From 0abfb2b7e01ca07efe1be16a1a5bd8925340dc41 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Fri, 10 Jul 2015 11:56:31 +0200 Subject: tests: validate generated netlink instructions compare netlink instructions generated by given nft command line with recorded version. Example: udp dport 80 accept in ip family should look like ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00005000 ] [ immediate reg 0 accept ] This is stored in udp.t.payload.ip Other suffixes: .payload.ip6 .payload.inet .payload ('any') The test script first looks for 'testname.t.payload.$family', if that doesn't exist 'testname.t.payload' is used. This allows for family independent test (e.g. meta), where we don't expect/have any family specific expressions. Signed-off-by: Florian Westphal --- tests/regression/any/ct.t.payload | 239 +++++++++ tests/regression/any/frag.t.payload | 109 ++++ tests/regression/any/limit.t.payload | 20 + tests/regression/any/log.t.payload | 52 ++ tests/regression/any/meta.t.payload | 707 ++++++++++++++++++++++++++ tests/regression/any/queue.t.payload | 24 + tests/regression/arp/arp.t.payload | 217 ++++++++ tests/regression/arp/chains.t.payload | 0 tests/regression/bridge/chains.t.payload | 0 tests/regression/bridge/reject.t.payload | 106 ++++ tests/regression/inet/ah.t.payload.inet | 186 +++++++ tests/regression/inet/ah.t.payload.ip | 186 +++++++ tests/regression/inet/ah.t.payload.ip6 | 186 +++++++ tests/regression/inet/comp.t.payload.inet | 107 ++++ tests/regression/inet/comp.t.payload.ip | 107 ++++ tests/regression/inet/comp.t.payload.ip6 | 107 ++++ tests/regression/inet/dccp.t.payload.inet | 82 +++ tests/regression/inet/dccp.t.payload.ip | 82 +++ tests/regression/inet/dccp.t.payload.ip6 | 82 +++ tests/regression/inet/esp.t.payload.inet | 93 ++++ tests/regression/inet/esp.t.payload.ip | 93 ++++ tests/regression/inet/esp.t.payload.ip6 | 93 ++++ tests/regression/inet/reject.t.payload.inet | 220 ++++++++ tests/regression/inet/sctp.t.payload.inet | 200 ++++++++ tests/regression/inet/sctp.t.payload.ip | 200 ++++++++ tests/regression/inet/sctp.t.payload.ip6 | 200 ++++++++ tests/regression/inet/tcp.t.payload.inet | 500 ++++++++++++++++++ tests/regression/inet/tcp.t.payload.ip | 500 ++++++++++++++++++ tests/regression/inet/tcp.t.payload.ip6 | 500 ++++++++++++++++++ tests/regression/inet/udp.t.payload.ip | 222 ++++++++ tests/regression/inet/udplite.t.payload.inet | 169 ++++++ tests/regression/inet/udplite.t.payload.ip | 169 ++++++ tests/regression/inet/udplite.t.payload.ip6 | 169 ++++++ tests/regression/ip/dnat.t.payload.ip | 50 ++ tests/regression/ip/icmp.t.payload.ip | 463 +++++++++++++++++ tests/regression/ip/ip.t.payload | 337 ++++++++++++ tests/regression/ip/ip.t.payload.inet | 443 ++++++++++++++++ tests/regression/ip/masquerade.t.payload | 127 +++++ tests/regression/ip/redirect.t.payload | 201 ++++++++ tests/regression/ip/reject.t.payload | 32 ++ tests/regression/ip/sets.t.payload.inet | 18 + tests/regression/ip/sets.t.payload.ip | 14 + tests/regression/ip/snat.t.payload | 50 ++ tests/regression/ip6/dnat.t.payload.ip6 | 25 + tests/regression/ip6/dst.t.payload.inet | 94 ++++ tests/regression/ip6/dst.t.payload.ip6 | 95 ++++ tests/regression/ip6/hbh.t.payload.inet | 94 ++++ tests/regression/ip6/hbh.t.payload.ip6 | 94 ++++ tests/regression/ip6/icmpv6.t.payload.ip6 | 409 +++++++++++++++ tests/regression/ip6/ip6.t.payload.inet | 461 +++++++++++++++++ tests/regression/ip6/ip6.t.payload.ip6 | 339 ++++++++++++ tests/regression/ip6/masquerade.t.payload.ip6 | 127 +++++ tests/regression/ip6/mh.t.payload.inet | 198 ++++++++ tests/regression/ip6/mh.t.payload.ip6 | 198 ++++++++ tests/regression/ip6/redirect.t.payload.ip6 | 185 +++++++ tests/regression/ip6/reject.t.payload.ip6 | 26 + tests/regression/ip6/rt.t.payload.inet | 180 +++++++ tests/regression/ip6/rt.t.payload.ip6 | 180 +++++++ tests/regression/ip6/sets.t.payload | 0 tests/regression/ip6/sets.t.payload.inet | 9 + tests/regression/ip6/sets.t.payload.ip6 | 7 + tests/regression/ip6/snat.t.payload.ip6 | 25 + tests/regression/ip6/vmap.t.payload.inet | 420 +++++++++++++++ tests/regression/ip6/vmap.t.payload.ip6 | 336 ++++++++++++ tests/regression/nft-test.py | 100 +++- 65 files changed, 11259 insertions(+), 5 deletions(-) create mode 100644 tests/regression/any/ct.t.payload create mode 100644 tests/regression/any/frag.t.payload create mode 100644 tests/regression/any/limit.t.payload create mode 100644 tests/regression/any/log.t.payload create mode 100644 tests/regression/any/meta.t.payload create mode 100644 tests/regression/any/queue.t.payload create mode 100644 tests/regression/arp/arp.t.payload create mode 100644 tests/regression/arp/chains.t.payload create mode 100644 tests/regression/bridge/chains.t.payload create mode 100644 tests/regression/bridge/reject.t.payload create mode 100644 tests/regression/inet/ah.t.payload.inet create mode 100644 tests/regression/inet/ah.t.payload.ip create mode 100644 tests/regression/inet/ah.t.payload.ip6 create mode 100644 tests/regression/inet/comp.t.payload.inet create mode 100644 tests/regression/inet/comp.t.payload.ip create mode 100644 tests/regression/inet/comp.t.payload.ip6 create mode 100644 tests/regression/inet/dccp.t.payload.inet create mode 100644 tests/regression/inet/dccp.t.payload.ip create mode 100644 tests/regression/inet/dccp.t.payload.ip6 create mode 100644 tests/regression/inet/esp.t.payload.inet create mode 100644 tests/regression/inet/esp.t.payload.ip create mode 100644 tests/regression/inet/esp.t.payload.ip6 create mode 100644 tests/regression/inet/reject.t.payload.inet create mode 100644 tests/regression/inet/sctp.t.payload.inet create mode 100644 tests/regression/inet/sctp.t.payload.ip create mode 100644 tests/regression/inet/sctp.t.payload.ip6 create mode 100644 tests/regression/inet/tcp.t.payload.inet create mode 100644 tests/regression/inet/tcp.t.payload.ip create mode 100644 tests/regression/inet/tcp.t.payload.ip6 create mode 100644 tests/regression/inet/udp.t.payload.ip create mode 100644 tests/regression/inet/udplite.t.payload.inet create mode 100644 tests/regression/inet/udplite.t.payload.ip create mode 100644 tests/regression/inet/udplite.t.payload.ip6 create mode 100644 tests/regression/ip/dnat.t.payload.ip create mode 100644 tests/regression/ip/icmp.t.payload.ip create mode 100644 tests/regression/ip/ip.t.payload create mode 100644 tests/regression/ip/ip.t.payload.inet