1 set set%d ] diff --git a/tests/regression/inet/ip.t.payload.inet b/tests/regression/inet/ip.t.payload.inet deleted file mode 100644 index c8e9b054..00000000 --- a/tests/regression/inet/ip.t.payload.inet +++ /dev/null @@ -1,13 +0,0 @@ -# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } -set%d test-inet 3 -set%d test-inet 0 - element 01010101 02020202 fecafeca 0000feca : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 6b @ link header + 6 => reg 10 ] - [ lookup reg 1 set set%d ] diff --git a/tests/regression/inet/ip.t.payload.ip b/tests/regression/inet/ip.t.payload.ip deleted file mode 100644 index 66f14681..00000000 --- a/tests/regression/inet/ip.t.payload.ip +++ /dev/null @@ -1,11 +0,0 @@ -# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } -set%d test-ip4 3 -set%d test-ip4 0 - element 01010101 02020202 fecafeca 0000feca : 0 [end] -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 6b @ link header + 6 => reg 10 ] - [ lookup reg 1 set set%d ] diff --git a/tests/regression/inet/reject.t b/tests/regression/inet/reject.t deleted file mode 100644 index 52e7b28b..00000000 --- a/tests/regression/inet/reject.t +++ /dev/null @@ -1,35 +0,0 @@ -*inet;test-inet -:input;type filter hook input priority 0 - -# The output is specific for inet family -reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable -reject with icmp type net-unreachable;ok;meta nfproto ipv4 reject with icmp type net-unreachable -reject with icmp type prot-unreachable;ok;meta nfproto ipv4 reject with icmp type prot-unreachable -reject with icmp type port-unreachable;ok;meta nfproto ipv4 reject -reject with icmp type net-prohibited;ok;meta nfproto ipv4 reject with icmp type net-prohibited -reject with icmp type host-prohibited;ok;meta nfproto ipv4 reject with icmp type host-prohibited -reject with icmp type admin-prohibited;ok;meta nfproto ipv4 reject with icmp type admin-prohibited - -reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route -reject with icmpv6 type admin-prohibited;ok;meta nfproto ipv6 reject with icmpv6 type admin-prohibited -reject with icmpv6 type addr-unreachable;ok;meta nfproto ipv6 reject with icmpv6 type addr-unreachable -reject with icmpv6 type port-unreachable;ok;meta nfproto ipv6 reject - -reject with tcp reset;ok;meta l4proto 6 reject with tcp reset - -reject;ok -meta nfproto ipv4 reject;ok -meta nfproto ipv6 reject;ok - -reject with icmpx type host-unreachable;ok -reject with icmpx type no-route;ok -reject with icmpx type admin-prohibited;ok -reject with icmpx type port-unreachable;ok;reject - -meta nfproto ipv4 reject with icmp type host-unreachable;ok -meta nfproto ipv6 reject with icmpv6 type no-route;ok - -meta nfproto ipv6 reject with icmp type host-unreachable;fail -meta nfproto ipv4 ip protocol icmp reject with icmpv6 type no-route;fail -meta nfproto ipv6 ip protocol icmp reject with icmp type host-unreachable;fail -meta l4proto udp reject with tcp reset;fail diff --git a/tests/regression/inet/reject.t.payload.inet b/tests/regression/inet/reject.t.payload.inet deleted file mode 100644 index 5770330d..00000000 --- a/tests/regression/inet/reject.t.payload.inet +++ /dev/null @@ -1,220 +0,0 @@ -# reject with icmp type host-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 1 ] - -# reject with icmp type net-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 0 ] - -# reject with icmp type prot-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 13 ] - -# reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - -# reject with icmpv6 type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 1 ] - -# reject with icmpv6 type addr-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 3 ] - -# reject with icmpv6 type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with tcp reset -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ reject type 1 code 0 ] - -# reject -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# meta nfproto ipv6 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with icmpx type host-unreachable -inet test-inet input - [ reject type 2 code 2 ] - -# reject with icmpx type no-route -inet test-inet input - [ reject type 2 code 0 ] - -# reject with icmpx type admin-prohibited -inet test-inet input - [ reject type 2 code 3 ] - -# reject with icmpx type port-unreachable -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject with icmp type host-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 1 ] - -# meta nfproto ipv6 reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - -# reject with icmp type prot-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 13 ] - -# reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - -# reject with icmpv6 type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 1 ] - -# reject with icmpv6 type addr-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 3 ] - -# reject with icmpv6 type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with tcp reset -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ reject type 1 code 0 ] - -# reject -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# meta nfproto ipv6 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with icmpx type host-unreachable -inet test-inet input - [ reject type 2 code 2 ] - -# reject with icmpx type no-route -inet test-inet input - [ reject type 2 code 0 ] - -# reject with icmpx type admin-prohibited -inet test-inet input - [ reject type 2 code 3 ] - -# reject with icmpx type port-unreachable -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject with icmp type host-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 1 ] - -# meta nfproto ipv6 reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - diff --git a/tests/regression/inet/sctp.t b/tests/regression/inet/sctp.t deleted file mode 100644 index 537a9b17..00000000 --- a/tests/regression/inet/sctp.t +++ /dev/null @@ -1,42 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -sctp sport 23;ok -sctp sport != 23;ok -sctp sport 23-44;ok -sctp sport != 23-44;ok -sctp sport { 23, 24, 25};ok -- sctp sport != { 23, 24, 25};ok -sctp sport { 23-44};ok -- sctp sport != { 23-44};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -sctp dport 23;ok -sctp dport != 23;ok -sctp dport 23-44;ok -sctp dport != 23-44;ok -sctp dport { 23, 24, 25};ok -- sctp dport != { 23, 24, 25};ok -sctp dport { 23-44};ok -- sctp dport != { 23-44};ok - -sctp checksum 1111;ok -sctp checksum != 11;ok -sctp checksum 21-333;ok -sctp checksum != 32-111;ok -sctp checksum { 22, 33, 44};ok -- sctp checksum != { 22, 33, 44};ok -sctp checksum { 22-44};ok -- sctp checksum != { 22-44};ok - -sctp vtag 22;ok -sctp vtag != 233;ok -sctp vtag 33-45;ok -sctp vtag != 33-45;ok -sctp vtag {33, 55, 67, 88};ok -- sctp vtag != {33, 55, 67, 88};ok -sctp vtag { 33-55};ok -- sctp vtag != { 33-55};ok diff --git a/tests/regression/inet/sctp.t.payload.inet b/tests/regression/inet/sctp.t.payload.inet deleted file mode 100644 index dd6e2759..00000000 --- a/tests/regression/inet/sctp.t.payload.inet +++ /dev/null @@ -1,200 +0,0 @@ -# sctp sport 23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp sport != 23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp sport 23-44 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp sport != 23-44 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp sport { 23, 24, 25} -set%d test-inet 3 -set%d test-inet 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp sport { 23-44} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport 23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp dport != 23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp dport 23-44 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp dport != 23-44 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp dport { 23, 24, 25} -set%d test-inet 3 -set%d test-inet 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport { 23-44} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum 1111 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x57040000 ] - -# sctp checksum != 11 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x0b000000 ] - -# sctp checksum 21-333 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x15000000 ] - [ cmp lte reg 1 0x4d010000 ] - -# sctp checksum != 32-111 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x20000000 ] - [ cmp gt reg 1 0x6f000000 ] - -# sctp checksum { 22, 33, 44} -set%d test-inet 3 -set%d test-inet 0 - element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum { 22-44} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# sctp vtag != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# sctp vtag 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# sctp vtag != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# sctp vtag {33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/sctp.t.payload.ip b/tests/regression/inet/sctp.t.payload.ip deleted file mode 100644 index 053d319e..00000000 --- a/tests/regression/inet/sctp.t.payload.ip +++ /dev/null @@ -1,200 +0,0 @@ -# sctp sport 23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp sport != 23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp sport 23-44 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp sport != 23-44 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp sport { 23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp sport { 23-44} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport 23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp dport != 23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp dport 23-44 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp dport != 23-44 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp dport { 23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport { 23-44} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum 1111 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x57040000 ] - -# sctp checksum != 11 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x0b000000 ] - -# sctp checksum 21-333 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x15000000 ] - [ cmp lte reg 1 0x4d010000 ] - -# sctp checksum != 32-111 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x20000000 ] - [ cmp gt reg 1 0x6f000000 ] - -# sctp checksum { 22, 33, 44} -set%d test-ip4 3 -set%d test-ip4 0 - element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum { 22-44} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# sctp vtag != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# sctp vtag 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# sctp vtag != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# sctp vtag {33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/sctp.t.payload.ip6 b/tests/regression/inet/sctp.t.payload.ip6 deleted file mode 100644 index eae6fa94..00000000 --- a/tests/regression/inet/sctp.t.payload.ip6 +++ /dev/null @@ -1,200 +0,0 @@ -# sctp sport 23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp sport != 23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp sport 23-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp sport != 23-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp sport { 23, 24, 25} -set%d test-ip6 3 -set%d test-ip6 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp sport { 23-44} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport 23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp dport != 23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp dport 23-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp dport != 23-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp dport { 23, 24, 25} -set%d test-ip6 3 -set%d test-ip6 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport { 23-44} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum 1111 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x57040000 ] - -# sctp checksum != 11 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x0b000000 ] - -# sctp checksum 21-333 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x15000000 ] - [ cmp lte reg 1 0x4d010000 ] - -# sctp checksum != 32-111 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x20000000 ] - [ cmp gt reg 1 0x6f000000 ] - -# sctp checksum { 22, 33, 44} -set%d test-ip6 3 -set%d test-ip6 0 - element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum { 22-44} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# sctp vtag != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# sctp vtag 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# sctp vtag != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# sctp vtag {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/tcp.t b/tests/regression/inet/tcp.t deleted file mode 100644 index 53a16898..00000000 --- a/tests/regression/inet/tcp.t +++ /dev/null @@ -1,105 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -tcp dport 22;ok -tcp dport != 233;ok -tcp dport 33-45;ok -tcp dport != 33-45;ok -tcp dport { 33, 55, 67, 88};ok -- tcp dport != { 33, 55, 67, 88};ok -tcp dport { 33-55};ok -- tcp dport != { 33-55};ok -tcp dport {telnet, http, https} accept;ok;tcp dport { 443, 23, 80} accept -tcp dport vmap { 22 : accept, 23 : drop };ok -tcp dport vmap { 25:accept, 28:drop };ok -tcp dport { 22, 53, 80, 110 };ok -- tcp dport != { 22, 53, 80, 110 };ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -tcp sport 22;ok -tcp sport != 233;ok -tcp sport 33-45;ok -tcp sport != 33-45;ok -tcp sport { 33, 55, 67, 88};ok -- tcp sport != { 33, 55, 67, 88};ok -tcp sport { 33-55};ok -- tcp sport != { 33-55};ok -tcp sport vmap { 25:accept, 28:drop };ok - -tcp sport 8080 drop;ok -tcp sport 1024 tcp dport 22;ok -tcp sport 1024 tcp dport 22 tcp sequence 0;ok - -tcp sequence 0 tcp sport 1024 tcp dport 22;ok;tcp sport 1024 tcp dport 22 tcp sequence 0 -tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22;ok - -tcp sequence 22;ok -tcp sequence != 233;ok -tcp sequence 33-45;ok -tcp sequence != 33-45;ok -tcp sequence { 33, 55, 67, 88};ok -- tcp sequence != { 33, 55, 67, 88};ok -tcp sequence { 33-55};ok -- tcp sequence != { 33-55};ok - -tcp ackseq 42949672 drop;ok -tcp ackseq 22;ok -tcp ackseq != 233;ok -tcp ackseq 33-45;ok -tcp ackseq != 33-45;ok -tcp ackseq { 33, 55, 67, 88};ok -- tcp ackseq != { 33, 55, 67, 88};ok -tcp ackseq { 33-55};ok -- tcp ackseq != { 33-55};ok - -- tcp doff 22;ok -- tcp doff != 233;ok -- tcp doff 33-45;ok -- tcp doff != 33-45;ok -- tcp doff { 33, 55, 67, 88};ok -- tcp doff != { 33, 55, 67, 88};ok -- tcp doff { 33-55};ok -- tcp doff != { 33-55};ok - -# BUG reserved -# BUG: It is accepted but it is not shown then. tcp reserver - -tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop;ok -- tcp flags != { fin, urg, ecn, cwr} drop;ok -tcp flags cwr;ok -tcp flags != cwr;ok - -tcp window 22222;ok -tcp window 22;ok -tcp window != 233;ok -tcp window 33-45;ok -tcp window != 33-45;ok -tcp window { 33, 55, 67, 88};ok -- tcp window != { 33, 55, 67, 88};ok -tcp window { 33-55};ok -- tcp window != { 33-55};ok - -tcp checksum 23456 log drop;ok -tcp checksum 22;ok -tcp checksum != 233;ok -tcp checksum 33-45;ok -tcp checksum != 33-45;ok -tcp checksum { 33, 55, 67, 88};ok -- tcp checksum != { 33, 55, 67, 88};ok -tcp checksum { 33-55};ok -- tcp checksum != { 33-55};ok - -tcp urgptr 1234 accept;ok -tcp urgptr 22;ok -tcp urgptr != 233;ok -tcp urgptr 33-45;ok -tcp urgptr != 33-45;ok -tcp urgptr { 33, 55, 67, 88};ok -- tcp urgptr != { 33, 55, 67, 88};ok -tcp urgptr { 33-55};ok -- tcp urgptr != { 33-55};ok - -tcp doff 8;ok diff --git a/tests/regression/inet/tcp.t.payload.inet b/tests/regression/inet/tcp.t.payload.inet deleted file mode 100644 index 21b21abc..00000000 --- a/tests/regression/inet/tcp.t.payload.inet +++ /dev/null @@ -1,508 +0,0 @@ -# tcp dport 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp dport != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp dport 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp dport != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp dport { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport {telnet, http, https} accept -set%d test-inet 3 -set%d test-inet 0 - element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# tcp dport vmap { 22 : accept, 23 : drop } -map%d test-inet b -map%d test-inet 0 - element 00001600 : 0 [end] element 00001700 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport vmap { 25:accept, 28:drop } -map%d test-inet b -map%d test-inet 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport { 22, 53, 80, 110 } -set%d test-inet 3 -set%d test-inet 0 - element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp sport != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp sport 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp sport != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp sport { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport vmap { 25:accept, 28:drop } -map%d test-inet b -map%d test-inet 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp sport 8080 drop -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000901f ] - [ immediate reg 0 drop ] - -# tcp sport 1024 tcp dport 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 ] - -# tcp sport 1024 tcp dport 22 tcp sequence 0 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport 1024 tcp dport 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 -set%d test-inet 3 -set%d test-inet 0 - element 00000004 : 0 [end] element 0000fe03 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ payload load 6b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 0x00000000 ] - -# tcp sequence 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp sequence != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp sequence 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp sequence != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp sequence { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sequence { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq 42949672 drop -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x285c8f02 ] - [ immediate reg 0 drop ] - -# tcp ackseq 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp ackseq != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp ackseq 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp ackseq != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp ackseq { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop -set%d test-inet 3 -set%d test-inet 0 - element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# tcp flags cwr -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# tcp flags != cwr -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ cmp neq reg 1 0x00000080 ] - -# tcp window 22222 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x0000ce56 ] - -# tcp window 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp window != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp window 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp window != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp window { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp window { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum 23456 log drop -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x0000a05b ] - [ log prefix (null) ] - [ immediate reg 0 drop ] - -# tcp checksum 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp checksum != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp checksum 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp checksum != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp checksum { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr 1234 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 0 accept ] - -# tcp urgptr 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp urgptr != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp urgptr 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp urgptr != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp urgptr { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp doff 8 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000080 ] - diff --git a/tests/regression/inet/tcp.t.payload.ip b/tests/regression/inet/tcp.t.payload.ip deleted file mode 100644 index 34c97143..00000000 --- a/tests/regression/inet/tcp.t.payload.ip +++ /dev/null @@ -1,508 +0,0 @@ -# tcp dport 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp dport != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp dport 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp dport != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp dport { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport {telnet, http, https} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# tcp dport vmap { 22 : accept, 23 : drop } -map%d test-ip4 b -map%d test-ip4 0 - element 00001600 : 0 [end] element 00001700 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport vmap { 25:accept, 28:drop } -map%d test-ip4 b -map%d test-ip4 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport { 22, 53, 80, 110 } -set%d test-ip4 3 -set%d test-ip4 0 - element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp sport != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp sport 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp sport != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp sport { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport vmap { 25:accept, 28:drop } -map%d test-ip4 b -map%d test-ip4 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp sport 8080 drop -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000901f ] - [ immediate reg 0 drop ] - -# tcp sport 1024 tcp dport 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 ] - -# tcp sport 1024 tcp dport 22 tcp sequence 0 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport 1024 tcp dport 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 -set%d test-ip4 3 -set%d test-ip4 0 - element 00000004 : 0 [end] element 0000fe03 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ payload load 6b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 0x00000000 ] - -# tcp sequence 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp sequence != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp sequence 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp sequence != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp sequence { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sequence { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq 42949672 drop -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x285c8f02 ] - [ immediate reg 0 drop ] - -# tcp ackseq 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp ackseq != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp ackseq 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp ackseq != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp ackseq { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# tcp flags cwr -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# tcp flags != cwr -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ cmp neq reg 1 0x00000080 ] - -# tcp window 22222 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x0000ce56 ] - -# tcp window 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp window != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp window 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp window != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp window { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp window { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum 23456 log drop -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x0000a05b ] - [ log prefix (null) ] - [ immediate reg 0 drop ] - -# tcp checksum 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp checksum != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp checksum 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp checksum != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr 1234 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 0 accept ] - -# tcp urgptr 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp urgptr != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp urgptr 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp urgptr != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp urgptr { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp doff 8 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000080 ] - diff --git a/tests/regression/inet/tcp.t.payload.ip6 b/tests/regression/inet/tcp.t.payload.ip6 deleted file mode 100644 index 44decab4..00000000 --- a/tests/regression/inet/tcp.t.payload.ip6 +++ /dev/null @@ -1,508 +0,0 @@ -# tcp dport 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp dport != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp dport 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp dport != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp dport { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport {telnet, http, https} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# tcp dport vmap { 22 : accept, 23 : drop } -map%d test-ip6 b -map%d test-ip6 0 - element 00001600 : 0 [end] element 00001700 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport vmap { 25:accept, 28:drop } -map%d test-ip6 b -map%d test-ip6 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport { 22, 53, 80, 110 } -set%d test-ip6 3 -set%d test-ip6 0 - element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp sport != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp sport 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp sport != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp sport { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport vmap { 25:accept, 28:drop } -map%d test-ip6 b -map%d test-ip6 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp sport 8080 drop -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000901f ] - [ immediate reg 0 drop ] - -# tcp sport 1024 tcp dport 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 ] - -# tcp sport 1024 tcp dport 22 tcp sequence 0 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport 1024 tcp dport 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 -set%d test-ip6 3 -set%d test-ip6 0 - element 00000004 : 0 [end] element 0000fe03 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ payload load 6b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 0x00000000 ] - -# tcp sequence 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp sequence != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp sequence 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp sequence != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp sequence { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sequence { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq 42949672 drop -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x285c8f02 ] - [ immediate reg 0 drop ] - -# tcp ackseq 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp ackseq != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp ackseq 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp ackseq != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp ackseq { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop -set%d test-ip6 3 -set%d test-ip6 0 - element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# tcp flags cwr -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# tcp flags != cwr -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ cmp neq reg 1 0x00000080 ] - -# tcp window 22222 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x0000ce56 ] - -# tcp window 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp window != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp window 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp window != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp window { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp window { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum 23456 log drop -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x0000a05b ] - [ log prefix (null) ] - [ immediate reg 0 drop ] - -# tcp checksum 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp checksum != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp checksum 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp checksum != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp checksum { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr 1234 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 0 accept ] - -# tcp urgptr 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp urgptr != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp urgptr 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp urgptr != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp urgptr { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp doff 8 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000080 ] - diff --git a/tests/regression/inet/udp.t b/tests/regression/inet/udp.t deleted file mode 100644 index 58f4002d..00000000 --- a/tests/regression/inet/udp.t +++ /dev/null @@ -1,49 +0,0 @@ -*ip;test-ip4 -*ip;test-ip6 -*ip;test-inet -:input;type filter hook input priority 0 - -udp sport 80 accept;ok -udp sport != 60 accept;ok -udp sport 50-70 accept;ok -udp sport != 50-60 accept;ok -udp sport { 49, 50} drop;ok -- udp sport != { 50, 60} accept;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. -udp sport { 12-40};ok -- udp sport != { 13-24};ok - -udp dport 80 accept;ok -udp dport != 60 accept;ok -udp dport 70-75 accept;ok -udp dport != 50-60 accept;ok -udp dport { 49, 50} drop;ok -- udp dport != { 50, 60} accept;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. -udp dport { 70-75} accept;ok -- udp dport != { 50-60} accept;ok - -udp length 6666;ok -udp length != 6666;ok -udp length 50-65 accept;ok -udp length != 50-65 accept;ok -udp length { 50, 65} accept;ok -- udp length != { 50, 65} accept;ok -udp length { 35-50};ok -- udp length != { 35-50};ok - -udp checksum 6666 drop;ok -- udp checksum != { 444, 555} accept;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -udp checksum 22;ok -udp checksum != 233;ok -udp checksum 33-45;ok -udp checksum != 33-45;ok -udp checksum { 33, 55, 67, 88};ok -- udp checksum != { 33, 55, 67, 88};ok -udp checksum { 33-55};ok -- udp checksum != { 33-55};ok diff --git a/tests/regression/inet/udp.t.payload.ip b/tests/regression/inet/udp.t.payload.ip deleted file mode 100644 index b3ec24b2..00000000 --- a/tests/regression/inet/udp.t.payload.ip +++ /dev/null @@ -1,222 +0,0 @@ -# udp sport 80 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udp sport != 60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udp sport 50-70 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00003200 ] - [ cmp lte reg 1 0x00004600 ] - [ immediate reg 0 accept ] - -# udp sport != 50-60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udp sport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udp sport { 12-40} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udp dport 80 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udp dport != 60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udp dport 70-75 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004600 ] - [ cmp lte reg 1 0x00004b00 ] - [ immediate reg 0 accept ] - -# udp dport != 50-60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udp dport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udp dport { 70-75} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# udp length 6666 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000a1a ] - -# udp length != 6666 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x00000a1a ] - -# udp length 50-65 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x00003200 ] - [ cmp lte reg 1 0x00004100 ] - [ immediate reg 0 accept ] - -# udp length != 50-65 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00004100 ] - [ immediate reg 0 accept ] - -# udp length { 50, 65} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00003200 : 0 [end] element 00004100 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# udp length { 35-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002300 : 0 [end] element 00003300 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udp checksum 6666 drop -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000a1a ] - [ immediate reg 0 drop ] - -# udp checksum 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# udp checksum != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# udp checksum 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# udp checksum != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# udp checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udp checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/udplite.t b/tests/regression/inet/udplite.t deleted file mode 100644 index 9420ab45..00000000 --- a/tests/regression/inet/udplite.t +++ /dev/null @@ -1,42 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -udplite sport 80 accept;ok -udplite sport != 60 accept;ok -udplite sport 50-70 accept;ok -udplite sport != 50-60 accept;ok -udplite sport { 49, 50} drop;ok -- udplite sport != { 50, 60} accept;ok -udplite sport { 12-40};ok -- udplite sport != { 13-24};ok - -udplite dport 80 accept;ok -udplite dport != 60 accept;ok -udplite dport 70-75 accept;ok -udplite dport != 50-60 accept;ok -udplite dport { 49, 50} drop;ok -- udplite dport != { 50, 60} accept;ok -udplite dport { 70-75} accept;ok -- udplite dport != { 50-60} accept;ok - -- udplite csumcov 6666;ok -- udplite csumcov != 6666;ok -- udplite csumcov 50-65 accept;ok -- udplite csumcov != 50-65 accept;ok -- udplite csumcov { 50, 65} accept;ok -- udplite csumcov != { 50, 65} accept;ok -- udplite csumcov { 35-50};ok -- udplite csumcov != { 35-50};ok - -udplite checksum 6666 drop;ok -- udplite checksum != { 444, 555} accept;ok -udplite checksum 22;ok -udplite checksum != 233;ok -udplite checksum 33-45;ok -udplite checksum != 33-45;ok -udplite checksum { 33, 55, 67, 88};ok -- udplite checksum != { 33, 55, 67, 88};ok -udplite checksum { 33-55};ok -- udplite checksum != { 33-55};ok diff --git a/tests/regression/inet/udplite.t.payload.inet b/tests/regression/inet/udplite.t.payload.inet deleted file mode 100644 index 4c57239f..00000000 --- a/tests/regression/inet/udplite.t.payload.inet +++ /dev/null @@ -1,169 +0,0 @@ -# udplite sport 80 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite sport != 60 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport 50-70 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00003200 ] - [ cmp lte reg 1 0x00004600 ] - [ immediate reg 0 accept ] - -# udplite sport != 50-60 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite sport { 12-40} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite dport 80 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite dport != 60 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport 70-75 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004600 ] - [ cmp lte reg 1 0x00004b00 ] - [ immediate reg 0 accept ] - -# udplite dport != 50-60 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite dport { 70-75} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# udplite checksum 6666 drop -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000a1a ] - [ immediate reg 0 drop ] - -# udplite checksum 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# udplite checksum != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# udplite checksum 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# udplite checksum != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# udplite checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/udplite.t.payload.ip b/tests/regression/inet/udplite.t.payload.ip deleted file mode 100644 index e870c701..00000000 --- a/tests/regression/inet/udplite.t.payload.ip +++ /dev/null @@ -1,169 +0,0 @@ -# udplite sport 80 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite sport != 60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport 50-70 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00003200 ] - [ cmp lte reg 1 0x00004600 ] - [ immediate reg 0 accept ] - -# udplite sport != 50-60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite sport { 12-40} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite dport 80 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite dport != 60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport 70-75 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004600 ] - [ cmp lte reg 1 0x00004b00 ] - [ immediate reg 0 accept ] - -# udplite dport != 50-60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite dport { 70-75} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# udplite checksum 6666 drop -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000a1a ] - [ immediate reg 0 drop ] - -# udplite checksum 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# udplite checksum != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# udplite checksum 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# udplite checksum != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# udplite checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/udplite.t.payload.ip6 b/tests/regression/inet/udplite.t.payload.ip6 deleted file mode 100644 index 2d318854..00000000 --- a/tests/regression/inet/udplite.t.payload.ip6 +++ /dev/null @@ -1,169 +0,0 @@ -# udplite sport 80 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite sport != 60 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport 50-70 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00003200 ] - [ cmp lte reg 1 0x00004600 ] - [ immediate reg 0 accept ] - -# udplite sport != 50-60 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite sport { 12-40} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite dport 80 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite dport != 60 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport 70-75 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004600 ] - [ cmp lte reg 1 0x00004b00 ] - [ immediate reg 0 accept ] - -# udplite dport != 50-60 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite dport { 70-75} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# udplite checksum 6666 drop -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000a1a ] - [ immediate reg 0 drop ] - -# udplite checksum 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# udplite checksum != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# udplite checksum 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# udplite checksum != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# udplite checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip/chains.t b/tests/regression/ip/chains.t deleted file mode 100644 index 8edf62b5..00000000 --- a/tests/regression/ip/chains.t +++ /dev/null @@ -1,15 +0,0 @@ -*ip;test-ip4 - -# filter chains available are: input, output, forward, prerouting, postrouting -:filter-input;type filter hook input priority 0 -:filter-pre;type filter hook prerouting priority 0 -:filter-forw;type filter hook forward priority 0 -:filter-out;type filter hook output priority 0 -:filter-post;type filter hook postrouting priority 0 -# nat chains available are: input, output, prerouting, postrouting -:nat-input-t;type nat hook input priority 0 -:nat-pre-t;type nat hook prerouting priority 0 -:nat-out-t;type nat hook output priority 0 -:nat-post-t;type nat hook postrouting priority 0 -# route chain available are: output -:route-out-t;type route hook output priority 0 diff --git a/tests/regression/ip/dnat.t b/tests/regression/ip/dnat.t deleted file mode 100644 index cdb78116..00000000 --- a/tests/regression/ip/dnat.t +++ /dev/null @@ -1,15 +0,0 @@ -*ip;test-ip4 -:prerouting;type nat hook prerouting priority 0 - -iifname "eth0" tcp dport 80-90 dnat 192.168.3.2;ok -iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2;ok -iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2;ok - -dnat ct mark map { 0x00000014 : 1.2.3.4};ok -dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok diff --git a/tests/regression/ip/dnat.t.payload.ip b/tests/regression/ip/dnat.t.payload.ip deleted file mode 100644 index 026e8719..00000000 --- a/tests/regression/ip/dnat.t.payload.ip +++ /dev/null @@ -1,69 +0,0 @@ -# iifname "eth0" tcp dport 80-90 dnat 192.168.3.2 -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2 -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00005000 ] - [ cmp gt reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2 -set%d test-ip4 3 -set%d test-ip4 0 - element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2 -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002200 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# dnat ct mark map { 0x00000014 : 1.2.3.4} -map%d test-ip4 b -map%d test-ip4 0 - element 00000014 : 04030201 0 [end] -ip test-ip4 prerouting - [ ct load mark => reg 1 ] - [ lookup reg 1 set map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} -map%d test-ip4 b -map%d test-ip4 0 - element 00000014 01010101 : 04030201 0 [end] -ip test-ip4 output - [ ct load mark => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ lookup reg 1 set map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - diff --git a/tests/regression/ip/dup.t b/tests/regression/ip/dup.t deleted file mode 100644 index 9320d546..00000000 --- a/tests/regression/ip/dup.t +++ /dev/null @@ -1,6 +0,0 @@ -*ip;test-ip4 -:input;type filter hook input priority 0 - -dup to 192.168.2.1;ok -dup to 192.168.2.1 device eth0;ok -dup to ip saddr map { 192.168.2.120 : 192.168.2.1 } device eth0;ok diff --git a/tests/regression/ip/dup.t.payload b/tests/regression/ip/dup.t.payload deleted file mode 100644 index 7928d5d5..00000000 --- a/tests/regression/ip/dup.t.payload +++ /dev/null @@ -1,21 +0,0 @@ -# dup to 192.168.2.1 -ip test-ip4 test - [ immediate reg 1 0x0102a8c0 ] - [ dup sreg_addr 1 ] - -# dup to 192.168.2.1 device eth0 -ip test-ip4 test - [ immediate reg 1 0x0102a8c0 ] - [ immediate reg 2 0x00000002 ] - [ dup sreg_addr 1 sreg_dev 2 ] - -# dup to ip saddr