create mode 100644 tests/regression/ip/masquerade.t.payload create mode 100644 tests/regression/ip/redirect.t.payload create mode 100644 tests/regression/ip/reject.t.payload create mode 100644 tests/regression/ip/sets.t.payload.inet create mode 100644 tests/regression/ip/sets.t.payload.ip create mode 100644 tests/regression/ip/snat.t.payload create mode 100644 tests/regression/ip6/dnat.t.payload.ip6 create mode 100644 tests/regression/ip6/dst.t.payload.inet create mode 100644 tests/regression/ip6/dst.t.payload.ip6 create mode 100644 tests/regression/ip6/hbh.t.payload.inet create mode 100644 tests/regression/ip6/hbh.t.payload.ip6 create mode 100644 tests/regression/ip6/icmpv6.t.payload.ip6 create mode 100644 tests/regression/ip6/ip6.t.payload.inet create mode 100644 tests/regression/ip6/ip6.t.payload.ip6 create mode 100644 tests/regression/ip6/masquerade.t.payload.ip6 create mode 100644 tests/regression/ip6/mh.t.payload.inet create mode 100644 tests/regression/ip6/mh.t.payload.ip6 create mode 100644 tests/regression/ip6/redirect.t.payload.ip6 create mode 100644 tests/regression/ip6/reject.t.payload.ip6 create mode 100644 tests/regression/ip6/rt.t.payload.inet create mode 100644 tests/regression/ip6/rt.t.payload.ip6 create mode 100644 tests/regression/ip6/sets.t.payload create mode 100644 tests/regression/ip6/sets.t.payload.inet create mode 100644 tests/regression/ip6/sets.t.payload.ip6 create mode 100644 tests/regression/ip6/snat.t.payload.ip6 create mode 100644 tests/regression/ip6/vmap.t.payload.inet create mode 100644 tests/regression/ip6/vmap.t.payload.ip6 (limited to 'tests') diff --git a/tests/regression/any/ct.t.payload b/tests/regression/any/ct.t.payload new file mode 100644 index 00000000..f77c2842 --- /dev/null +++ b/tests/regression/any/ct.t.payload @@ -0,0 +1,239 @@ +# ct state new,established, related, untracked +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000004e ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct state != related +ip test-ip4 output + [ ct load state => reg 1 ] + [ cmp neq reg 1 0x00000004 ] + +# ct state {new,established, related, untracked} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000008 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000040 : 0 [end] +ip test-ip4 output + [ ct load state => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct state invalid drop +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ immediate reg 0 drop ] + +# ct state established accept +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ immediate reg 0 accept ] + +# ct state 8 +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000008 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct direction original +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# ct direction != original +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# ct direction reply +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# ct direction != reply +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# ct direction {reply, original} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000000 : 0 [end] +ip test-ip4 output + [ ct load direction => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct status expected +ip test-ip4 output + [ ct load status => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct status != expected +ip test-ip4 output + [ ct load status => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# ct status seen-reply +ip test-ip4 output + [ ct load status => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct status != seen-reply +ip test-ip4 output + [ ct load status => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# ct status {expected, seen-reply, assured, confirmed, dying} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000200 : 0 [end] +ip test-ip4 output + [ ct load status => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct mark 0 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# ct mark or 0x23 == 0x11 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xffffffdc ) ^ 0x00000023 ] + [ cmp eq reg 1 0x00000011 ] + +# ct mark or 0x3 != 0x1 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ cmp neq reg 1 0x00000001 ] + +# ct mark and 0x23 == 0x11 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000023 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000011 ] + +# ct mark and 0x3 != 0x1 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000001 ] + +# ct mark xor 0x23 == 0x11 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ct mark xor 0x3 != 0x1 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# ct mark 0x00000032 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ct mark != 0x00000032 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# ct mark 0x00000032-0x00000045 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x32000000 ] + [ cmp lte reg 1 0x45000000 ] + +# ct mark != 0x00000032-0x00000045 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x32000000 ] + [ cmp gt reg 1 0x45000000 ] + +# ct mark {0x32, 0x2222, 0x42de3} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000032 : 0 [end] element 00002222 : 0 [end] element 00042de3 : 0 [end] +ip test-ip4 output + [ ct load mark => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct mark set 0x11 xor 0x1331 +ip test-ip4 output + [ immediate reg 1 0x00001320 ] + [ ct set mark with reg 1 ] + +# ct mark set 0x11333 and 0x11 +ip test-ip4 output + [ immediate reg 1 0x00000011 ] + [ ct set mark with reg 1 ] + +# ct mark set 0x12 or 0x11 +ip test-ip4 output + [ immediate reg 1 0x00000013 ] + [ ct set mark with reg 1 ] + +# ct mark set 0x11 +ip test-ip4 output + [ immediate reg 1 0x00000011 ] + [ ct set mark with reg 1 ] + +# ct expiration 30 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ cmp eq reg 1 0x0000001e ] + +# ct expiration 22 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# ct expiration != 233 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# ct expiration 33-45 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# ct expiration != 33-45 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# ct expiration {33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct expiration {33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + +# ct helper "ftp" +ip test-ip4 output + [ ct load helper => reg 1 ] + [ cmp eq reg 1 0x00707466 0x00000000 0x00000000 0x00000000 ] + diff --git a/tests/regression/any/frag.t.payload b/tests/regression/any/frag.t.payload new file mode 100644 index 00000000..a91ab3fa --- /dev/null +++ b/tests/regression/any/frag.t.payload @@ -0,0 +1,109 @@ +# frag nexthdr tcp +ip test-ip4 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + +# frag nexthdr != icmp +ip test-ip4 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +ip test-ip4 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag nexthdr esp +ip test-ip4 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# frag nexthdr ah +ip test-ip4 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + +# frag reserved 22 +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# frag reserved != 233 +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# frag reserved 33-45 +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# frag reserved != 33-45 +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# frag reserved { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag reserved { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag id 1 +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp eq reg 1 0x01000000 ] + +# frag id 22 +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# frag id != 33 +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp neq reg 1 0x21000000 ] + +# frag id 33-45 +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# frag id != 33-45 +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# frag id { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag id { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/any/limit.t.payload b/tests/regression/any/limit.t.payload new file mode 100644 index 00000000..c196f12b --- /dev/null +++ b/tests/regression/any/limit.t.payload @@ -0,0 +1,20 @@ +# limit rate 400/minute +ip test-ip4 output + [ limit rate 400/minute ] + +# limit rate 20/second +ip test-ip4 output + [ limit rate 20/second ] + +# limit rate 400/hour +ip test-ip4 output + [ limit rate 400/hour ] + +# limit rate 400/week +ip test-ip4 output + [ limit rate 400/week ] + +# limit rate 40/day +ip test-ip4 output + [ limit rate 40/day ] + diff --git a/tests/regression/any/log.t.payload b/tests/regression/any/log.t.payload new file mode 100644 index 00000000..689668b6 --- /dev/null +++ b/tests/regression/any/log.t.payload @@ -0,0 +1,52 @@ +# log +ip test-ip4 output + [ log prefix (null) ] + +# log level emerg +ip test-ip4 output + [ log prefix (null) level 0 flags 0] + +# log level alert +ip test-ip4 output + [ log prefix (null) level 1 flags 0] + +# log level crit +ip test-ip4 output + [ log prefix (null) level 2 flags 0] + +# log level err +ip test-ip4 output + [ log prefix (null) level 3 flags 0] + +# log level warn +ip test-ip4 output + [ log prefix (null) level 4 flags 0] + +# log level notice +ip test-ip4 output + [ log prefix (null) level 5 flags 0] + +# log level info +ip test-ip4 output + [ log prefix (null) level 6 flags 0] + +# log level debug +ip test-ip4 output + [ log prefix (null) level 7 flags 0] + +# log prefix aaaaa-aaaaaa group 2 snaplen 33 +ip test-ip4 output + [ log prefix aaaaa-aaaaaa group 2 snaplen 33 qthreshold 0] + +# log group 2 queue-threshold 2 +ip test-ip4 output + [ log prefix (null) group 2 snaplen 0 qthreshold 2] + +# log group 2 snaplen 33 +ip test-ip4 output + [ log prefix (null) group 2 snaplen 33 qthreshold 0] + +# log group 2 prefix \"nft-test: \" +ip test-ip4 output + [ log prefix nft-test: group 2 snaplen 0 qthreshold 0] + diff --git a/tests/regression/any/meta.t.payload b/tests/regression/any/meta.t.payload new file mode 100644 index 00000000..921e42e3 --- /dev/null +++ b/tests/regression/any/meta.t.payload @@ -0,0 +1,707 @@ +# meta length 1000 +ip test-ip4 input + [ meta load len => reg 1 ] + [ cmp eq reg 1 0x000003e8 ] + +# meta length 22 +ip test-ip4 input + [ meta load len => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# meta length != 233 +ip test-ip4 input + [ meta load len => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# meta length 33-45 +ip test-ip4 input + [ meta load len => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# meta length != 33-45 +ip test-ip4 input + [ meta load len => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# meta length { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip test-ip4 input + [ meta load len => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta length { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ meta load len => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + +# meta protocol { ip, arp, ip6, vlan } +set%d test-ip4 3 +set%d test-ip4 0 + element 00000008 : 0 [end] element 00000608 : 0 [end] element 0000dd86 : 0 [end] element 00000081 : 0 [end] +ip test-ip4 input + [ meta load protocol => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta protocol ip +ip test-ip4 input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + +# meta protocol != ip +ip test-ip4 input + [ meta load protocol => reg 1 ] + [ cmp neq reg 1 0x00000008 ] + +# meta nfproto ipv4 +ip test-ip4 input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + +# meta nfproto ipv6 +ip test-ip4 input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + +# meta nfproto {ipv4, ipv6} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000002 : 0 [end] element 0000000a : 0 [end] +ip test-ip4 input + [ meta load nfproto => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta l4proto 22 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# meta l4proto != 233 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# meta l4proto 33-45 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 2, 1) ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# meta l4proto != 33-45 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 2, 1) ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# meta l4proto { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta l4proto { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 2, 1) ] + [ lookup reg 1 set set%d ] + +# meta mark 0x4 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + +# meta mark 0x32 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# meta mark and 0x03 == 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] + +# meta mark and 0x03 != 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000001 ] + +# meta mark 0x10 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x00000010 ] + +# meta