map { 192.168.2.120 : 192.168.2.1 } device eth0 -map%d test-ip4 b -map%d test-ip4 0 - element 7802a8c0 : 0102a8c0 0 [end] -ip test-ip4 test - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set map%d dreg 1 ] - [ immediate reg 2 0x00000002 ] - [ dup sreg_addr 1 sreg_dev 2 ] - diff --git a/tests/regression/ip/ether.t b/tests/regression/ip/ether.t deleted file mode 100644 index 4d30f51c..00000000 --- a/tests/regression/ip/ether.t +++ /dev/null @@ -1,8 +0,0 @@ -*ip;test-ip - -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 accept -tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok -tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok -ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok diff --git a/tests/regression/ip/ether.t.payload b/tests/regression/ip/ether.t.payload deleted file mode 100644 index 0d234dab..00000000 --- a/tests/regression/ip/ether.t.payload +++ /dev/null @@ -1,50 +0,0 @@ -# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept -ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 -ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - -# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 -ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - -# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept -ip test-ip input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ immediate reg 0 accept ] - diff --git a/tests/regression/ip/icmp.t b/tests/regression/ip/icmp.t deleted file mode 100644 index bd00f5ca..00000000 --- a/tests/regression/ip/icmp.t +++ /dev/null @@ -1,93 +0,0 @@ -*ip;test-ip4 -# BUG: There is a bug with icmp protocol and inet family. -# *inet;test-inet -:input;type filter hook input priority 0 - -icmp type echo-reply accept;ok -icmp type destination-unreachable accept;ok -icmp type source-quench accept;ok -icmp type redirect accept;ok -icmp type echo-request accept;ok -icmp type time-exceeded accept;ok -icmp type parameter-problem accept;ok -icmp type timestamp-request accept;ok -icmp type timestamp-reply accept;ok -icmp type info-request accept;ok -icmp type info-reply accept;ok -icmp type address-mask-request accept;ok -icmp type address-mask-reply accept;ok -icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept;ok -- icmp type != {echo-reply, destination-unreachable, source-quench};ok -# BUG: icmp type != {echo-reply, destination-unreachable, source-quench} -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp code 111 accept;ok -icmp code != 111 accept;ok -icmp code 33-55;ok -icmp code != 33-55;ok -icmp code { 33-55};ok -- icmp code != { 33-55};ok -icmp code { 2, 4, 54, 33, 56};ok -- icmp code != { 2, 4, 54, 33, 56};ok -# $ sudo nft add rule ip test input icmp code != {2, 4, 54, 33, 56} -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp checksum 12343 accept;ok -icmp checksum != 12343 accept;ok -icmp checksum 11-343 accept;ok -icmp checksum != 11-343 accept;ok -icmp checksum { 11-343} accept;ok -- icmp checksum != { 11-343} accept;ok -icmp checksum { 1111, 222, 343} accept;ok -- icmp checksum != { 1111, 222, 343} accept;ok -# BUG: invalid expression type set -# icmp checksum != { 1111, 222, 343} accept;ok -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp id 1245 log;ok -icmp id 22;ok -icmp id != 233;ok -icmp id 33-45;ok -icmp id != 33-45;ok -icmp id { 33-55};ok -- icmp id != { 33-55};ok -icmp id { 22, 34, 333};ok -- icmp id != { 22, 34, 333};ok -# BUG: invalid expression type set -# icmp id != { 22, 34, 333} -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp sequence 22;ok -icmp sequence != 233;ok -icmp sequence 33-45;ok -icmp sequence != 33-45;ok -icmp sequence { 33, 55, 67, 88};ok -- icmp sequence != { 33, 55, 67, 88};ok -icmp sequence { 33-55};ok -- icmp sequence != { 33-55};ok - -icmp mtu 33;ok -icmp mtu 22-33;ok -icmp mtu { 22-33};ok -- icmp mtu != { 22-33};ok -icmp mtu 22;ok -icmp mtu != 233;ok -icmp mtu 33-45;ok -icmp mtu != 33-45;ok -icmp mtu { 33, 55, 67, 88};ok -- icmp mtu != { 33, 55, 67, 88};ok -icmp mtu { 33-55};ok -- icmp mtu != { 33-55};ok - -icmp gateway 22;ok -icmp gateway != 233;ok -icmp gateway 33-45;ok -icmp gateway != 33-45;ok -icmp gateway { 33, 55, 67, 88};ok -- icmp gateway != { 33, 55, 67, 88};ok -icmp gateway { 33-55};ok -- icmp gateway != { 33-55};ok -icmp gateway != 34;ok -- icmp gateway != { 333, 334};ok diff --git a/tests/regression/ip/icmp.t.payload.ip b/tests/regression/ip/icmp.t.payload.ip deleted file mode 100644 index a6071a65..00000000 --- a/tests/regression/ip/icmp.t.payload.ip +++ /dev/null @@ -1,463 +0,0 @@ -# icmp type echo-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - [ immediate reg 0 accept ] - -# icmp type destination-unreachable accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000003 ] - [ immediate reg 0 accept ] - -# icmp type source-quench accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] - [ immediate reg 0 accept ] - -# icmp type redirect accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000005 ] - [ immediate reg 0 accept ] - -# icmp type echo-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ immediate reg 0 accept ] - -# icmp type time-exceeded accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000b ] - [ immediate reg 0 accept ] - -# icmp type parameter-problem accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000c ] - [ immediate reg 0 accept ] - -# icmp type timestamp-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000d ] - [ immediate reg 0 accept ] - -# icmp type timestamp-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000e ] - [ immediate reg 0 accept ] - -# icmp type info-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000f ] - [ immediate reg 0 accept ] - -# icmp type info-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000010 ] - [ immediate reg 0 accept ] - -# icmp type address-mask-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ immediate reg 0 accept ] - -# icmp type address-mask-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000012 ] - [ immediate reg 0 accept ] - -# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000000 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000008 : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] element 0000000d : 0 [end] element 0000000e : 0 [end] element 0000000f : 0 [end] element 00000010 : 0 [end] element 00000011 : 0 [end] element 00000012 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmp code 111 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x0000006f ] - [ immediate reg 0 accept ] - -# icmp code != 111 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp neq reg 1 0x0000006f ] - [ immediate reg 0 accept ] - -# icmp code 33-55 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x00000037 ] - -# icmp code != 33-55 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x00000037 ] - -# icmp code { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp code { 2, 4, 54, 33, 56} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000036 : 0 [end] element 00000021 : 0 [end] element 00000038 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp checksum 12343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003730 ] - [ immediate reg 0 accept ] - -# icmp checksum != 12343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003730 ] - [ immediate reg 0 accept ] - -# icmp checksum 11-343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00000b00 ] - [ cmp lte reg 1 0x00005701 ] - [ immediate reg 0 accept ] - -# icmp checksum != 11-343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00000b00 ] - [ cmp gt reg 1 0x00005701 ] - [ immediate reg 0 accept ] - -# icmp checksum { 11-343} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmp checksum { 1111, 222, 343} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmp id 1245 log -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x0000dd04 ] - [ log prefix (null) ] - -# icmp id 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# icmp id != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# icmp id 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmp id != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmp id { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp id { 22, 34, 333} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001600 : 0 [end] element 00002200 : 0 [end] element 00004d01 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp sequence 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# icmp sequence != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# icmp sequence 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmp sequence != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmp sequence { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp sequence { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp mtu 33 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00002100 ] - -# icmp mtu 22-33 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00001600 ] - [ cmp lte reg 1 0x00002100 ] - -# icmp mtu { 22-33} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp mtu 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# icmp mtu != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# icmp mtu 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmp mtu != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmp mtu { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp mtu { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp gateway 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# icmp gateway != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# icmp gateway 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# icmp gateway != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# icmp gateway { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp gateway { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp gateway != 34 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x22000000 ] - diff --git a/tests/regression/ip/ip.t b/tests/regression/ip/ip.t deleted file mode 100644 index 0339c2ac..00000000 --- a/tests/regression/ip/ip.t +++ /dev/null @@ -1,117 +0,0 @@ -*ip;test-ip4 -*inet;test-inet -:input;type filter hook input priority 0 - -- ip version 2;ok - -# bug ip hdrlength -- ip hdrlength 10;ok -- ip hdrlength != 5;ok -- ip hdrlength 5-8;ok -- ip hdrlength != 3-13;ok -- ip hdrlength {3, 5, 6, 8};ok -- ip hdrlength != {3, 5, 7, 8};ok -- ip hdrlength { 3-5};ok -- ip hdrlength != { 3-59};ok -# ip hdrlength 12 -# :1:1-38: Error: Could not process rule: Invalid argument -# add rule ip test input ip hdrlength 12 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -# :1:37-38: Error: Value 22 exceeds valid range 0-15 -# add rule ip test input ip hdrlength 22 - -- ip dscp CS1;ok -- ip dscp != CS1;ok -- ip dscp 0x38;ok -- ip dscp != 0x20;ok -- ip dscp {CS1, CS2, CS3, CS4, CS5, CS6, CS7, BE, AF11, AF12, AF13, AF21, AF22, AF23, AF31, AF32, AF33, AF41, AF42, AF43, EF};ok -- ip dscp {0x08, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x00, 0x0a, 0x0c, 0x0e, 0x12, 0x14, 0x16, 0x1a, 0x1c, 0x1e, 0x22, 0x24, 0x26, 0x2e};ok -- ip dscp != {CS0, CS3};ok - -ip length 232;ok -ip length != 233;ok -ip length 333-435;ok -ip length != 333-453;ok -ip length { 333, 553, 673, 838};ok -- ip length != { 333, 535, 637, 883};ok -ip length { 333-535};ok -- ip length != { 333-553};ok - -ip id 22;ok -ip id != 233;ok -ip id 33-45;ok -ip id != 33-45;ok -ip id { 33, 55, 67, 88};ok -- ip id != { 33, 55, 67, 88};ok -ip id { 33-55};ok -- ip id != { 33-55};ok - -ip frag-off 222 accept;ok -ip frag-off != 233;ok -ip frag-off 33-45;ok -ip frag-off != 33-45;ok -ip frag-off { 33, 55, 67, 88};ok -- ip frag-off != { 33, 55, 67, 88};ok -ip frag-off { 33-55};ok -- ip frag-off != { 33-55};ok - -ip ttl 0 drop;ok -ip ttl 233 log;ok -ip ttl 33-55;ok -ip ttl != 45-50;ok -ip ttl {43, 53, 45 };ok -- ip ttl != {46, 56, 93 };ok -# BUG: ip ttl != {46, 56, 93 };ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. -ip ttl { 33-55};ok -- ip ttl != { 33-55};ok - -ip protocol tcp log;ok;ip protocol 6 log -ip protocol != tcp log;ok;ip protocol != 6 log -ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept -- ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok - -ip checksum 13172 drop;ok -ip checksum 22;ok -ip checksum != 233;ok -ip checksum 33-45;ok -ip checksum != 33-45;ok -ip checksum { 33, 55, 67, 88};ok -- ip checksum != { 33, 55, 67, 88};ok -ip checksum { 33-55};ok -- ip checksum != { 33-55};ok - -ip saddr 192.168.2.0/24;ok -ip saddr != 192.168.2.0/24;ok -ip saddr 192.168.3.1 ip daddr 192.168.3.100;ok -ip saddr != 1.1.1.1 log prefix giuseppe;ok;ip saddr != 1.1.1.1 log prefix "giuseppe" -ip saddr 1.1.1.1 log prefix example group 1;ok;ip saddr 1.1.1.1 log prefix "example" group 1 -ip daddr 192.168.0.1-192.168.0.250;ok -ip daddr 10.0.0.0-10.255.255.255;ok -ip daddr 172.16.0.0-172.31.255.255;ok -ip daddr 192.168.3.1-192.168.4.250;ok -ip daddr != 192.168.0.1-192.168.0.250;ok -ip daddr { 192.168.0.1-192.168.0.250};ok -- ip daddr != { 192.168.0.1-192.168.0.250};ok -ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok -- ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok - -ip daddr 192.168.1.2-192.168.1.55;ok -ip daddr != 192.168.1.2-192.168.1.55;ok -ip saddr 192.168.1.3-192.168.33.55;ok -ip saddr != 192.168.1.3-192.168.33.55;ok - -ip daddr 192.168.0.1;ok -ip daddr 192.168.0.1 drop;ok -ip daddr 192.168.0.2 log;ok - -ip saddr \& 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1 -ip saddr \& 0.0.0.255 \< 0.0.0.127;ok;ip saddr & 0.0.0.255 < 0.0.0.127 - -ip saddr \& 0xffff0000 == 0xffff0000;ok;ip saddr 255.255.0.0/16 - -ip version 4 ip hdrlength 5;ok -ip hdrlength 0;ok -ip hdrlength 15;ok -ip hdrlength 16;fail diff --git a/tests/regression/ip/ip.t.payload b/tests/regression/ip/ip.t.payload deleted file mode 100644 index da2dc218..00000000 --- a/tests/regression/ip/ip.t.payload +++ /dev/null @@ -1,386 +0,0 @@ -# ip length 232 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000e800 ] - -# ip length != 233 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip length 333-435 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004d01 ] - [ cmp lte reg 1 0x0000b301 ] - -# ip length != 333-453 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp lt reg 1 0x00004d01 ] - [ cmp gt reg 1 0x0000c501 ] - -# ip length { 333, 553, 673, 838} -set%d test-ip4 3 -set%d test-ip4 0 - element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip length { 333-535} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id 22 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip id != 233 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip id 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip id != 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip id { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off 222 accept -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000de00 ] - [ immediate reg 0 accept ] - -# ip frag-off != 233 -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip frag-off 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip frag-off != 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip frag-off { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl 0 drop -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - [ immediate reg 0 drop ] - -# ip ttl 233 log -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - [ log prefix (null) ] - -# ip ttl 33-55 -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x00000037 ] - -# ip ttl != 45-50 -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp lt reg 1 0x0000002d ] - [ cmp gt reg 1 0x00000032 ] - -# ip ttl {43, 53, 45 } -set%d test-ip4 3 -set%d test-ip4 0 - element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip protocol tcp log -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol != tcp log -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip checksum 13172 drop -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00007433 ] - [ immediate reg 0 drop ] - -# ip checksum 22 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip checksum != 233 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip checksum 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip checksum != 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip saddr 192.168.2.0/24 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0002a8c0 ] - -# ip saddr != 192.168.2.0/24 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp neq reg 1 0x0002a8c0 ] - -# ip saddr 192.168.3.1 ip daddr 192.168.3.100 -ip test-ip4 input - [ payload load 8b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ] - -# ip saddr != 1.1.1.1 log prefix giuseppe -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp neq reg 1 0x01010101 ] - [ log prefix giuseppe ] - -# ip saddr 1.1.1.1 log prefix example group 1 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x01010101 ] - [ log prefix example group 1 snaplen 0 qthreshold 0] - -# ip daddr 192.168.0.1-192.168.0.250 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0100a8c0 ] - [ cmp lte reg 1 0xfa00a8c0 ] - -# ip daddr 10.0.0.0-10.255.255.255 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0xffffff0a ] - -# ip daddr 172.16.0.0-172.31.255.255 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x000010ac ] - [ cmp lte reg 1 0xffff1fac ] - -# ip daddr 192.168.3.1-192.168.4.250 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0103a8c0 ] - [ cmp lte reg 1 0xfa04a8c0 ] - -# ip daddr != 192.168.0.1-192.168.0.250 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0100a8c0 ] - [ cmp gt reg 1 0xfa00a8c0 ] - -# ip daddr { 192.168.0.1-192.168.0.250} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept -set%d test-ip4 3 -set%d test-ip4 0 - element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip daddr 192.168.1.2-192.168.1.55 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0201a8c0 ] - [ cmp lte reg 1 0x3701a8c0 ] - -# ip daddr != 192.168.1.2-192.168.1.55 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0201a8c0 ] - [ cmp gt reg 1 0x3701a8c0 ] - -# ip saddr 192.168.1.3-192.168.33.55 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp gte reg 1 0x0301a8c0 ] - [ cmp lte reg 1 0x3721a8c0 ] - -# ip saddr != 192.168.1.3-192.168.33.55 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp lt reg 1 0x0301a8c0 ] - [ cmp gt reg 1 0x3721a8c0 ] - -# ip daddr 192.168.0.1 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - -# ip daddr 192.168.0.1 drop -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - [ immediate reg 0 drop ] - -# ip daddr 192.168.0.2 log -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0200a8c0 ] - [ log prefix (null) ] - -# ip saddr \& 0xff == 1 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x01000000 ] - -# ip saddr \& 0.0.0.255 \< 0.0.0.127 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp lt reg 1 0x7f000000 ] - -# ip saddr \& 0xffff0000 == 0xffff0000 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000ffff ] - -# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} -set%d test-ip 3 -set%d test-ip 0 - element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] -ip test-ip input - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 1b @ network header + 9 => reg 10 ] - [ lookup reg 1 set set%d ] - -# ip version 4 ip hdrlength 5 -ip test-ip4 input - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000040 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000005 ] - -# ip hdrlength 0 -ip test-ip4 input - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# ip hdrlength 15 -ip test-ip4 input - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000f ] - diff --git a/tests/regression/ip/ip.t.payload.inet b/tests/regression/ip/ip.t.payload.inet deleted file mode 100644 index 35f73ff7..00000000 --- a/tests/regression/ip/ip.t.payload.inet +++ /dev/null @@ -1,506 +0,0 @@ -# ip length 232 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000e800 ] - -# ip length != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip length 333-435 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004d01 ] - [ cmp lte reg 1 0x0000b301 ] - -# ip length != 333-453 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp lt reg 1 0x00004d01 ] - [ cmp gt reg 1 0x0000c501 ] - -# ip length { 333, 553, 673, 838} -set%d test-inet 3 -set%d test-inet 0 - element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip length { 333-535} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id 22 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip id != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip id 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip id != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip id { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off 222 accept -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000de00 ] - [ immediate reg 0 accept ] - -# ip frag-off != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip frag-off 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip frag-off != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip frag-off { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl 0 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - [ immediate reg 0 drop ] - -# ip ttl 233 log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - [ log prefix (null) ] - -# ip ttl 33-55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x00000037 ] - -# ip ttl != 45-50 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp lt reg 1 0x0000002d ] - [ cmp gt reg 1 0x00000032 ] - -# ip ttl {43, 53, 45 } -set%d test-inet 3 -set%d test-inet 0 - element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip protocol tcp log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol != tcp log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept -set%d test-inet 3 -set%d test-inet 0 - element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip checksum 13172 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00007433 ] - [ immediate reg 0 drop ] - -# ip checksum 22 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip checksum != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip checksum 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip checksum != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip checksum { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip checksum { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip saddr 192.168.2.0/24 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0002a8c0 ] - -# ip saddr != 192.168.2.0/24 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp neq reg 1 0x0002a8c0 ] - -# ip saddr 192.168.3.1 ip daddr 192.168.3.100 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 8b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ] - -# ip saddr != 1.1.1.1 log prefix giuseppe -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp neq reg 1 0x01010101 ] - [ log prefix giuseppe ] - -# ip saddr 1.1.1.1 log prefix example group 1 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x01010101 ] - [ log prefix example group 1 snaplen 0 qthreshold 0] - -# ip daddr 192.168.0.1-192.168.0.250 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0100a8c0 ] - [ cmp lte reg 1 0xfa00a8c0 ] - -# ip daddr 10.0.0.0-10.255.255.255 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0xffffff0a ] - -# ip daddr 172.16.0.0-172.31.255.255 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x000010ac ] - [ cmp lte reg 1 0xffff1fac ] - -# ip daddr 192.168.3.1-192.168.4.250 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0103a8c0 ] - [ cmp lte reg 1 0xfa04a8c0 ] - -# ip daddr != 192.168.0.1-192.168.0.250 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0100a8c0 ] - [ cmp gt reg 1 0xfa00a8c0 ] - -# ip daddr { 192.168.0.1-192.168.0.250} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept -set%d test-inet 3 -set%d test-inet 0 - element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip daddr 192.168.1.2-192.168.1.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0201a8c0 ] - [ cmp lte reg 1 0x3701a8c0 ] - -# ip daddr != 192.168.1.2-192.168.1.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0201a8c0 ] - [ cmp gt reg 1 0x3701a8c0 ] - -# ip saddr 192.168.1.3-192.168.33.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp gte reg 1 0x0301a8c0 ] - [ cmp lte reg 1 0x3721a8c0 ] - -# ip saddr != 192.168.1.3-192.168.33.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp lt reg 1 0x0301a8c0 ] - [ cmp gt reg 1 0x3721a8c0 ] - -# ip daddr 192.168.0.1 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - -# ip daddr 192.168.0.1 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - [ immediate reg 0 drop ] - -# ip daddr 192.168.0.2 log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0200a8c0 ] - [ log prefix (null) ] - -# ip saddr \& 0xff == 1 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x01000000 ] - -# ip saddr \& 0.0.0.255 \< 0.0.0.127 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp lt reg 1 0x7f000000 ] - -# ip saddr \& 0xffff0000 == 0xffff0000 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000ffff ] - -# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} -set%d test-ip 3 -set%d test-ip 0 - element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] -inet test-ip input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 1b @ network header + 9 => reg 10 ] - [ lookup reg 1 set set%d ] - -# ip version 4 ip hdrlength 5 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000040 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000005 ] - -# ip hdrlength 0 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# ip hdrlength 15 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000f ] - diff --git a/tests/regression/ip/masquerade.t b/tests/regression/ip/masquerade.t deleted file mode 100644 index 35001f37..00000000 --- a/tests/regression/ip/masquerade.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip;test-ip4 -:postrouting;type nat hook postrouting priority 0 - -# nf_nat flags combination -udp dport 53 masquerade;ok -udp dport 53 masquerade random;ok -udp dport 53 masquerade random,persistent;ok -udp dport 53 masquerade random,persistent,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent -udp dport 53 masquerade random,fully-random;ok -udp dport 53 masquerade random,fully-random,persistent;ok -udp dport 53 masquerade persistent;ok -udp dport 53 masquerade persistent,random;ok;udp dport 53 masquerade random,persistent -udp dport 53 masquerade persistent,random,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent -udp dport 53 masquerade persistent,fully-random;ok;udp dport 53 masquerade fully-random,persistent -udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerade random,fully-random,persistent - -# masquerade is a terminal statement -tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail -tcp sport 22 masquerade accept;fail -ip saddr 10.1.1.1 masquerade drop;fail - -# masquerade with sets -tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade;ok -ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 masquerade;ok -iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade;ok diff --git a/tests/regression/ip/masquerade.t.payload b/tests/regression/ip/masquerade.t.payload deleted file mode 100644 index 9390f0cf..00000000 --- a/tests/regression/ip/masquerade.t.payload +++ /dev/null @@ -1,127 +0,0 @@ -# udp dport 53 masquerade -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq ] - -# udp dport 53 masquerade random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x4 ] - -# udp dport 53 masquerade random,persistent -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0xc ] - -# udp dport 53 masquerade random,persistent,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade random,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x14 ] - -# udp dport 53 masquerade random,fully-random,persistent -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade persistent -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x8 ] - -# udp dport 53 masquerade persistent,random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0xc ] - -# udp dport 53 masquerade persistent,random,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade persistent,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x18 ] - -# udp dport 53 masquerade persistent,fully-random,random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade -set%d test-ip4 3 -set%d test-ip4 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ masq ] - -# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 masquerade -ip test-ip4 postrouting - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0x0403020a ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ counter pkts 0 bytes 0 ] - [ masq ] - -# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade -map%d test-ip4 b -map%d test-ip4 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - [ masq ] - diff --git a/tests/regression/ip/redirect.t b/tests/regression/ip/redirect.t deleted file mode 100644 index b7eecb74..00000000 --- a/tests/regression/ip/redirect.t +++ /dev/null @@ -1,45 +0,0 @@ -*ip;test-ip4 -:output;type nat hook output priority 0 - -# without arguments -udp dport 53 redirect;ok - -# nf_nat flags combination -udp dport 53 redirect random;ok -udp dport 53 redirect random,persistent;ok -udp dport 53 redirect random,persistent,fully-random;ok;udp dport 53 redirect random,fully-random,persistent -udp dport 53 redirect random,fully-random;ok -udp dport 53 redirect random,fully-random,persistent;ok -udp dport 53 redirect persistent;ok -udp dport 53 redirect persistent,random;ok;udp dport 53 redirect random,persistent -udp dport 53 redirect persistent,random,fully-random;ok;udp dport 53 redirect random,fully-random,persistent -udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-random,persistent -udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent - -# port specification -tcp dport 22 redirect to 22;ok -udp dport 1234 redirect to 4321;ok -ip daddr 172.16.0.1 udp dport 9998 redirect to 6515;ok -tcp dport 39128 redirect to 993;ok -redirect to 1234;fail -redirect to 12341111;fail - -# both port and nf_nat flags -tcp dport 9128 redirect to 993 random;ok -tcp dport 9128 redirect to 993 fully-random;ok -tcp dport 9128 redirect to 123 persistent;ok -tcp dport 9128 redirect to 123 random,persistent;ok - -# nf_nat flags is the last argument -udp dport 1234 redirect random to 123;fail -udp dport 21234 redirect persistent,fully-random to 431;fail - -# redirect is a terminal statement -tcp dport 22 redirect counter packets 0 bytes 0 accept;fail -tcp sport 22 redirect accept;fail -ip saddr 10.1.1.1 redirect drop;fail - -# redirect with sets -tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok -ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect;ok -iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok diff --git a/tests/regression/ip/redirect.t.payload b/tests/regression/ip/redirect.t.payload deleted file mode 100644 index ac718043..00000000 --- a/tests/regression/ip/redirect.t.payload +++ /dev/null @@ -1,201 +0,0 @@ -# udp dport 53 redirect -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir ] - -# udp dport 53 redirect random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x4 ] - -# udp dport 53 redirect random,persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0xc ] - -# udp dport 53 redirect random,persistent,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect random,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x14 ] - -# udp dport 53 redirect random,fully-random,persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x8 ] - -# udp dport 53 redirect persistent,random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0xc ] - -# udp dport 53 redirect persistent,random,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect persistent,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x18 ] - -# udp dport 53 redirect persistent,fully-random,random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# tcp dport 22 redirect to 22 -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ immediate reg 1 0x00001600 ] - [ redir proto_min reg 1 ] - -# udp dport 1234 redirect to 4321 -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 1 0x0000e110 ] - [ redir proto_min reg 1 ] - -# ip daddr 172.16.0.1 udp dport 9998 redirect to 6515 -ip test-ip4 output - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x010010ac ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00000e27 ] - [ immediate reg 1 0x00007319 ] - [ redir proto_min reg 1 ] - -# tcp dport 39128 redirect to 993 -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000d898 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 ] - -# tcp dport 9128 redirect to 993 random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x4 ] - -# tcp dport 9128 redirect to 993 fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x10 ] - -# tcp dport 9128 redirect to 123 persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x00007b00 ] - [ redir proto_min reg 1 flags 0x8 ] - -# tcp dport 9128 redirect to 123 random,persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x00007b00 ] - [ redir proto_min reg 1 flags 0xc ] - -# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect -set%d test-ip4 3 -set%d test-ip4 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ redir ] - -# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect -ip test-ip4 output - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0x0403020a ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ counter pkts 0 bytes 0 ] - [ redir ] - -# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect -map%d test-ip4 b -map%d test-ip4 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] -ip test-ip4 output - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - [ redir ] - diff --git a/tests/regression/ip/reject.t b/tests/regression/ip/reject.t deleted file mode 100644 index 70a63a0b..00000000 --- a/tests/regression/ip/reject.t +++ /dev/null @@ -1,14 +0,0 @@ -*ip;test-ip4 -:output;type filter hook output priority 0 - -reject;ok -reject with icmp type host-unreachable;ok -reject with icmp type net-unreachable;ok -reject with icmp type prot-unreachable;ok -reject with icmp type port-unreachable;ok;reject -reject with icmp type net-prohibited;ok -reject with icmp type host-prohibited;ok -reject with icmp type admin-prohibited;ok - -reject with icmp type no-route;fail -reject with icmpv6 type no-route;fail diff --git a/tests/regression/ip/reject.t.payload b/tests/regression/ip/reject.t.payload deleted file mode 100644 index d5e87665..00000000 --- a/tests/regression/ip/reject.t.payload +++ /dev/null @@ -1,32 +0,0 @@ -# reject -ip test-ip4 output - [ reject type 0 code 3 ] - -# reject with icmp type host-unreachable -ip test-ip4 output - [ reject type 0 code 1 ] - -# reject with icmp type net-unreachable -ip test-ip4 output - [ reject type 0 code 0 ] - -# reject with icmp type prot-unreachable -ip test-ip4 output - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -ip test-ip4 output - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -ip test-ip4 output - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -ip test-ip4 output - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -ip test-ip4 output - [ reject type 0 code 13 ] - diff --git a/tests/regression/ip/sets.t b/tests/regression/ip/sets.t deleted file mode 100644 index c199dbd2..00000000 --- a/tests/regression/ip/sets.t +++ /dev/null @@ -1,30 +0,0 @@ -*ip;test-ip4 -*inet;test-inet -:input;type filter hook input priority 0 - -!set_ipv4_add ipv4_addr;ok -!set_inet inet_proto;ok -!set_inet_serv inet_service;ok -!set_time time;ok - -!set1 ipv4_addr;ok -?set1 192.168.3.4;ok - -?set1 192.168.3.4;fail -?set1 192.168.3.5 192.168.3.6;ok -?set1 192.168.3.5 192.168.3.6;fail -?set1 192.168.3.8 192.168.3.9;ok -?set1 192.168.3.10 192.168.3.11;ok -?set1 1234:1234:1234:1234:1234:1234:1234:1234;fail -?set2 192.168.3.4;fail - -!set2 ipv4_addr;ok -?set2 192.168.3.4;ok -?set2 192.168.3.5 192.168.3.6;ok -?set2 192.168.3.5 192.168.3.6;fail -?set2 192.168.3.8 192.168.3.9;ok -?set2 192.168.3.10 192.168.3.11;ok - -ip saddr @set1 drop;ok -ip saddr @set2 drop;ok -ip saddr @set33 drop;fail diff --git a/tests/regression/ip/sets.t.payload.inet b/tests/regression/ip/sets.t.payload.inet deleted file mode 100644 index f8e97ccb..00000000 --- a/tests/regression/ip/sets.t.payload.inet +++ /dev/null @@ -1,16 +0,0 @@ -# ip saddr @set1 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set1 ] - [ immediate reg 0 drop ] - -# ip saddr @set2 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set2 ] - [ immediate reg 0 drop ] - diff --git a/tests/regression/ip/sets.t.payload.ip b/tests/regression/ip/sets.t.payload.ip deleted file mode 100644 index ece63d0e..00000000 --- a/tests/regression/ip/sets.t.payload.ip +++ /dev/null @@ -1,12 +0,0 @@ -# ip saddr @set1 drop -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set1 ] - [ immediate reg 0 drop ] - -# ip saddr @set2 drop -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set2 ] - [ immediate reg 0 drop ] - diff --git a/tests/regression/ip/snat.t b/tests/regression/ip/snat.t deleted file mode 100644 index 1caf7c76..00000000 --- a/tests/regression/ip/snat.t +++ /dev/null @@ -1,12 +0,0 @@ -*ip;test-ip4 -:postrouting;type nat hook postrouting priority 0 - -iifname "eth0" tcp dport 80-90 snat 192.168.3.2;ok -iifname "eth0" tcp dport != 80-90 snat 192.168.3.2;ok -iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -iifname "eth0" tcp dport != 23-34 snat 192.168.3.2;ok diff --git a/tests/regression/ip/snat.t.payload b/tests/regression/ip/snat.t.payload deleted file mode 100644 index 32ba4fa8..00000000 --- a/tests/regression/ip/snat.t.payload +++ /dev/null @@ -1,50 +0,0 @@ -# iifname "eth0" tcp dport 80-90 snat 192.168.3.2 -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 80-90 snat 192.168.3.2 -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00005000 ] - [ cmp gt reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2 -set%d test-ip4 3 -set%d test-ip4 0 - element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 23-34 snat 192.168.3.2 -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002200 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - diff --git a/tests/regression/ip6/chains.t b/tests/regression/ip6/chains.t deleted file mode 100644 index c1e41e47..00000000 --- a/tests/regression/ip6/chains.t +++ /dev/null @@ -1,17 +0,0 @@ -*ip6;test-ip6 - -# filter chains available are: input, output, forward, forward, prerouting and postrouting. -:filter-input;type filter hook input priority 0 -:filter-prer;type filter hook prerouting priority 0 -:filter-forw-t;type filter hook forward priority 0 -:filter-out-t;type filter hook output priority 0 -:filter-post-t;type filter hook postrouting priority 0 - -# nat chains available are: input, output, forward, prerouting and postrouting. -:nat-input;type nat hook input priority 0 -:nat-prerouting;type nat hook prerouting priority 0 -:nat-output;type nat hook output priority 0 -:nat-postrou;type nat hook postrouting priority 0 - -# route chain available is output. -:route-out;type route hook output priority 0 diff --git a/tests/regression/ip6/dnat.t b/tests/regression/ip6/dnat.t deleted file mode 100644 index 83412258..00000000 --- a/tests/regression/ip6/dnat.t +++ /dev/null @@ -1,5 +0,0 @@ -*ip6;test-ip6 -:prerouting;type nat hook prerouting priority 0 - -tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100;ok -tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok;tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::100 diff --git a/tests/regression/ip6/dnat.t.payload.ip6 b/tests/regression/ip6/dnat.t.payload.ip6 deleted file mode 100644 index 13c7a0e3..00000000 --- a/tests/regression/ip6/dnat.t.payload.ip6 +++ /dev/null @@ -1,25 +0,0 @@ -# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100 -ip6 test-ip6 prerouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] - [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] - [ immediate reg 3 0x00005000 ] - [ immediate reg 4 0x00006400 ] - [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] - -# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100 -ip6 test-ip6 prerouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] - [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] - [ immediate reg 3 0x00006400 ] - [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] - diff --git a/tests/regression/ip6/dst.t b/tests/regression/ip6/dst.t deleted file mode 100644 index 3207af76..00000000 --- a/tests/regression/ip6/dst.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -dst nexthdr 22;ok -dst nexthdr != 233;ok -dst nexthdr 33-45;ok -dst nexthdr != 33-45;ok -dst nexthdr { 33, 55, 67, 88};ok -- dst nexthdr != { 33, 55, 67, 88};ok -dst nexthdr { 33-55};ok -- dst nexthdr != { 33-55};ok -dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;dst nexthdr { 51, 50, 17, 136, 58, 6, 33, 132, 108} -- dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok -dst nexthdr icmp;ok;dst nexthdr 1 -dst nexthdr != icmp;ok;dst nexthdr != 1 - -dst hdrlength 22;ok -dst hdrlength != 233;ok -dst hdrlength 33-45;ok -dst hdrlength != 33-45;ok -dst hdrlength { 33, 55, 67, 88};ok -- dst hdrlength != { 33, 55, 67, 88};ok -dst hdrlength { 33-55};ok -- dst hdrlength != { 33-55};ok diff --git a/tests/regression/ip6/dst.t.payload.inet b/tests/regression/ip6/dst.t.payload.inet deleted file mode 100644 index 7a219f41..00000000 --- a/tests/regression/ip6/dst.t.payload.inet +++ /dev/null @@ -1,94 +0,0 @@ -# dst nexthdr 22 -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# dst nexthdr != 233 -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# dst nexthdr 33-45 -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# dst nexthdr != 33-45 -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# dst nexthdr { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} -set%d test-inet 3 -set%d test-inet 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr icmp -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# dst nexthdr != icmp -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# dst hdrlength 22 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# dst hdrlength != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# dst hdrlength 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# dst hdrlength != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# dst hdrlength { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst hdrlength { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/dst.t.payload.ip6 b/tests/regression/ip6/dst.t.payload.ip6 deleted file mode 100644 index 3c778f93..00000000 --- a/tests/regression/ip6/dst.t.payload.ip6 +++ /dev/null @@ -1,95 +0,0 @@ -# dst nexthdr 22 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# dst nexthdr != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# dst nexthdr 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# dst nexthdr != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# dst nexthdr { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr icmp -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# dst nexthdr != icmp -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# dst hdrlength 22 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# dst hdrlength != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# dst hdrlength 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# dst hdrlength != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# dst hdrlength { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst hdrlength { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - - diff --git a/tests/regression/ip6/dup.t b/tests/regression/ip6/dup.t deleted file mode 100644 index 34f302f2..00000000 --- a/tests/regression/ip6/dup.t +++ /dev/null @@ -1,6 +0,0 @@ -*ip6;test-ip6 -:input;type filter hook input priority 0 - -dup to abcd::1;ok -dup to abcd::1 device eth0;ok -dup to ip6 saddr map { abcd::1 : cafe::cafe } device eth0;ok diff --git a/tests/regression/ip6/dup.t.payload b/tests/regression/ip6/dup.t.payload deleted file mode 100644 index 1df414cd..00000000 --- a/tests/regression/ip6/dup.t.payload +++ /dev/null @@ -1,21 +0,0 @@ -# dup to abcd::1 -ip6 test test - [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ] - [ dup sreg_addr 1 ] - -# dup to abcd::1 device eth0 -ip6 test test - [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ] - [ immediate reg 2 0x00000002 ] - [ dup sreg_addr 1 sreg_dev 2 ] - -# dup to ip6 saddr map { abcd::1 : cafe::cafe } device eth0 -map%d test-ip6 b -map%d test-ip6 0 - element 0000cdab 00000000 00000000 01000000 : 0000feca 00000000 00000000 feca0000 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 1 ] - [ immediate reg 2 0x00000002 ] - [ dup sreg_addr 1 sreg_dev 2 ] - diff --git a/tests/regression/ip6/ether.t b/tests/regression/ip6/ether.t deleted file mode 100644 index 98be273f..00000000 --- a/tests/regression/ip6/ether.t +++ /dev/null @@ -1,8 +0,0 @@ -*ip6;test-ip6 - -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 accept -tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 -tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2;ok -ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept;ok diff --git a/tests/regression/ip6/ether.t.payload b/tests/regression/ip6/ether.t.payload deleted file mode 100644 index c7342cc0..00000000 --- a/tests/regression/ip6/ether.t.payload +++ /dev/null @@ -1,49 +0,0 @@ -# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] - -# ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept -ip6 test-ip6 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] - [ immediate reg 0 accept ] diff --git a/tests/regression/ip6/hbh.t b/tests/regression/ip6/hbh.t deleted file mode 100644 index 4e67c42a..00000000 --- a/tests/regression/ip6/hbh.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:filter-input;type filter hook input priority 0 - -hbh hdrlength 22;ok -hbh hdrlength != 233;ok -hbh hdrlength 33-45;ok -hbh hdrlength != 33-45;ok -hbh hdrlength {33, 55, 67, 88};ok -- hbh hdrlength != {33, 55, 67, 88};ok -hbh hdrlength { 33-55};ok -- hbh hdrlength != {33-55};ok - -hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;hbh nexthdr { 58, 136, 51, 50, 6, 17, 132, 33, 108} -- hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok -hbh nexthdr 22;ok -hbh nexthdr != 233;ok -hbh nexthdr 33-45;ok -hbh nexthdr != 33-45;ok -hbh nexthdr {33, 55, 67, 88};ok -- hbh nexthdr != {33, 55, 67, 88};ok -hbh nexthdr { 33-55};ok -- hbh nexthdr != {33-55};ok -hbh nexthdr ip;ok;hbh nexthdr 0 -hbh nexthdr != ip;ok;hbh nexthdr != 0 diff --git a/tests/regression/ip6/hbh.t.payload.inet b/tests/regression/ip6/hbh.t.payload.inet deleted file mode 100644 index 2b4c9c77..00000000 --- a/tests/regression/ip6/hbh.t.payload.inet +++ /dev/null @@ -1,94 +0,0 @@ -# hbh hdrlength 22 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# hbh hdrlength != 233 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# hbh hdrlength 33-45 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# hbh hdrlength != 33-45 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# hbh hdrlength {33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh hdrlength { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} -set%d test-inet 3 -set%d test-inet 0 - element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr 22 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# hbh nexthdr != 233 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# hbh nexthdr 33-45 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# hbh nexthdr != 33-45 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# hbh nexthdr {33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr ip -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# hbh nexthdr != ip -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - diff --git a/tests/regression/ip6/hbh.t.payload.ip6 b/tests/regression/ip6/hbh.t.payload.ip6 deleted file mode 100644 index a201ef56..00000000 --- a/tests/regression/ip6/hbh.t.payload.ip6 +++ /dev/null @@ -1,94 +0,0 @@ -# hbh hdrlength 22 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# hbh hdrlength != 233 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# hbh hdrlength 33-45 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# hbh hdrlength != 33-45 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# hbh hdrlength {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh hdrlength { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr 22 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# hbh nexthdr != 233 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# hbh nexthdr 33-45 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# hbh nexthdr != 33-45 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# hbh nexthdr {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr ip -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# hbh nexthdr != ip -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - diff --git a/tests/regression/ip6/icmpv6.t b/tests/regression/ip6/icmpv6.t deleted file mode 100644 index fca903f6..00000000 --- a/tests/regression/ip6/icmpv6.t +++ /dev/null @@ -1,96 +0,0 @@ -*ip6;test-ip6 -# BUG: There is a bug with icmpv6 and inet tables -# *inet;test-inet -:input;type filter hook input priority 0 - -icmpv6 type destination-unreachable accept;ok -icmpv6 type packet-too-big accept;ok -icmpv6 type time-exceeded accept;ok -icmpv6 type echo-request accept;ok -icmpv6 type echo-reply accept;ok -icmpv6 type mld-listener-query accept;ok -icmpv6 type mld-listener-report accept;ok -icmpv6 type mld-listener-reduction accept;ok -icmpv6 type nd-router-solicit accept;ok -icmpv6 type nd-router-advert accept;ok -icmpv6 type nd-neighbor-solicit accept;ok -icmpv6 type nd-neighbor-advert accept;ok -icmpv6 type nd-redirect accept;ok -icmpv6 type router-renumbering accept;ok -icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept;ok -icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept;ok -icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept;ok -- icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept;ok - -icmpv6 code 4;ok -icmpv6 code 3-66;ok -icmpv6 code {5, 6, 7} accept;ok -- icmpv6 code != {3, 66, 34};ok -icmpv6 code { 3-66};ok -- icmpv6 code != { 3-44};ok - -icmpv6 checksum 2222 log;ok -icmpv6 checksum != 2222 log;ok -icmpv6 checksum 222-226;ok -icmpv6 checksum != 2222 log;ok -icmpv6 checksum { 222, 226};ok -- icmpv6 checksum != { 222, 226};ok -icmpv6 checksum { 222-226};ok -- icmpv6 checksum != { 222-226};ok - -# BUG: icmpv6 parameter-problem, pptr, mtu, packet-too-big -# [ICMP6HDR_PPTR] = ICMP6HDR_FIELD("parameter-problem", icmp6_pptr), -# [ICMP6HDR_MTU] = ICMP6HDR_FIELD("packet-too-big", icmp6_mtu), -# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 35 -# :1:53-53: Error: syntax error, unexpected end of file -# add rule ip6 test6 input icmpv6 parameter-problem 35 -# ^ -# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem -# :1:26-31: Error: Value 58 exceeds valid range 0-0 -# add rule ip6 test6 input icmpv6 parameter-problem -# ^^^^^^ -# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 2-4 -# :1:54-54: Error: syntax error, unexpected end of file -# add rule ip6 test6 input icmpv6 parameter-problem 2-4 - -# BUG: packet-too-big -# $ sudo nft add rule ip6 test6 input icmpv6 packet-too-big 34 -# :1:50-50: Error: syntax error, unexpected end of file -# add rule ip6 test6 input icmpv6 packet-too-big 34 - -icmpv6 mtu 22;ok -icmpv6 mtu != 233;ok -icmpv6 mtu 33-45;ok -icmpv6 mtu != 33-45;ok -icmpv6 mtu {33, 55, 67, 88};ok -- icmpv6 mtu != {33, 55, 67, 88};ok -icmpv6 mtu {33-55};ok -- icmpv6 mtu != {33-55};ok - -- icmpv6 id 2;ok -- icmpv6 id != 233;ok -icmpv6 id 33-45;ok -icmpv6 id != 33-45;ok -icmpv6 id {33, 55, 67, 88};ok -- icmpv6 id != {33, 55, 67, 88};ok -icmpv6 id {33-55};ok -- icmpv6 id != {33-55};ok - -icmpv6 sequence 2;ok -icmpv6 sequence {3, 4, 5, 6, 7} accept;ok - -icmpv6 sequence {2, 4};ok -- icmpv6 sequence != {2, 4};ok -icmpv6 sequence 2-4;ok -icmpv6 sequence != 2-4;ok -icmpv6 sequence { 2-4};ok -- icmpv6 sequence != {2-4};ok - -- icmpv6 max-delay 22;ok -- icmpv6 max-delay != 233;ok -icmpv6 max-delay 33-45;ok -icmpv6 max-delay != 33-45;ok -icmpv6 max-delay {33, 55, 67, 88};ok -- icmpv6 max-delay != {33, 55, 67, 88};ok -icmpv6 max-delay {33-55};ok -- icmpv6 max-delay != {33-55};ok diff --git a/tests/regression/ip6/icmpv6.t.payload.ip6 b/tests/regression/ip6/icmpv6.t.payload.ip6 deleted file mode 100644 index 55af9d8d..00000000 --- a/tests/regression/ip6/icmpv6.t.payload.ip6 +++ /dev/null @@ -1,409 +0,0 @@ -# icmpv6 type destination-unreachable accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ immediate reg 0 accept ] - -# icmpv6 type packet-too-big accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# icmpv6 type time-exceeded accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000003 ] - [ immediate reg 0 accept ] - -# icmpv6 type echo-request accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000080 ] - [ immediate reg 0 accept ] - -# icmpv6 type echo-reply accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ immediate reg 0 accept ] - -# icmpv6 type mld-listener-query accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000082 ] - [ immediate reg 0 accept ] - -# icmpv6 type mld-listener-report accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000083 ] - [ immediate reg 0 accept ] - -# icmpv6 type mld-listener-reduction accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ immediate reg 0 accept ] - -# icmpv6 type nd-router-solicit accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000085 ] - [ immediate reg 0 accept ] - -# icmpv6 type nd-router-advert accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000086 ] - [ immediate reg 0 accept ] - -# icmpv6 type nd-neighbor-solicit accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000087 ] - [ immediate reg 0 accept ] - -# icmpv6 type nd-neighbor-advert accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ immediate reg 0 accept ] - -# icmpv6 type nd-redirect accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000089 ] - [ immediate reg 0 accept ] - -# icmpv6 type router-renumbering accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000008a ] - [ immediate reg 0 accept ] - -# icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 00000001 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 0000008a : 0 [end] element 00000084 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 00000082 : 0 [end] element 00000003 : 0 [end] element 00000086 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmpv6 code 4 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] - -# icmpv6 code 3-66 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000003 ] - [ cmp lte reg 1 0x00000042 ] - -# icmpv6 code {5, 6, 7} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmpv6 code { 3-66} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000003 : 0 [end] element 00000043 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 checksum 2222 log -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000ae08 ] - [ log prefix (null) ] - -# icmpv6 checksum != 2222 log -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000ae08 ] - [ log prefix (null) ] - -# icmpv6 checksum 222-226 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x0000de00 ] - [ cmp lte reg 1 0x0000e200 ] - -# icmpv6 checksum != 2222 log -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000ae08 ] - [ log prefix (null) ] - -# icmpv6 checksum { 222, 226} -set%d test-ip6 3 -set%d test-ip6 0 - element 0000de00 : 0 [end] element 0000e200 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 checksum { 222-226} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 0000de00 : 0 [end] element 0000e300 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 mtu 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# icmpv6 mtu != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# icmpv6 mtu 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# icmpv6 mtu != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# icmpv6 mtu {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 mtu {33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 id 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmpv6 id != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmpv6 id {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 id {33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 sequence 2 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000200 ] - -# icmpv6 sequence {3, 4, 5, 6, 7} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmpv6 sequence {2, 4} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000200 : 0 [end] element 00000400 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 sequence 2-4 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00000200 ] - [ cmp lte reg 1 0x00000400 ] - -# icmpv6 sequence != 2-4 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00000200 ] - [ cmp gt reg 1 0x00000400 ] - -# icmpv6 sequence { 2-4} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000200 : 0 [end] element 00000500 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 max-delay 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmpv6 max-delay != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmpv6 max-delay {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 max-delay {33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/ip6.t b/tests/regression/ip6/ip6.t deleted file mode 100644 index d4c5c7e3..00000000 --- a/tests/regression/ip6/ip6.t +++ /dev/null @@ -1,143 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -# BUG: Problem with version, priority -# :1:1-38: Error: Could not process rule: Invalid argument -# add rule ip6 test6 input ip6 version 1 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -- ip6 version 6;ok -- ip6 priority 3;ok - -# $ sudo nft add rule ip6 test6 input ip6 priority 33 -# :1:39-40: Error: Value 33 exceeds valid range 0-15 -# $ sudo nft add rule ip6 test6 input ip6 priority 3 -# :1:1-39: Error: Could not process rule: Invalid argument -# add rule ip6 test6 input ip6 priority 3 -#^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -ip6 flowlabel 22;ok -ip6 flowlabel != 233;ok -- ip6 flowlabel 33-45;ok -- ip6 flowlabel != 33-45;ok -ip6 flowlabel { 33, 55, 67, 88};ok -# BUG ip6 flowlabel { 5046528, 2883584, 13522432 } -- ip6 flowlabel != { 33, 55, 67, 88};ok -ip6 flowlabel { 33-55};ok -- ip6 flowlabel != { 33-55};ok - -ip6 length 22;ok -ip6 length != 233;ok -ip6 length 33-45;ok -ip6 length != 33-45;ok -- ip6 length { 33, 55, 67, 88};ok -- ip6 length != {33, 55, 67, 88};ok -ip6 length { 33-55};ok -- ip6 length != { 33-55};ok - -ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log;ok;ip6 nexthdr { 132, 51, 108, 136, 17, 33, 6} log -ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;ip6 nexthdr { 6, 136, 108, 33, 50, 17, 132, 58, 51} -- ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok -ip6 nexthdr esp;ok;ip6 nexthdr 50 -ip6 nexthdr != esp;ok;ip6 nexthdr != 50 -ip6 nexthdr { 33-44};ok -- p6 nexthdr != { 33-44};ok -ip6 nexthdr 33-44;ok -ip6 nexthdr != 33-44;ok - -ip6 hoplimit 1 log;ok -ip6 hoplimit != 233;ok -ip6 hoplimit 33-45;ok -ip6 hoplimit != 33-45;ok -ip6 hoplimit {33, 55, 67, 88};ok -- ip6 hoplimit != {33, 55, 67, 88};ok -ip6 hoplimit {33-55};ok -- ip6 hoplimit != {33-55};ok - -# from src/scanner.l -# v680 (({hex4}:){7}{hex4}) -ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234;ok -# v670 ((:)(:{hex4}{7})) -ip6 saddr ::1234:1234:1234:1234:1234:1234:1234;ok;ip6 saddr 0:1234:1234:1234:1234:1234:1234:1234 -# v671 ((({hex4}:){1})(:{hex4}{6})) -ip6 saddr 1234::1234:1234:1234:1234:1234:1234;ok;ip6 saddr 1234:0:1234:1234:1234:1234:1234:1234 -# v672 ((({hex4}:){2})(:{hex4}{5})) -ip6 saddr 1234:1234::1234:1234:1234:1234:1234;ok;ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 -ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234;ok -# v673 ((({hex4}:){3})(:{hex4}{4})) -ip6 saddr 1234:1234:1234::1234:1234:1234:1234;ok;ip6 saddr 1234:1234:1234:0:1234:1234:1234:1234 -# v674 ((({hex4}:){4})(:{hex4}{3})) -ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234;ok -# v675 ((({hex4}:){5})(:{hex4}{2})) -ip6 saddr 1234:1234:1234:1234:1234::1234:1234;ok;ip6 saddr 1234:1234:1234:1234:1234:0:1234:1234 -# v676 ((({hex4}:){6})(:{hex4}{1})) -ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234;ok -# v677 ((({hex4}:){7})(:)) -ip6 saddr 1234:1234:1234:1234:1234:1234:1234::;ok;ip6 saddr 1234:1234:1234:1234:1234:1234:1234:0 -# v67 ({v670}|{v671}|{v672}|{v673}|{v674}|{v675}|{v676}|{v677}) -# v660 ((:)(:{hex4}{6})) -ip6 saddr ::1234:1234:1234:1234:1234:1234;ok -# v661 ((({hex4}:){1})(:{hex4}{5})) -ip6 saddr 1234::1234:1234:1234:1234:1234;ok -# v662 ((({hex4}:){2})(:{hex4}{4})) -ip6 saddr 1234:1234::1234:1234:1234:1234;ok -# v663 ((({hex4}:){3})(:{hex4}{3})) -ip6 saddr 1234:1234:1234::1234:1234:1234;ok -# v664 ((({hex4}:){4})(:{hex4}{2})) -ip6 saddr 1234:1234:1234:1234::1234:1234;ok -# v665 ((({hex4}:){5})(:{hex4}{1})) -ip6 saddr 1234:1234:1234:1234:1234::1234;ok -# v666 ((({hex4}:){6})(:)) -ip6 saddr 1234:1234:1234:1234:1234:1234::;ok -# v66 ({v660}|{v661}|{v662}|{v663}|{v664}|{v665}|{v666}) -# v650 ((:)(:{hex4}{5})) -ip6 saddr ::1234:1234:1234:1234:1234;ok -# v651 ((({hex4}:){1})(:{hex4}{4})) -ip6 saddr 1234::1234:1234:1234:1234;ok -# v652 ((({hex4}:){2})(:{hex4}{3})) -ip6 saddr 1234:1234::1234:1234:1234;ok -# v653 ((({hex4}:){3})(:{hex4}{2})) -ip6 saddr 1234:1234:1234::1234:1234;ok -# v654 ((({hex4}:){4})(:{hex4}{1})) -ip6 saddr 1234:1234:1234:1234::1234;ok -# v655 ((({hex4}:){5})(:)) -ip6 saddr 1234:1234:1234:1234:1234::;ok -# v65 ({v650}|{v651}|{v652}|{v653}|{v654}|{v655}) -# v640 ((:)(:{hex4}{4})) -ip6 saddr ::1234:1234:1234:1234;ok -# v641 ((({hex4}:){1})(:{hex4}{3})) -ip6 saddr 1234::1234:1234:1234;ok -# v642 ((({hex4}:){2})(:{hex4}{2})) -ip6 saddr 1234:1234::1234:1234;ok -# v643 ((({hex4}:){3})(:{hex4}{1})) -ip6 saddr 1234:1234:1234::1234;ok -# v644 ((({hex4}:){4})(:)) -ip6 saddr 1234:1234:1234:1234::;ok -# v64 ({v640}|{v641}|{v642}|{v643}|{v644}) -# v630 ((:)(:{hex4}{3})) -ip6 saddr ::1234:1234:1234;ok -# v631 ((({hex4}:){1})(:{hex4}{2})) -ip6 saddr 1234::1234:1234;ok -# v632 ((({hex4}:){2})(:{hex4}{1})) -ip6 saddr 1234:1234::1234;ok -# v633 ((({hex4}:){3})(:)) -ip6 saddr 1234:1234:1234::;ok -# v63 ({v630}|{v631}|{v632}|{v633}) -# v620 ((:)(:{hex4}{2})) -ip6 saddr ::1234:1234;ok;ip6 saddr ::18.52.18.52 -# v621 ((({hex4}:){1})(:{hex4}{1})) -ip6 saddr 1234::1234;ok -# v622 ((({hex4}:){2})(:)) -ip6 saddr 1234:1234::;ok -# v62 ({v620}|{v621}|{v622}) -# v610 ((:)(:{hex4}{1})) -ip6 saddr ::1234;ok -# v611 ((({hex4}:){1})(:)) -ip6 saddr 1234::;ok -# v61 ({v610}|{v611}) -# v60 (::) -ip6 saddr ::/64;ok - -- ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 };ok -ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234;ok;ip6 daddr != 0:1234:1234:1234:1234:1234:1234:1234-1234:1234:0:1234:1234:1234:1234:1234 diff --git a/tests/regression/ip6/ip6.t.payload.inet b/tests/regression/ip6/ip6.t.payload.inet deleted file mode 100644 index b4fd2779..00000000 --- a/tests/regression/ip6/ip6.t.payload.inet +++ /dev/null @@ -1,461 +0,0 @@ -# ip6 flowlabel 22 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 3b @ network header + 1 => reg 1 ] - [ cmp eq reg 1 0x00160000 ] - -# ip6 flowlabel != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 3b @ network header + 1 => reg 1 ] - [ cmp neq reg 1 0x00e90000 ] - -# ip6 flowlabel { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 3b @ network header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 flowlabel { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 3b @ network header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 length 22 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip6 length != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip6 length 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip6 length != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip6 length { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log -set%d test-inet 3 -set%d test-inet 0 - element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - [ log prefix (null) ] - -# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} -set%d test-inet 3 -set%d test-inet 0 - element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr esp -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# ip6 nexthdr != esp -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# ip6 nexthdr { 33-44} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr 33-44 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002c ] - -# ip6 nexthdr != 33-44 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002c ] - -# ip6 hoplimit 1 log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ log prefix (null) ] - -# ip6 hoplimit != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# ip6 hoplimit 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# ip6 hoplimit != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# ip6 hoplimit {33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 hoplimit {33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ] - -# ip6 saddr ::1234:1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ] - -# ip6 saddr ::1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ] - -# ip6 saddr ::1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ] - -# ip6 saddr ::1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ] - -# ip6 saddr ::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ] - -# ip6 saddr ::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ] - -# ip6 saddr ::/64 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] - -# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] - [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - diff --git a/tests/regression/ip6/ip6.t.payload.ip6 b/tests/regression/ip6/ip6.t.payload.ip6 deleted file mode 100644 index d355adae..00000000 --- a/tests/regression/ip6/ip6.t.payload.ip6 +++ /dev/null @@ -1,339 +0,0 @@ -# ip6 flowlabel 22 -ip6 test-ip6 input - [ payload load 3b @ network header + 1 => reg 1 ] - [ cmp eq reg 1 0x00160000 ] - -# ip6 flowlabel != 233 -ip6 test-ip6 input - [ payload load 3b @ network header + 1 => reg 1 ] - [ cmp neq reg 1 0x00e90000 ] - -# ip6 flowlabel { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] -ip6 test-ip6 input - [ payload load 3b @ network header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 flowlabel { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] -ip6 test-ip6 input - [ payload load 3b @ network header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 length 22 -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip6 length != 233 -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip6 length 33-45 -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip6 length != 33-45 -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip6 length { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log -set%d test-ip6 3 -set%d test-ip6 0 - element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - [ log prefix (null) ] - -# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr esp -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# ip6 nexthdr != esp -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# ip6 nexthdr { 33-44} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr 33-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002c ] - -# ip6 nexthdr != 33-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002c ] - -# ip6 hoplimit 1 log -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ log prefix (null) ] - -# ip6 hoplimit != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# ip6 hoplimit 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# ip6 hoplimit != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# ip6 hoplimit {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 hoplimit {33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ] - -# ip6 saddr ::1234:1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ] - -# ip6 saddr ::1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ] - -# ip6 saddr ::1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ] - -# ip6 saddr ::1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ] - -# ip6 saddr ::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ] - -# ip6 saddr ::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ] - -# ip6 saddr ::/64 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] - -# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] - [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - diff --git a/tests/regression/ip6/masquerade.t b/tests/regression/ip6/masquerade.t deleted file mode 100644 index 4e6c086c..00000000 --- a/tests/regression/ip6/masquerade.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip6;test-ip6 -:postrouting;type nat hook postrouting priority 0 - -# nf_nat flags combination -udp dport 53 masquerade;ok -udp dport 53 masquerade random;ok -udp dport 53 masquerade random,persistent;ok -udp dport 53 masquerade random,persistent,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent -udp dport 53 masquerade random,fully-random;ok -udp dport 53 masquerade random,fully-random,persistent;ok -udp dport 53 masquerade persistent;ok -udp dport 53 masquerade persistent,random;ok;udp dport 53 masquerade random,persistent -udp dport 53 masquerade persistent,random,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent -udp dport 53 masquerade persistent,fully-random;ok;udp dport 53 masquerade fully-random,persistent -udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerade random,fully-random,persistent - -# masquerade is a terminal statement -tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail -tcp sport 22 masquerade accept;fail -ip6 saddr ::1 masquerade drop;fail - -# masquerade with sets -tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade;ok -ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade;ok -iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade;ok diff --git a/tests/regression/ip6/masquerade.t.payload.ip6 b/tests/regression/ip6/masquerade.t.payload.ip6 deleted file mode 100644 index 2e8bf959..00000000 --- a/tests/regression/ip6/masquerade.t.payload.ip6 +++ /dev/null @@ -1,127 +0,0 @@ -# udp dport 53 masquerade -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq ] - -# udp dport 53 masquerade random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x4 ] - -# udp dport 53 masquerade random,persistent -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0xc ] - -# udp dport 53 masquerade random,persistent,fully-random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade random,fully-random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x14 ] - -# udp dport 53 masquerade random,fully-random,persistent -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade persistent -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x8 ] - -# udp dport 53 masquerade persistent,random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0xc ] - -# udp dport 53 masquerade persistent,random,fully-random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade persistent,fully-random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x18 ] - -# udp dport 53 masquerade persistent,fully-random,random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade -set%d test-ip6 3 -set%d test-ip6 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ masq ] - -# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade -ip6 test-ip6 postrouting - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] - [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ counter pkts 0 bytes 0 ] - [ masq ] - -# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade -map%d test-ip6 b -map%d test-ip6 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] -ip6 test-ip6 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - [ masq ] - diff --git a/tests/regression/ip6/mh.t b/tests/regression/ip6/mh.t deleted file mode 100644 index cd652b39..00000000 --- a/tests/regression/ip6/mh.t +++ /dev/null @@ -1,49 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -mh nexthdr 1;ok -mh nexthdr != 1;ok -mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp };ok;mh nexthdr { 58, 17, 108, 6, 51, 136, 50, 132, 33} -- mh nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok -mh nexthdr icmp;ok;mh nexthdr 1 -mh nexthdr != icmp;ok;mh nexthdr != 1 -mh nexthdr 22;ok -mh nexthdr != 233;ok -mh nexthdr 33-45;ok -mh nexthdr != 33-45;ok -mh nexthdr { 33, 55, 67, 88 };ok -- mh nexthdr != { 33, 55, 67, 88 };ok -mh nexthdr { 33-55 };ok -- mh nexthdr != { 33-55 };ok - -mh hdrlength 22;ok -mh hdrlength != 233;ok -mh hdrlength 33-45;ok -mh hdrlength != 33-45;ok -mh hdrlength { 33, 55, 67, 88 };ok -- mh hdrlength != { 33, 55, 67, 88 };ok -mh hdrlength { 33-55 };ok -- mh hdrlength != { 33-55 };ok - -mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message};ok -mh type home-agent-switch-message;ok -mh type != home-agent-switch-message;ok - -mh reserved 22;ok -mh reserved != 233;ok -mh reserved 33-45;ok -mh reserved != 33-45;ok -mh reserved { 33, 55, 67, 88};ok -- mh reserved != {33, 55, 67, 88};ok -mh reserved { 33-55};ok -- mh reserved != { 33-55};ok - -mh checksum 22;ok -mh checksum != 233;ok -mh checksum 33-45;ok -mh checksum != 33-45;ok -mh checksum { 33, 55, 67, 88};ok -- mh checksum != { 33, 55, 67, 88};ok -mh checksum { 33-55};ok -- mh checksum != { 33-55};ok diff --git a/tests/regression/ip6/mh.t.payload.inet b/tests/regression/ip6/mh.t.payload.inet deleted file mode 100644 index 53a0ce08..00000000 --- a/tests/regression/ip6/mh.t.payload.inet +++ /dev/null @@ -1,198 +0,0 @@ -# mh nexthdr 1 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# mh nexthdr != 1 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } -set%d test-inet 3 -set%d test-inet 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh nexthdr icmp -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# mh nexthdr != icmp -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# mh nexthdr 22 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh nexthdr != 233 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh nexthdr 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh nexthdr != 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh nexthdr { 33, 55, 67, 88 } -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh nexthdr { 33-55 } -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh hdrlength 22 -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh hdrlength != 233 -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh hdrlength 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh hdrlength != 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh hdrlength { 33, 55, 67, 88 } -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh hdrlength { 33-55 } -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} -set%d test-inet 3 -set%d test-inet 0 - element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh type home-agent-switch-message -inet test-inet input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ cmp eq reg 1 0x0000000c ] - -# mh type != home-agent-switch-message -inet test-inet input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ cmp neq reg 1 0x0000000c ] - -# mh reserved 22 -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh reserved != 233 -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh reserved 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh reserved != 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh reserved { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh reserved { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh checksum 22 -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# mh checksum != 233 -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# mh checksum 33-45 -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# mh checksum != 33-45 -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# mh checksum { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh checksum { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/mh.t.payload.ip6 b/tests/regression/ip6/mh.t.payload.ip6 deleted file mode 100644 index e903b74f..00000000 --- a/tests/regression/ip6/mh.t.payload.ip6 +++ /dev/null @@ -1,198 +0,0 @@ -# mh nexthdr 1 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# mh nexthdr != 1 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } -set%d test-ip6 3 -set%d test-ip6 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh nexthdr icmp -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# mh nexthdr != icmp -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# mh nexthdr 22 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh nexthdr != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh nexthdr 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh nexthdr != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh nexthdr { 33, 55, 67, 88 } -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh nexthdr { 33-55 } -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh hdrlength 22 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh hdrlength != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh hdrlength 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh hdrlength != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh hdrlength { 33, 55, 67, 88 } -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh hdrlength { 33-55 } -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh type home-agent-switch-message -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ cmp eq reg 1 0x0000000c ] - -# mh type != home-agent-switch-message -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ cmp neq reg 1 0x0000000c ] - -# mh reserved 22 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh reserved != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh reserved 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh reserved != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh reserved { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh reserved { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh checksum 22 -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# mh checksum != 233 -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# mh checksum 33-45 -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# mh checksum != 33-45 -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# mh checksum { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh checksum { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/redirect.t b/tests/regression/ip6/redirect.t deleted file mode 100644 index 31ffe8c9..00000000 --- a/tests/regression/ip6/redirect.t +++ /dev/null @@ -1,44 +0,0 @@ -*ip6;test-ip6 -:output;type nat hook output priority 0 - -# with no arguments -redirect;ok -udp dport 954 redirect;ok -ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect;ok - -# nf_nat flags combination -udp dport 53 redirect random;ok -udp dport 53 redirect random,persistent;ok -udp dport 53 redirect random,persistent,fully-random;ok;udp dport 53 redirect random,fully-random,persistent -udp dport 53 redirect random,fully-random;ok -udp dport 53 redirect random,fully-random,persistent;ok -udp dport 53 redirect persistent;ok -udp dport 53 redirect persistent,random;ok;udp dport 53 redirect random,persistent -udp dport 53 redirect persistent,random,fully-random;ok;udp dport 53 redirect random,fully-random,persistent -udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-random,persistent -udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent - -# port specification -udp dport 1234 redirect to 1234;ok -ip6 daddr fe00::cafe udp dport 9998 redirect to 6515;ok -tcp dport 39128 redirect to 993;ok -redirect to 1234;fail -redirect to 12341111;fail - -# both port and nf_nat flags -tcp dport 9128 redirect to 993 random;ok -tcp dport 9128 redirect to 993 fully-random,persistent;ok - -# nf_nat flags are the last argument -tcp dport 9128 redirect persistent to 123;fail -tcp dport 9128 redirect random,persistent to 123;fail - -# redirect is a terminal statement -tcp dport 22 redirect counter packets 0 bytes 0 accept;fail -tcp sport 22 redirect accept;fail -ip6 saddr ::1 redirect drop;fail - -# redirect with sets -tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok -ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect;ok -iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok diff --git a/tests/regression/ip6/redirect.t.payload.ip6 b/tests/regression/ip6/redirect.t.payload.ip6 deleted file mode 100644 index 3369a7a3..00000000 --- a/tests/regression/ip6/redirect.t.payload.ip6 +++ /dev/null @@ -1,185 +0,0 @@ -# redirect -ip6 test-ip6 output - [ redir ] - -# udp dport 954 redirect -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000ba03 ] - [ redir ] - -# ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect -ip6 test-ip6 output - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ] - [ counter pkts 0 bytes 0 ] - [ redir ] - -# udp dport 53 redirect random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x4 ] - -# udp dport 53 redirect random,persistent -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0xc ] - -# udp dport 53 redirect random,persistent,fully-random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect random,fully-random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x14 ] - -# udp dport 53 redirect random,fully-random,persistent -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect persistent -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x8 ] - -# udp dport 53 redirect persistent,random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0xc ] - -# udp dport 53 redirect persistent,random,fully-random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect persistent,fully-random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x18 ] - -# udp dport 53 redirect persistent,fully-random,random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 1234 redirect to 1234 -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 1 0x0000d204 ] - [ redir proto_min reg 1 ] - -# ip6 daddr fe00::cafe udp dport 9998 redirect to 6515 -ip6 test-ip6 output - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00000e27 ] - [ immediate reg 1 0x00007319 ] - [ redir proto_min reg 1 ] - -# tcp dport 39128 redirect to 993 -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000d898 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 ] - -# tcp dport 9128 redirect to 993 random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x4 ] - -# tcp dport 9128 redirect to 993 fully-random,persistent -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x18 ] - -# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect -set%d test-ip6 3 -set%d test-ip6 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ redir ] - -# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect -ip6 test-ip6 output - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] - [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ counter pkts 0 bytes 0 ] - [ redir ] - -# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect -map%d test-ip6 b -map%d test-ip6 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] -ip6 test-ip6 output - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - [ redir ] - diff --git a/tests/regression/ip6/reject.t b/tests/regression/ip6/reject.t deleted file mode 100644 index 60dec90e..00000000 --- a/tests/regression/ip6/reject.t +++ /dev/null @@ -1,12 +0,0 @@ -*ip6;test-ip6 -:output;type filter hook output priority 0 - -reject;ok -reject with icmpv6 type no-route;ok -reject with icmpv6 type admin-prohibited;ok -reject with icmpv6 type addr-unreachable;ok -reject with icmpv6 type port-unreachable;ok;reject -reject with tcp reset;ok;ip6 nexthdr 6 reject with tcp reset - -reject with icmpv6 type host-unreachable;fail -reject with icmp type host-unreachable;fail diff --git a/tests/regression/ip6/reject.t.payload.ip6 b/tests/regression/ip6/reject.t.payload.ip6 