mark != 0x10 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp neq reg 1 0x00000010 ] + +# meta mark or 0x03 == 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ cmp eq reg 1 0x00000001 ] + +# meta mark or 0x03 != 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ cmp neq reg 1 0x00000001 ] + +# meta mark xor 0x03 == 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + +# meta mark xor 0x03 != 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# meta iif eth0 accept +ip test-ip4 input + [ meta load iif => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# meta iif eth0 accept +ip test-ip4 input + [ meta load iif => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# meta iif != eth0 accept +ip test-ip4 input + [ meta load iif => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# meta iif != eth0 accept +ip test-ip4 input + [ meta load iif => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# meta iifname "eth0" +ip test-ip4 input + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + +# meta iifname != "eth0" +ip test-ip4 input + [ meta load iifname => reg 1 ] + [ cmp neq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + +# meta iifname {"eth0", "lo"} +set%d test-ip4 3 +set%d test-ip4 0 + element 30687465 00000000 00000000 00000000 : 0 [end] element 00006f6c 00000000 00000000 00000000 : 0 [end] +ip test-ip4 input + [ meta load iifname => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000301 : 0 [end] element 00000304 : 0 [end] element 00000308 : 0 [end] element 0000030a : 0 [end] +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta iiftype != ether +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# meta iiftype ether +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta iiftype != ppp +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp neq reg 1 0x00000200 ] + +# meta iiftype ppp +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000200 ] + +# meta oif lo accept +ip test-ip4 input + [ meta load oif => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + +# meta oif != lo accept +ip test-ip4 input + [ meta load oif => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + +# meta oif {eth0, lo} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000002 : 0 [end] element 00000001 : 0 [end] +ip test-ip4 input + [ meta load oif => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta oifname "eth0" +ip test-ip4 input + [ meta load oifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + +# meta oifname != "eth0" +ip test-ip4 input + [ meta load oifname => reg 1 ] + [ cmp neq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + +# meta oifname { "eth0", "lo"} +set%d test-ip4 3 +set%d test-ip4 0 + element 30687465 00000000 00000000 00000000 : 0 [end] element 00006f6c 00000000 00000000 00000000 : 0 [end] +ip test-ip4 input + [ meta load oifname => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000301 : 0 [end] element 00000304 : 0 [end] element 00000308 : 0 [end] element 0000030a : 0 [end] +ip test-ip4 input + [ meta load oiftype => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta oiftype != ether +ip test-ip4 input + [ meta load oiftype => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# meta oiftype ether +ip test-ip4 input + [ meta load oiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta skuid {bin, root, daemon} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000000 : 0 [end] element 00000002 : 0 [end] +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta skuid root +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta skuid != root +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta skuid lt 3000 accept +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0xb80b0000 ] + [ immediate reg 0 accept ] + +# meta skuid gt 3000 accept +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gt reg 1 0xb80b0000 ] + [ immediate reg 0 accept ] + +# meta skuid eq 3000 accept +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ cmp eq reg 1 0x00000bb8 ] + [ immediate reg 0 accept ] + +# meta skuid 3001-3005 accept +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0xb90b0000 ] + [ cmp lte reg 1 0xbd0b0000 ] + [ immediate reg 0 accept ] + +# meta skuid != 2001-2005 accept +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0xd1070000 ] + [ cmp gt reg 1 0xd5070000 ] + [ immediate reg 0 accept ] + +# meta skuid { 2001-2005} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta skgid {bin, root, daemon} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000000 : 0 [end] element 00000002 : 0 [end] +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta skgid root +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta skgid != root +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta skgid lt 3000 accept +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0xb80b0000 ] + [ immediate reg 0 accept ] + +# meta skgid gt 3000 accept +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gt reg 1 0xb80b0000 ] + [ immediate reg 0 accept ] + +# meta skgid eq 3000 accept +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ cmp eq reg 1 0x00000bb8 ] + [ immediate reg 0 accept ] + +# meta skgid 2001-2005 accept +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0xd1070000 ] + [ cmp lte reg 1 0xd5070000 ] + [ immediate reg 0 accept ] + +# meta skgid != 2001-2005 accept +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0xd1070000 ] + [ cmp gt reg 1 0xd5070000 ] + [ immediate reg 0 accept ] + +# meta skgid { 2001-2005} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta mark set 0xffffffc8 xor 0x16 +ip test-ip4 input + [ immediate reg 1 0xffffffde ] + [ meta set mark with reg 1 ] + +# meta mark set 0x16 and 0x16 +ip test-ip4 input + [ immediate reg 1 0x00000016 ] + [ meta set mark with reg 1 ] + +# meta mark set 0xffffffe9 or 0x16 +ip test-ip4 input + [ immediate reg 1 0xffffffff ] + [ meta set mark with reg 1 ] + +# meta mark set 0xffffffde and 0x16 +ip test-ip4 input + [ immediate reg 1 0x00000016 ] + [ meta set mark with reg 1 ] + +# meta mark set 0xf045ffde or 0x10 +ip test-ip4 input + [ immediate reg 1 0xf045ffde ] + [ meta set mark with reg 1 ] + +# meta mark set 0xffffffde or 0x16 +ip test-ip4 input + [ immediate reg 1 0xffffffde ] + [ meta set mark with reg 1 ] + +# meta mark set 0x32 or 0xfffff +ip test-ip4 input + [ immediate reg 1 0x000fffff ] + [ meta set mark with reg 1 ] + +# meta