deleted file mode 100644 index aa0b9ff2..00000000 --- a/tests/regression/ip6/reject.t.payload.ip6 +++ /dev/null @@ -1,26 +0,0 @@ -# reject -ip6 test-ip6 output - [ reject type 0 code 4 ] - -# reject with icmpv6 type no-route -ip6 test-ip6 output - [ reject type 0 code 0 ] - -# reject with icmpv6 type admin-prohibited -ip6 test-ip6 output - [ reject type 0 code 1 ] - -# reject with icmpv6 type addr-unreachable -ip6 test-ip6 output - [ reject type 0 code 3 ] - -# reject with icmpv6 type port-unreachable -ip6 test-ip6 output - [ reject type 0 code 4 ] - -# reject with tcp reset -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ reject type 1 code 0 ] - diff --git a/tests/regression/ip6/rt.t b/tests/regression/ip6/rt.t deleted file mode 100644 index eca47ca8..00000000 --- a/tests/regression/ip6/rt.t +++ /dev/null @@ -1,45 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -rt nexthdr 1;ok -rt nexthdr != 1;ok -rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;rt nexthdr { 33, 136, 50, 132, 51, 17, 108, 6, 58} -- rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok -rt nexthdr icmp;ok;rt nexthdr 1 -rt nexthdr != icmp;ok;rt nexthdr != 1 -rt nexthdr 22;ok -rt nexthdr != 233;ok -rt nexthdr 33-45;ok -rt nexthdr != 33-45;ok -rt nexthdr { 33, 55, 67, 88};ok -- rt nexthdr != { 33, 55, 67, 88};ok -rt nexthdr { 33-55};ok;rt nexthdr { 33-55} -- rt nexthdr != { 33-55};ok - -rt hdrlength 22;ok -rt hdrlength != 233;ok -rt hdrlength 33-45;ok -rt hdrlength != 33-45;ok -rt hdrlength { 33, 55, 67, 88};ok -- rt hdrlength != { 33, 55, 67, 88};ok -rt hdrlength { 33-55};ok -- rt hdrlength != { 33-55};ok - -rt type 22;ok -rt type != 233;ok -rt type 33-45;ok -rt type != 33-45;ok -rt type { 33, 55, 67, 88};ok -- rt type != { 33, 55, 67, 88};ok -rt type { 33-55};ok -- rt type != { 33-55};ok - -rt seg-left 22;ok -rt seg-left != 233;ok -rt seg-left 33-45;ok -rt seg-left != 33-45;ok -rt seg-left { 33, 55, 67, 88};ok -- rt seg-left != { 33, 55, 67, 88};ok -rt seg-left { 33-55};ok -- rt seg-left != { 33-55};ok diff --git a/tests/regression/ip6/rt.t.payload.inet b/tests/regression/ip6/rt.t.payload.inet deleted file mode 100644 index 9dc51b97..00000000 --- a/tests/regression/ip6/rt.t.payload.inet +++ /dev/null @@ -1,180 +0,0 @@ -# rt nexthdr 1 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# rt nexthdr != 1 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} -set%d test-inet 3 -set%d test-inet 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt nexthdr icmp -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# rt nexthdr != icmp -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# rt nexthdr 22 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt nexthdr != 233 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt nexthdr 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt nexthdr != 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt nexthdr { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt nexthdr { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt hdrlength 22 -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt hdrlength != 233 -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt hdrlength 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt hdrlength != 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt hdrlength { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt hdrlength { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt type 22 -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt type != 233 -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt type 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt type != 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt type { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt type { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt seg-left 22 -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt seg-left != 233 -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt seg-left 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt seg-left != 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt seg-left { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt seg-left { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/rt.t.payload.ip6 b/tests/regression/ip6/rt.t.payload.ip6 deleted file mode 100644 index f766ec0a..00000000 --- a/tests/regression/ip6/rt.t.payload.ip6 +++ /dev/null @@ -1,180 +0,0 @@ -# rt nexthdr 1 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# rt nexthdr != 1 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt nexthdr icmp -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# rt nexthdr != icmp -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# rt nexthdr 22 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt nexthdr != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt nexthdr 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt nexthdr != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt nexthdr { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt nexthdr { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt hdrlength 22 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt hdrlength != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt hdrlength 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt hdrlength != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt hdrlength { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt hdrlength { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt type 22 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt type != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt type 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt type != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt type { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt type { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt seg-left 22 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt seg-left != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt seg-left 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt seg-left != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt seg-left { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt seg-left { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/sets.t b/tests/regression/ip6/sets.t deleted file mode 100644 index 4938929c..00000000 --- a/tests/regression/ip6/sets.t +++ /dev/null @@ -1,22 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -!set_ipv6_add1 ipv6_addr;ok -!set_inet1 inet_proto;ok -!set_inet inet_service;ok -!set_time time;ok - -?set2 192.168.3.4;fail -!set2 ipv6_addr;ok -?set2 1234:1234::1234:1234:1234:1234:1234;ok -?set2 1234:1234::1234:1234:1234:1234:1234;fail -?set2 1234::1234:1234:1234;ok -?set2 1234:1234:1234:1234:1234::1234:1234 1234:1234::123;ok -?set2 192.168.3.8 192.168.3.9;fail -?set2 1234:1234::1234:1234:1234:1234;ok -?set2 1234:1234::1234:1234:1234:1234;fail -?set2 1234:1234:1234::1234;ok - -ip6 saddr @set2 drop;ok -ip6 saddr @set33 drop;fail diff --git a/tests/regression/ip6/sets.t.payload b/tests/regression/ip6/sets.t.payload deleted file mode 100644 index e69de29b..00000000 diff --git a/tests/regression/ip6/sets.t.payload.inet b/tests/regression/ip6/sets.t.payload.inet deleted file mode 100644 index 27be86be..00000000 --- a/tests/regression/ip6/sets.t.payload.inet +++ /dev/null @@ -1,8 +0,0 @@ -# ip6 saddr @set2 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set2 ] - [ immediate reg 0 drop ] - diff --git a/tests/regression/ip6/sets.t.payload.ip6 b/tests/regression/ip6/sets.t.payload.ip6 deleted file mode 100644 index 0e51fd3e..00000000 --- a/tests/regression/ip6/sets.t.payload.ip6 +++ /dev/null @@ -1,6 +0,0 @@ -# ip6 saddr @set2 drop -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set2 ] - [ immediate reg 0 drop ] - diff --git a/tests/regression/ip6/snat.t b/tests/regression/ip6/snat.t deleted file mode 100644 index 37bf1a1d..00000000 --- a/tests/regression/ip6/snat.t +++ /dev/null @@ -1,5 +0,0 @@ -*ip6;test-ip6 -:postrouting;type nat hook postrouting priority 0 - -tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::80-100 -tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100;ok diff --git a/tests/regression/ip6/snat.t.payload.ip6 b/tests/regression/ip6/snat.t.payload.ip6 deleted file mode 100644 index 486bbb8b..00000000 --- a/tests/regression/ip6/snat.t.payload.ip6 +++ /dev/null @@ -1,25 +0,0 @@ -# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100 -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] - [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] - [ immediate reg 3 0x00005000 ] - [ immediate reg 4 0x00006400 ] - [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] - -# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100 -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] - [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] - [ immediate reg 3 0x00006400 ] - [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] - diff --git a/tests/regression/ip6/vmap.t b/tests/regression/ip6/vmap.t deleted file mode 100644 index 301a28ae..00000000 --- a/tests/regression/ip6/vmap.t +++ /dev/null @@ -1,54 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -ip6 saddr vmap { abcd::3 : accept };ok -ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234:1234;fail - -# Ipv6 address combinations -# from src/scanner.l -ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 0:1234:1234:1234:1234:1234:1234:1234 : accept} -ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:0:1234:1234:1234:1234:1234:1234 : accept} -ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:0:1234:1234:1234:1234:1234 : accept} -ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:0:1234:1234:1234:1234 : accept} -ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:0:1234:1234:1234 : accept} -ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:0:1234:1234 : accept} -ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:0:1234 : accept} -ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:0 : accept} -ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept};ok -ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept};ok -ip6 saddr vmap { ::1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234::1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234::1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234::1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234:: : accept};ok -ip6 saddr vmap { ::1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234::1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234::1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:: : accept};ok -ip6 saddr vmap { ::1234:1234 : accept};ok;ip6 saddr vmap { ::18.52.18.52 : accept} -ip6 saddr vmap { 1234::1234 : accept};ok -ip6 saddr vmap { 1234:1234:: : accept};ok -ip6 saddr vmap { ::1234 : accept};ok -ip6 saddr vmap { 1234:: : accept};ok -ip6 saddr vmap { ::/64 : accept};ok - -ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::aaaa : drop} -ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::bbbb : drop} -ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::cccc : drop} -ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::dddd: drop} - -# rule without comma: -filter-input ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:bbbb:::accept::adda : drop};fail diff --git a/tests/regression/ip6/vmap.t.payload.inet b/tests/regression/ip6/vmap.t.payload.inet deleted file mode 100644 index f0312bf3..00000000 --- a/tests/regression/ip6/vmap.t.payload.inet +++ /dev/null @@ -1,420 +0,0 @@ -# ip6 saddr vmap { abcd::3 : accept } -map%d test-inet b -map%d test-inet 0 - element 0000cdab 00000000 00000000 03000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34120000 34123412 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 34123412 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34120000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00003412 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34120000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00003412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 00003412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 34123412 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 34120000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00000000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00003412 34120000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00000000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00003412 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 34120000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 00000000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00000000 34120000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00003412 00000000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00000000 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00003412 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 00000000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 00000000 34120000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00000000 00000000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00003412 00000000 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00000000 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 00000000 34120000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 00000000 00000000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00000000 00000000 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00003412 00000000 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 00000000 00000000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 00000000 00000000 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00000000 00000000 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 00000000 00000000 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 00000000 00000000 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::/64 : accept} -map%d test-inet f -map%d test-inet 0 - element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - diff --git a/tests/regression/ip6/vmap.t.payload.ip6 b/tests/regression/ip6/vmap.t.payload.ip6 deleted file mode 100644 index 0701b9b3..00000000 --- a/tests/regression/ip6/vmap.t.payload.ip6 +++ /dev/null @@ -1,336 +0,0 @@ -# ip6 saddr vmap { abcd::3 : accept } -map%d test-ip6 b -map%d test-ip6 0 - element 0000cdab 00000000 00000000 03000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34120000 34123412 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 34123412 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34120000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00003412 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34120000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00003412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 00003412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 34123412 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 34120000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00000000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00003412 34120000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00000000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00003412 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 34120000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 00000000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00000000 34120000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00003412 00000000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00000000 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00003412 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 00000000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 00000000 34120000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00000000 00000000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00003412 00000000 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00000000 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 00000000 34120000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 00000000 00000000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00000000 00000000 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00003412 00000000 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 00000000 00000000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 00000000 00000000 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00000000 00000000 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 00000000 00000000 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 00000000 00000000 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::/64 : accept} -map%d test-ip6 f -map%d test-ip6 0 - element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - diff --git a/tests/regression/nft-test.py b/tests/regression/nft-test.py deleted file mode 100755 index e68087f3..00000000 --- a/tests/regression/nft-test.py +++ /dev/null @@ -1,968 +0,0 @@ -#!/usr/bin/python -# -# (C) 2014 by Ana Rey Botello -# -# Based on iptables-test.py: -# (C) 2012 by Pablo Neira Ayuso " -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Thanks to the Outreach Program for Women (OPW) for sponsoring this test -# infrastructure. - -import sys -import os -import subprocess -import argparse -import signal - -TERMINAL_PATH = os.getcwd() -NFT_BIN = "src/nft" -TESTS_PATH = os.path.dirname(os.path.abspath(__file__)) -TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6"] -LOGFILE = "/tmp/nftables-test.log" -log_file = None -table_list = [] -chain_list = [] -all_set = dict() -signal_received = 0 - - -class Colors: - if sys.stdout.isatty(): - HEADER = '\033[95m' - GREEN = '\033[92m' - YELLOW = '\033[93m' - RED = '\033[91m' - ENDC = '\033[0m' - else: - HEADER = '' - GREEN = '' - YELLOW = '' - RED = '' - ENDC = '' - -def print_msg(reason, filename=None, lineno=None, color=None, errstr=None): - ''' - Prints a message with nice colors, indicating file and line number. - ''' - if filename and lineno: - print (filename + ": " + color + "ERROR:" + - Colors.ENDC + " line %d: %s" % (lineno + 1, reason)) - else: - print (color + "ERROR:" + Colors.ENDC + " %s" % (reason)) - -def print_error(reason, filename=None, lineno=None): - print_msg(reason, filename, lineno, Colors.RED, "ERROR:") - -def print_warning(reason, filename=None, lineno=None): - print_msg(reason, filename, lineno, Colors.YELLOW, "WARNING:") - - -def print_differences_warning(filename, lineno, rule1, rule2, cmd): - reason = "'" + rule1 + "' mismatches '" + rule2 + "'" - print filename + ": " + Colors.YELLOW + "WARNING: " + Colors.ENDC + \ - "line: " + str(lineno + 1) + ": '" + cmd + "': " + reason - - -def print_differences_error(filename, lineno, output, cmd): - reason = "Listing is broken." - print filename + ": " + Colors.RED + "ERROR: " + Colors.ENDC + \ - "line: " + str(lineno + 1) + ": '" + cmd + "': " + reason - - -def table_exist(table, filename, lineno): - ''' - Exists a table. - ''' - cmd = NFT_BIN + " list -nnn table " + table[0] + " " + table[1] - ret = execute_cmd(cmd, filename, lineno) - - return True if (ret == 0) else False - - -def table_flush(table, filename, lineno): - ''' - Flush a table. - ''' - cmd = NFT_BIN + " flush table " + str(table[0]) + " " + str(table[1]) - ret = execute_cmd(cmd, filename, lineno) - - return cmd - - -def table_create(table, filename, lineno): - ''' - Adds a table. - ''' - ## We check if table exists. - if table_exist(table, filename, lineno): - reason = "Table " + table[1] + " already exists" - print_error(reason, filename, lineno) - return -1 - - table_list.append(table) - - ## We add a new table - cmd = NFT_BIN + " add table " + table[0] + " " + table[1] - ret = execute_cmd(cmd, filename, lineno) - - if ret != 0: - reason = "Cannot add table " + table[1] - print_error(reason, filename, lineno) - table_list.remove(table) - return -1 - - ## We check if table was added correctly. - if not table_exist(table, filename, lineno): - table_list.remove(table) - reason = "I have just added the table " + table[1] + \ - " but it does not exist. Giving up!" - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def table_delete(table, filename=None, lineno=None): - ''' - Deletes a table. - ''' - table_info = " " + table[0] + " " + table[1] + " " - - if not table_exist(table, filename, lineno): - reason = "Table " + table[1] + \ - " does not exist but I added it before." - print_error(reason, filename, lineno) - return -1 - - cmd = NFT_BIN + " delete table" + table_info - ret = execute_cmd(cmd, filename, lineno) - if ret != 0: - reason = cmd + ": " \ - "I cannot delete table '" + table[1] + "'. Giving up! " - print_error(reason, filename, lineno) - return -1 - - if table_exist(table, filename, lineno): - reason = "I have just deleted the table " + table[1] + \ - " but the table still exists." - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def chain_exist(chain, table, filename, lineno): - ''' - Checks a chain - ''' - - table_info = " " + table[0] + " " + table[1] + " " - cmd = NFT_BIN + " list -nnn chain" + table_info + chain - ret = execute_cmd(cmd, filename, lineno) - - return True if (ret == 0) else False - - -def chain_create(chain, chain_type, chain_list, table, filename, lineno): - ''' - Adds a chain - ''' - - table_info = " " + table[0] + " " + table[1] + " " - - if chain_exist(chain, table, filename, lineno): - reason = "This chain '" + chain + "' exists in " + table[1] + "." + \ - "I cannot create two chains with same name." - print_error(reason, filename, lineno) - return -1 - - if chain_type: - cmd = NFT_BIN + " add chain" + table_info + chain + "\{ " + chain_type + "\; \}" - else: - cmd = NFT_BIN + " add chain" + table_info + chain - - ret = execute_cmd(cmd, filename, lineno) - if ret != 0: - reason = "I cannot create the chain '" + chain - print_error(reason, filename, lineno) - return -1 - - if not chain in chain_list: - chain_list.append(chain) - - if not chain_exist(chain, table, filename, lineno): - reason = "I have added the chain '" + chain + \ - "' but it does not exist in " + table[1] - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def chain_delete(chain, table, filename=None, lineno=None): - ''' - Flushes and deletes a chain. - ''' - - table_info = " " + table[0] + " " + table[1] + " " - - if not chain_exist(chain, table, filename, lineno): - reason = "The chain " + chain + " does not exists in " + table[1] + \ - ". I cannot delete it." - print_error(reason, filename, lineno) - return -1 - - cmd = NFT_BIN + " flush chain" + table_info + chain - ret = execute_cmd(cmd, filename, lineno) - if ret != 0: - reason = "I cannot flush this chain " + chain - print_error(reason, filename, lineno) - return -1 - - cmd = NFT_BIN + " delete chain" + table_info + chain - ret = execute_cmd(cmd, filename, lineno) - if ret != 0: - reason = cmd + "I cannot delete this chain. DD" - print_error(reason, filename, lineno) - return -1 - - if chain_exist(chain, table, filename, lineno): - reason = "The chain " + chain + " exists in " + table[1] + \ - ". I cannot delete this chain" - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def set_add(set_info, table_list, filename, lineno): - ''' - Adds a set. - ''' - - if not table_list: - reason = "Missing table to add rule" - print_error(reason, filename, lineno) - return -1 - - for table in table_list: - if set_exist(set_info[0], table, filename, lineno): - reason = "This set " + set_info + " exists in " + table[1] + \ - ". I cannot add it again" - print_error(reason, filename, lineno) - return -1 - - table_info = " " + table[0] + " " + table[1] + " " - set_text = " " + set_info[0] + " { type " + set_info[1] + " \;}" - cmd = NFT_BIN + " add set" + table_info + set_text - ret = execute_cmd(cmd, filename, lineno) - - if (ret == 0 and set_info[2].rstrip() == "fail") or \ - (ret != 0 and set_info[2].rstrip() == "ok"): - reason = cmd + ": " + "I cannot add the set " + set_info[0] - print_error(reason, filename, lineno) - return -1 - - if not set_exist(set_info[0], table, filename, lineno): - reason = "I have just added the set " + set_info[0] + \ - " to the table " + table[1] + " but it does not exist" - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def set_add_elements(set_element, set_name, set_all, state, table_list, - filename, lineno): - ''' - Adds elements to the set. - ''' - - if not table_list: - reason = "Missing table to add rules" - print_error(reason, filename, lineno) - return -1 - - for table in table_list: - # Check if set exists. - if (not set_exist(set_name, table, filename, lineno) or - not set_name in set_all) and state == "ok": - reason = "I cannot add an element to the set " + set_name + \ - " since it does not exist." - print_error(reason, filename, lineno) - return -1 - - table_info = " " + table[0] + " " + table[1] + " " - - element = "" - for e in set_element: - if not element: - element = e - else: - element = element + ", " + e - - set_text = set_name + " { " + element + " }" - cmd = NFT_BIN + " add element" + table_info + set_text - ret = execute_cmd(cmd, filename, lineno) - - if (state == "fail" and ret == 0) or (state == "ok" and ret != 0): - test_state = "This rule should have failed." - reason = cmd + ": " + test_state - print_error(reason, filename, lineno) - return -1 - - # Add element into a all_set. - if (ret == 0 and state == "ok"): - for e in set_element: - set_all[set_name].add(e) - - return 0 - - -def set_delete_elements(set_element, set_name, table, filename=None, - lineno=None): - ''' - Deletes elements in a set. - ''' - table_info = " " + table[0] + " " + table[1] + " " - - for element in set_element: - set_text = set_name + " {" + element + "}" - cmd = NFT_BIN + " delete element" + table_info + set_text - ret = execute_cmd(cmd, filename, lineno) - if ret != 0: - reason = "I cannot delete an element" + element + \ - " from the set '" + set_name - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def set_delete(all_set, table, filename=None, lineno=None): - ''' - Deletes set and its content. - ''' - - for set_name in all_set.keys(): - # Check if exists the set - if not set_exist(set_name, table, filename, lineno): - reason = "The set " + set_name + \ - " does not exist, I cannot delete it" - print_error(reason, filename, lineno) - return -1 - - # We delete all elements in the set - set_delete_elements(all_set[set_name], set_name, table, filename, - lineno) - - # We delete the set. - table_info = " " + table[0] + " " + table[1] + " " - cmd = NFT_BIN + " delete set " + table_info + " " + set_name - ret = execute_cmd(cmd, filename, lineno) - - # Check if the set still exists after I deleted it. - if ret != 0 or set_exist(set_name, table, filename, lineno): - reason = "Cannot remove the set " + set_name - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def set_exist(set_name, table, filename, lineno): - ''' - Check if the set exists. - ''' - table_info = " " + table[0] + " " + table[1] + " " - cmd = NFT_BIN + " list -nnn set" + table_info + set_name - ret = execute_cmd(cmd, filename, lineno) - - return True if (ret == 0) else False - - -def set_check_element(rule1, rule2): - ''' - Check if element exists in anonymous sets. - ''' - ret = -1 - pos1 = rule1.find("{") - pos2 = rule2.find("{") - end1 = rule1.find("}") - end2 = rule2.find("}") - - if ((pos1 != -1) and (pos2 != -1) and (end1 != -1) and (end2 != -1)): - list1 = (rule1[pos1 + 1:end1].replace(" ", "")).split(",") - list2 = (rule2[pos2 + 1:end2].replace(" ", "")).split(",") - list1.sort() - list2.sort() - if (cmp(list1, list2) == 0): - ret = 0 - return ret - - -def output_clean(pre_output, chain): - pos_chain = pre_output[0].find(chain) - if pos_chain == -1: - return "" - output_intermediate = pre_output[0][pos_chain:] - brace_start = output_intermediate.find("{") - brace_end = output_intermediate.find("}") - pre_rule = output_intermediate[brace_start:brace_end] - if pre_rule[1:].find("{") > -1: # this rule has a set. - set = pre_rule[1:].replace("\t", "").replace("\n", "").strip() - set = set.split(";")[2].strip() + "}" - return set - else: - rule = pre_rule.split(";")[2].replace("\t", "").replace("\n", "").strip() - if len(rule) < 0: - return "" - return rule - -def payload_check_elems_to_set(elems): - newset = set() - - for n, line in enumerate(elems.split('[end]')): - e = line.strip() - if e in newset: - print_error("duplicate", e, n) - return newset - - newset.add(e) - - return newset - -def payload_check_set_elems(want, got): - - if want.find('element') < 0 or want.find('[end]') < 0: - return 0 - - if got.find('element') < 0 or got.find('[end]') < 0: - return 0 - - set_want = payload_check_elems_to_set(want) - set_got = payload_check_elems_to_set(got) - - return set_want == set_got - -def payload_check(payload_buffer, file, cmd): - - file.seek(0, 0) - - ret = False - i = 0 - - for lineno, want_line in enumerate(payload_buffer): - line = file.readline() - - if want_line == line: - i += 1 - continue - - if want_line.find('[') < 0 and line.find('[') < 0: - continue - if want_line.find(']') < 0 and line.find(']') < 0: - continue - - if payload_check_set_elems(want_line, line): - continue - - print_differences_warning(file.name, lineno, want_line.strip(), line.strip(), cmd); - return 0 - - return i > 0 - -def rule_add(rule, table_list, chain_list, filename, lineno, - force_all_family_option, filename_path): - ''' - Adds a rule - ''' - # TODO Check if a rule is added correctly. - ret = warning = error = unit_tests = 0 - - if not table_list or not chain_list: - reason = "Missing table or chain to add rule." - print_error(reason, filename, lineno) - return [-1, warning, error, unit_tests] - - payload_expected = [] - - for table in table_list: - try: - payload_log = open("%s.payload.%s" % (filename_path, table[0])) - except (IOError): - payload_log = open("%s.payload" % filename_path) - - if rule[1].strip() == "ok": - try: - payload_expected.index(rule[0]) - except (ValueError): - payload_expected = payload_find_expected(payload_log, rule[0]) - - if payload_expected == []: - print_error("did not find payload information for rule '%s'" % rule[0], payload_log.name, 1) - - for chain in chain_list: - unit_tests += 1 - table_flush(table, filename, lineno) - table_info = " " + table[0] + " " + table[1] + " " - cmd = NFT_BIN + " add rule" + table_info + chain + " " + rule[0] - - payload_log = os.tmpfile(); - - cmd = NFT_BIN + " add rule --debug=netlink" + table_info + chain + " " + rule[0] - ret = execute_cmd(cmd, filename, lineno, payload_log) - - state = rule[1].rstrip() - if (ret == 0 and state == "fail") or (ret != 0 and state == "ok"): - if state == "fail": - test_state = "This rule should have failed." - else: - test_state = "This rule should not have failed." - reason = cmd + ": " + test_state - print_error(reason, filename, lineno) - ret = -1 - error += 1 - if not force_all_family_option: - return [ret, warning, error, unit_tests] - - if (state == "fail" and ret != 0): - ret = 0 - continue - - if ret == 0: - # Check for matching payload - if state == "ok" and not payload_check(payload_expected, payload_log, cmd): - error += 1 - gotf = open("%s.payload.got" % filename_path, 'a') - payload_log.seek(0, 0) - gotf.write("# %s\n" % rule[0]) - while True: - line = payload_log.readline() - if line == "": - break - gotf.write(line) - gotf.close() - print_warning("Wrote payload for rule %s" % rule[0], gotf.name, 1) - - # Check output of nft - process = subprocess.Popen([NFT_BIN, '-nnn', 'list', 'table'] + table, - shell=False, stdout=subprocess.PIPE, - preexec_fn=preexec) - pre_output = process.communicate() - output = pre_output[0].split(";") - if len(output) < 2: - reason = cmd + ": Listing is broken." - print_error(reason, filename, lineno) - ret = -1 - error += 1 - if not force_all_family_option: - return [ret, warning, error, unit_tests] - else: - rule_output = output_clean(pre_output, chain) - if (len(rule) == 3): - teoric_exit = rule[2] - else: - teoric_exit = rule[0] - - if (rule_output.rstrip() != teoric_exit.rstrip()): - if (rule[0].find("{") != -1): # anonymous sets - if (set_check_element(teoric_exit, rule_output) != 0): - warning += 1 - print_differences_warning(filename, lineno, - rule[0], rule_output, - cmd) - if not force_all_family_option: - return [ret, warning, error, unit_tests] - else: - if len(rule_output) <= 0: - error += 1 - print_differences_error(filename, lineno, - rule_output, cmd) - if not force_all_family_option: - return [ret, warning, error, unit_tests] - - warning += 1 - print_differences_warning(filename, lineno, - teoric_exit.rstrip(), rule_output, - cmd) - - if not force_all_family_option: - return [ret, warning, error, unit_tests] - - return [ret, warning, error, unit_tests] - - -def preexec(): - os.setpgrp() # Don't forward signals. - - -def cleanup_on_exit(): - for table in table_list: - for chain in chain_list: - ret = chain_delete(chain, table, "", "") - if all_set: - ret = set_delete(all_set, table) - ret = table_delete(table) - - -def signal_handler(signal, frame): - global signal_received - signal_received = 1 - - -def execute_cmd(cmd, filename, lineno, stdout_log = False): - ''' - Executes a command, checks for segfaults and returns the command exit - code. - - :param cmd: string with the command to be executed - :param filename: name of the file tested (used for print_error purposes) - :param lineno: line number being tested (used for print_error purposes) - ''' - global log_file - print >> log_file, "command: %s" % cmd - if debug_option: - print cmd - - if not stdout_log: - stdout_log = log_file - - ret = subprocess.call(cmd, shell=True, universal_newlines=True, - stderr=log_file, stdout=stdout_log, - preexec_fn=preexec) - log_file.flush() - - if ret == -11: - reason = "command segfaults: " + cmd - print_error(reason, filename, lineno) - - return ret - - -def print_result(filename, tests, warning, error): - return str(filename) + ": " + str(tests) + " unit tests, " + \ - str(error) + " error, " + str(warning) + " warning" - - -def print_result_all(filename, tests, warning, error, unit_tests): - return str(filename) + ": " + str(tests) + " unit tests, " +\ - str(unit_tests) + " total test executed, " + \ - str(error) + " error, " + \ - str(warning) + " warning" - - -def table_process(table_line, filename, lineno): - if ";" in table_line: - table_info = table_line.split(";") - else: - table_info.append("ip") - table_info.append(table_line) - - return table_create(table_info, filename, lineno) - - -def chain_process(chain_line, filename, lineno): - chain_name = chain_line[0] - chain_type = "" - for table in table_list: - if len(chain_line) > 1: - chain_type = chain_line[1] - ret = chain_create(chain_name, chain_type, chain_list, table, - filename, lineno) - if ret != 0: - return -1 - return ret - - -def set_process(set_line, filename, lineno): - set_info = [] - set_name = "".join(set_line[0].rstrip()[1:]) - set_info.append(set_name) - set_type = set_line[1].split(";")[0] - set_state = set_line[1].split(";")[1] # ok or fail - set_info.append(set_type) - set_info.append(set_state) - ret = set_add(set_info, table_list, filename, lineno) - if ret == 0: - all_set[set_name] = set() - - return ret - - -def set_element_process(element_line, filename, lineno): - rule_state = element_line[1] - set_name = element_line[0].split(" ")[0] - set_element = element_line[0].split(" ") - set_element.remove(set_name) - return set_add_elements(set_element, set_name, all_set, rule_state, - table_list, filename, lineno) - -def payload_find_expected(payload_log, rule): - ''' - Find the netlink payload that should be generated by given rule in payload_log - - :param payload_log: open file handle of the payload data - :param rule: nft rule we are going to add - ''' - found = 0 - pos = 0 - payload_buffer = [] - - while True: - line = payload_log.readline() - if not line: - break - - if line[0] == "#": # rule start - rule_line = line.strip()[2:] - - if rule_line == rule.strip(): - found = 1 - continue - - if found == 1: - payload_buffer.append(line) - if line.isspace(): - return payload_buffer - - payload_log.seek(0, 0) - return payload_buffer - -def run_test_file(filename, force_all_family_option, specific_file): - ''' - Runs a test file - - :param filename: name of the file with the test rules - ''' - - if specific_file: - filename_path = os.path.join(TERMINAL_PATH, filename) - else: - filename_path = os.path.join(TESTS_PATH, filename) - - f = open(filename_path) - tests = passed = total_unit_run = total_warning = total_error = 0 - table = "" - total_test_passed = True - - for lineno, line in enumerate(f): - if signal_received == 1: - print "\nSignal received. Cleaning up and Exitting..." - cleanup_on_exit() - sys.exit(0) - - if line.isspace(): - continue - - if line[0] == "#": # Command-line - continue - - if line[0] == '*': # Table - table_line = line.rstrip()[1:] - ret = table_process(table_line, filename, lineno) - if (ret != 0): - total_test_passed = False - break - continue - - if line[0] == ":": # Chain - chain_line = line.rstrip()[1:].split(";") - ret = chain_process(chain_line, filename, lineno) - if ret != 0: - total_test_passed = False - break - continue - - if line[0] == "!": # Adds this set - set_line = line.rstrip()[0:].split(" ") - ret = set_process(set_line, filename, lineno) - tests += 1 - if ret == -1: - total_test_passed = False - continue - passed += 1 - continue - - if line[0] == "?": # Adds elements in a set - element_line = line.rstrip()[1:].split(";") - ret = set_element_process(element_line, filename, lineno) - tests += 1 - if ret == -1: - total_test_passed = False - continue - - passed += 1 - continue - - # Rule - rule = line.split(';') # rule[1] Ok or FAIL - if len(rule) == 1 or len(rule) > 3 or rule[1].rstrip() not in {"ok", "fail"}: - reason = "Skipping malformed rule test. (" + line.rstrip('\n') + ")" - print_warning(reason, filename, lineno) - continue - - if line[0] == "-": # Run omitted lines - if need_fix_option: - rule[0] = rule[0].rstrip()[1:].strip() - else: - continue - elif need_fix_option: - continue - - result = rule_add(rule, table_list, chain_list, filename, lineno, - force_all_family_option, filename_path) - tests += 1 - ret = result[0] - warning = result[1] - total_warning += warning - total_error += result[2] - total_unit_run += result[3] - - if ret != 0: - total_test_passed = False - continue - - if warning == 0: # All ok. - passed += 1 - - # Delete rules, sets, chains and tables - for table in table_list: - # We delete chains - for chain in chain_list: - ret = chain_delete(chain, table, filename, lineno) - if ret != 0: - total_test_passed = False - - # We delete sets. - if all_set: - ret = set_delete(all_set, table, filename, lineno) - if ret != 0: - total_test_passed = False - reason = "There is a problem when we delete a set" - print_error(reason, filename, lineno) - - # We delete tables. - ret = table_delete(table, filename, lineno) - - if ret != 0: - total_test_passed = False - - if specific_file: - if force_all_family_option: - print print_result_all(filename, tests, total_warning, total_error, - total_unit_run) - else: - print print_result(filename, tests, total_warning, total_error) - else: - if (tests == passed and tests > 0): - print filename + ": " + Colors.GREEN + "OK" + Colors.ENDC - - f.close() - del table_list[:] - del chain_list[:] - all_set.clear() - - return [tests, passed, total_warning, total_error, total_unit_run] - - -def main(): - parser = argparse.ArgumentParser(description='Run nft tests', - version='1.0') - - parser.add_argument('filename', nargs='?', - metavar='path/to/file.t', - help='Run only this test') - - parser.add_argument('-d', '--debug', action='store_true', - dest='debug', - help='enable debugging mode') - - parser.add_argument('-e', '--need-fix', action='store_true', - dest='need_fix_line', - help='run rules that need a fix') - - parser.add_argument('-f', '--force-family', action='store_true', - dest='force_all_family', - help='keep testing all families on error') - - args = parser.parse_args() - global debug_option, need_fix_option - debug_option = args.debug - need_fix_option = args.need_fix_line - force_all_family_option = args.force_all_family - specific_file = False - - signal.signal(signal.SIGINT, signal_handler) - signal.signal(signal.SIGTERM, signal_handler) - - if os.getuid() != 0: - print "You need to be root to run this, sorry" - return - - # Change working directory to repository root - os.chdir(TESTS_PATH + "/../..") - - if not os.path.isfile(NFT_BIN): - print "The nft binary does not exist. You need to build the project." - return - - test_files = files_ok = run_total = 0 - tests = passed = warnings = errors = 0 - global log_file - try: - log_file = open(LOGFILE, 'w') - except IOError: - print "Cannot open log file %s" % LOGFILE - return - - file_list = [] - if args.filename: - file_list = [args.filename] - specific_file = True - else: - for directory in TESTS_DIRECTORY: - path = os.path.join(TESTS_PATH, directory) - for root, dirs, files in os.walk(path): - for f in files: - if f.endswith(".t"): - file_list.append(os.path.join(directory, f)) - - for filename in file_list: - result = run_test_file(filename, force_all_family_option, specific_file) - file_tests = result[0] - file_passed = result[1] - file_warnings = result[2] - file_errors = result[3] - file_unit_run = result[4] - - test_files += 1 - - if file_warnings == 0 and file_tests == file_passed: - files_ok += 1 - if file_tests: - tests += file_tests - passed += file_passed - errors += file_errors - warnings += file_warnings - if force_all_family_option: - run_total += file_unit_run - - if test_files == 0: - print "No test files to run" - else: - if not specific_file: - if force_all_family_option: - print ("%d test files, %d files passed, %d unit tests, %d total executed, %d error, %d warning" % - (test_files, files_ok, tests, run_total, errors, warnings)) - else: - print ("%d test files, %d files passed, %d unit tests, %d error, %d warning" % - (test_files, files_ok, tests, errors, warnings)) - -if __name__ == '__main__': - main() -- cgit v1.2.3