mark set 0xfffe xor 0x16 +ip test-ip4 input + [ immediate reg 1 0x0000ffe8 ] + [ meta set mark with reg 1 ] + +# meta iif lo +ip test-ip4 input + [ meta load iif => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta oif lo +ip test-ip4 input + [ meta load oif => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta oifname "eth2" accept +ip test-ip4 input + [ meta load oifname => reg 1 ] + [ cmp eq reg 1 0x32687465 0x00000000 0x00000000 0x00000000 ] + [ immediate reg 0 accept ] + +# meta skuid 3000 +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ cmp eq reg 1 0x00000bb8 ] + +# meta skgid 3000 +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ cmp eq reg 1 0x00000bb8 ] + +# meta rtclassid cosmos +ip test-ip4 input + [ meta load rtclassid => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta pkttype broadcast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta pkttype unicast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta pkttype multicast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + +# meta pkttype != broadcast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# meta pkttype != unicast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta pkttype != multicast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# meta pkttype { broadcast, multicast} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta cpu 1 +ip test-ip4 input + [ meta load cpu => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta cpu != 1 +ip test-ip4 input + [ meta load cpu => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# meta cpu 1-3 +ip test-ip4 input + [ meta load cpu => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x01000000 ] + [ cmp lte reg 1 0x03000000 ] + +# meta cpu != 1-2 +ip test-ip4 input + [ meta load cpu => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x01000000 ] + [ cmp gt reg 1 0x02000000 ] + +# meta cpu { 2,3} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000002 : 0 [end] element 00000003 : 0 [end] +ip test-ip4 input + [ meta load cpu => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta iifgroup 0 +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta iifgroup != 0 +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta iifgroup default +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta iifgroup != default +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta iifgroup {default} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000000 : 0 [end] +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta iifgroup { 11,33} +set%d test-ip4 3 +set%d test-ip4 0 + element 0000000b : 0 [end] element 00000021 : 0 [end] +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta iifgroup {11-33} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 0b000000 : 0 [end] element 22000000 : 1 [end] +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + +# meta oifgroup 0 +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta oifgroup != 0 +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta oifgroup default +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta oifgroup != default +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta oifgroup {default} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000000 : 0 [end] +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta oifgroup { 11,33} +set%d test-ip4 3 +set%d test-ip4 0 + element 0000000b : 0 [end] element 00000021 : 0 [end] +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta oifgroup {11-33} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 0b000000 : 0 [end] element 22000000 : 1 [end] +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + +# meta cgroup 1048577 +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ cmp eq reg 1 0x00100001 ] + +# meta cgroup != 1048577 +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ cmp neq reg 1 0x00100001 ] + +# meta cgroup { 1048577, 1048578 } +set%d test-ip4 3 +set%d test-ip4 0 + element 00100001 : 0 [end] element 00100002 : 0 [end] +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta cgroup 1048577-1048578 +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x01001000 ] + [ cmp lte reg 1 0x02001000 ] + +# meta cgroup != 1048577-1048578 +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x01001000 ] + [ cmp gt reg 1 0x02001000 ] + +# meta cgroup {1048577-1048578} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 01001000 : 0 [end] element 03001000 : 1 [end] +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/any/queue.t.payload b/tests/regression/any/queue.t.payload new file mode 100644 index 00000000..43a6650c --- /dev/null +++ b/tests/regression/any/queue.t.payload @@ -0,0 +1,24 @@ +# queue +ip test-ip4 output + [ queue num 0] + +# queue num 2 +ip test-ip4 output + [ queue num 2] + +# queue num 2-3 +ip test-ip4 output + [ queue num 2-3] + +# queue num 4-5 fanout bypass +ip test-ip4 output + [ queue num 4-5 bypass fanout] + +# queue num 4-5 fanout +ip test-ip4 output + [ queue num 4-5 fanout] + +# queue num 4-5 bypass +ip test-ip4 output + [ queue num 4-5 bypass] + diff --git a/tests/regression/arp/arp.t.payload b/tests/regression/arp/arp.t.payload new file mode 100644 index 00000000..2f82d931 --- /dev/null +++ b/tests/regression/arp/arp.t.payload @@ -0,0 +1,217 @@ +# arp htype 1 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000100 ] + +# arp htype != 1 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000100 ] + +# arp htype 22 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# arp htype != 233 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# arp htype 33-45 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# arp htype != 33-45 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# arp htype { 33, 55, 67, 88} +set%d test-arp 3 +set%d test-arp 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp htype { 33-55} +set%d test-arp 7 +set%d test-arp 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp ptype 0x0800 +arp test-arp input + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + +# arp hlen 22 +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# arp hlen != 233 +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# arp hlen 33-45 +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# arp hlen != 33-45 +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# arp hlen { 33, 55, 67, 88} +set%d test-arp 3 +set%d test-arp 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp hlen { 33-55} +set%d test-arp 7 +set%d test-arp 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp plen 22 +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# arp plen != 233 +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# arp plen 33-45 +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# arp plen != 33-45 +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# arp plen { 33, 55, 67, 88} +set%d test-arp 3 +set%d test-arp 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp plen { 33-55} +set%d test-arp 7 +set%d test-arp 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request} +set%d test-arp 3 +set%d test-arp 0 + element 0000000a : 0 [end] element 00000009 : 0 [end] element 00000008 : 0 [end] element 00000004 : 0 [end] element 00000003 : 0 [end] element 00000002 : 0 [end] element 00000001 : 0 [end] +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp operation request +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# arp operation reply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + +# arp operation rrequest +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] + +# arp operation rreply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + +# arp operation inrequest +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + +# arp operation inreply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000009 ] + +# arp operation nak +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + +# arp operation reply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + +# arp operation != request +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# arp operation != reply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# arp operation != rrequest +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000003 ] + +# arp operation != rreply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000004 ] + +# arp operation != inrequest +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000008 ] + +# arp operation != inreply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000009 ] + +# arp operation != nak +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000000a ] + +# arp operation != reply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + diff --git a/tests/regression/arp/chains.t.payload b/tests/regression/arp/chains.t.payload new file mode 100644 index 00000000..e69de29b diff --git a/tests/regression/bridge/chains.t.payload b/tests/regression/bridge/chains.t.payload new file mode 100644 index 00000000..e69de29b diff --git a/tests/regression/bridge/reject.t.payload b/tests/regression/bridge/reject.t.payload new file mode 100644 index 00000000..f5a0e6a8 --- /dev/null +++ b/tests/regression/bridge/reject.t.payload @@ -0,0 +1,106 @@ +# reject with icmp type host-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 1 ] + +# reject with icmp type net-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 10 ] + +# reject with icmp type admin-prohibited +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 13 ] + +# reject with icmpv6 type no-route +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 4 ] + +# ip protocol tcp reject with tcp reset +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + +# reject +bridge test-bridge input + [ reject type 2 code 1 ] + +# ether type ip reject +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 3 ] + +# ether type ip6 reject +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 4 ] + +# reject with icmpx type host-unreachable +bridge test-bridge input + [ reject type 2 code 2 ] + +# reject with icmpx type no-route +bridge test-bridge input + [ reject type 2 code 0 ] + +# reject with icmpx type admin-prohibited +bridge test-bridge input + [ reject type 2 code 3 ] + +# reject with icmpx type port-unreachable +bridge test-bridge input + [ reject type 2 code 1 ] + diff --git a/tests/regression/inet/ah.t.payload.inet b/tests/regression/inet/ah.t.payload.inet new file mode 100644 index 00000000..d8755980 --- /dev/null +++ b/tests/regression/inet/ah.t.payload.inet @@ -0,0 +1,186 @@ +# ah hdrlength 11-23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x0000000b ] + [ cmp lte reg 1 0x00000017 ] + +# ah hdrlength != 11-23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x0000000b ] + [ cmp gt reg 1 0x00000017 ] + +# ah hdrlength { 11-23} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah hdrlength {11, 23, 44 } +set%d test-inet 3 +set%d test-inet 0 + element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ah reserved != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ah reserved 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ah reserved != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ah reserved {23, 100} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00006400 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi 111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x6f000000 ] + +# ah spi != 111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x6f000000 ] + +# ah spi 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# ah spi != 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# ah spi {111, 122} +set%d test-inet 3 +set%d test-inet 0 + element 6f000000 : 0 [end] element 7a000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi { 111-122} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 123 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x7b000000 ] + +# ah sequence != 123 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x7b000000 ] + +# ah sequence {23, 25, 33} +set%d test-inet 3 +set%d test-inet 0 + element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence { 23-33} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 23-33 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x17000000 ] + [ cmp lte reg 1 0x21000000 ] + +# ah sequence != 23-33 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x17000000 ] + [ cmp gt reg 1 0x21000000 ] + diff --git a/tests/regression/inet/ah.t.payload.ip b/tests/regression/inet/ah.t.payload.ip new file mode 100644 index 00000000..6a58bb1f --- /dev/null +++ b/tests/regression/inet/ah.t.payload.ip @@ -0,0 +1,186 @@ +# ah hdrlength 11-23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x0000000b ] + [ cmp lte reg 1 0x00000017 ] + +# ah hdrlength != 11-23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x0000000b ] + [ cmp gt reg 1 0x00000017 ] + +# ah hdrlength { 11-23} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah hdrlength {11, 23, 44 } +set%d test-ip4 3 +set%d test-ip4 0 + element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ah reserved != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ah reserved 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ah reserved != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ah reserved {23, 100} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00006400 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi 111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x6f000000 ] + +# ah spi != 111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x6f000000 ] + +# ah spi 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# ah spi != 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# ah spi {111, 122} +set%d test-ip4 3 +set%d test-ip4 0 + element 6f000000 : 0 [end] element 7a000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi { 111-122} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 123 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x7b000000 ] + +# ah sequence != 123 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x7b000000 ] + +# ah sequence {23, 25, 33} +set%d test-ip4 3 +set%d test-ip4 0 + element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence { 23-33} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 23-33 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x17000000 ] + [ cmp lte reg 1 0x21000000 ] + +# ah sequence != 23-33 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x17000000 ] + [ cmp gt reg 1 0x21000000 ] + diff --git a/tests/regression/inet/ah.t.payload.ip6 b/tests/regression/inet/ah.t.payload.ip6 new file mode 100644 index 00000000..ce89754b --- /dev/null +++ b/tests/regression/inet/ah.t.payload.ip6 @@ -0,0 +1,186 @@ +# ah hdrlength 11-23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x0000000b ] + [ cmp lte reg 1 0x00000017 ] + +# ah hdrlength != 11-23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x0000000b ] + [ cmp gt reg 1 0x00000017 ] + +# ah hdrlength { 11-23} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah hdrlength {11, 23, 44 } +set%d test-ip6 3 +set%d test-ip6 0 + element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ah reserved != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ah reserved 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ah reserved != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ah reserved {23, 100} +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00006400 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi 111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x6f000000 ] + +# ah spi != 111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x6f000000 ] + +# ah spi 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# ah spi != 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# ah spi {111, 122} +set%d test-ip6 3 +set%d test-ip6 0 + element 6f000000 : 0 [end] element 7a000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi { 111-122} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 123 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x7b000000 ] + +# ah sequence != 123 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x7b000000 ] + +# ah sequence {23, 25, 33} +set%d test-ip6 3 +set%d test-ip6 0 + element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence { 23-33} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 23-33 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x17000000 ] + [ cmp lte reg 1 0x21000000 ] + +# ah sequence != 23-33 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x17000000 ] + [ cmp gt reg 1 0x21000000 ] + diff --git a/tests/regression/inet/comp.t.payload.inet b/tests/regression/inet/comp.t.payload.inet new file mode 100644 index 00000000..c00bcc71 --- /dev/null +++ b/tests/regression/inet/comp.t.payload.inet @@ -0,0 +1,107 @@ +# comp nexthdr != esp +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# comp flags 0x0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# comp flags != 0x23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x00000023 ] + +# comp flags 0x33-0x45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000033 ] + [ cmp lte reg 1 0x00000045 ] + +# comp flags != 0x33-0x45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000033 ] + [ cmp gt reg 1 0x00000045 ] + +# comp flags {0x33, 0x55, 0x67, 0x88} +set%d test-inet 3 +set%d test-inet 0 + element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp flags { 0x33-0x55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# comp cpi != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# comp cpi 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# comp cpi != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# comp cpi {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/comp.t.payload.ip b/tests/regression/inet/comp.t.payload.ip new file mode 100644 index 00000000..e226c9a5 --- /dev/null +++ b/tests/regression/inet/comp.t.payload.ip @@ -0,0 +1,107 @@ +# comp nexthdr != esp +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# comp flags 0x0 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# comp flags != 0x23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x00000023 ] + +# comp flags 0x33-0x45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000033 ] + [ cmp lte reg 1 0x00000045 ] + +# comp flags != 0x33-0x45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000033 ] + [ cmp gt reg 1 0x00000045 ] + +# comp flags {0x33, 0x55, 0x67, 0x88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp flags { 0x33-0x55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# comp cpi != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# comp cpi 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# comp cpi != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# comp cpi {33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/comp.t.payload.ip6 b/tests/regression/inet/comp.t.payload.ip6 new file mode 100644 index 00000000..135e5a2e --- /dev/null +++ b/tests/regression/inet/comp.t.payload.ip6 @@ -0,0 +1,107 @@ +# comp nexthdr != esp +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# comp flags 0x0 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# comp flags != 0x23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x00000023 ] + +# comp flags 0x33-0x45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000033 ] + [ cmp lte reg 1 0x00000045 ] + +# comp flags != 0x33-0x45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000033 ] + [ cmp gt reg 1 0x00000045 ] + +# comp flags {0x33, 0x55, 0x67, 0x88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp flags { 0x33-0x55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# comp cpi != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# comp cpi 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# comp cpi != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# comp cpi {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/dccp.t.payload.inet b/tests/regression/inet/dccp.t.payload.inet new file mode 100644 index 00000000..ecd8863f --- /dev/null +++ b/tests/regression/inet/dccp.t.payload.inet @@ -0,0 +1,82 @@ +# dccp sport 21-35 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001500 ] + [ cmp lte reg 1 0x00002300 ] + +# dccp sport != 21-35 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001500 ] + [ cmp gt reg 1 0x00002300 ] + +# dccp sport {23, 24, 25} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport { 20-50 } +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport ftp-data - re-mail-ck +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport 20-50 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/dccp.t.payload.ip b/tests/regression/inet/dccp.t.payload.ip new file mode 100644 index 00000000..9e1cc2ec --- /dev/null +++ b/tests/regression/inet/dccp.t.payload.ip @@ -0,0 +1,82 @@ +# dccp sport 21-35 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001500 ] + [ cmp lte reg 1 0x00002300 ] + +# dccp sport != 21-35 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001500 ] + [ cmp gt reg 1 0x00002300 ] + +# dccp sport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport { 20-50 } +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport ftp-data - re-mail-ck +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport 20-50 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/dccp.t.payload.ip6 b/tests/regression/inet/dccp.t.payload.ip6 new file mode 100644 index 00000000..c0e1d70a --- /dev/null +++ b/tests/regression/inet/dccp.t.payload.ip6 @@ -0,0 +1,82 @@ +# dccp sport 21-35 +ip test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001500 ] + [ cmp lte reg 1 0x00002300 ] + +# dccp sport != 21-35 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001500 ] + [ cmp gt reg 1 0x00002300 ] + +# dccp sport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport { 20-50 } +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport ftp-data - re-mail-ck +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport 20-50 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/esp.t.payload.inet b/tests/regression/inet/esp.t.payload.inet new file mode 100644 index 00000000..4ba9ea8e --- /dev/null +++ b/tests/regression/inet/esp.t.payload.inet @@ -0,0 +1,93 @@ +# esp spi 100 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x64000000 ] + +# esp spi != 100 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x64000000 ] + +# esp spi 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# esp spi != 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# esp spi { 100, 102} +set%d test-inet 3 +set%d test-inet 0 + element 64000000 : 0 [end] element 66000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp spi { 100-102} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# esp sequence 22-24 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x16000000 ] + [ cmp lte reg 1 0x18000000 ] + +# esp sequence != 22-24 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x16000000 ] + [ cmp gt reg 1 0x18000000 ] + +# esp sequence { 22, 24} +set%d test-inet 3 +set%d test-inet 0 + element 16000000 : 0 [end] element 18000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence { 22-25} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/esp.t.payload.ip b/tests/regression/inet/esp.t.payload.ip new file mode 100644 index 00000000..5a66b042 --- /dev/null +++ b/tests/regression/inet/esp.t.payload.ip @@ -0,0 +1,93 @@ +# esp spi 100 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x64000000 ] + +# esp spi != 100 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x64000000 ] + +# esp spi 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# esp spi != 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# esp spi { 100, 102} +set%d test-ip4 3 +set%d test-ip4 0 + element 64000000 : 0 [end] element 66000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp spi { 100-102} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# esp sequence 22-24 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x16000000 ] + [ cmp lte reg 1 0x18000000 ] + +# esp sequence != 22-24 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x16000000 ] + [ cmp gt reg 1 0x18000000 ] + +# esp sequence { 22, 24} +set%d test-ip4 3 +set%d test-ip4 0 + element 16000000 : 0 [end] element 18000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence { 22-25} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/esp.t.payload.ip6 b/tests/regression/inet/esp.t.payload.ip6 new file mode 100644 index 00000000..7c784262 --- /dev/null +++ b/tests/regression/inet/esp.t.payload.ip6 @@ -0,0 +1,93 @@ +# esp spi 100 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x64000000 ] + +# esp spi != 100 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x64000000 ] + +# esp spi 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# esp spi != 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# esp spi { 100, 102} +set%d test-ip6 3 +set%d test-ip6 0 + element 64000000 : 0 [end] element 66000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp spi { 100-102} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# esp sequence 22-24 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x16000000 ] + [ cmp lte reg 1 0x18000000 ] + +# esp sequence != 22-24 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x16000000 ] + [ cmp gt reg 1 0x18000000 ] + +# esp sequence { 22, 24} +set%d test-ip6 3 +set%d test-ip6 0 + element 16000000 : 0 [end] element 18000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence { 22-25} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/reject.t.payload.inet b/tests/regression/inet/reject.t.payload.inet new file mode 100644 index 00000000..5770330d --- /dev/null +++ b/tests/regression/inet/reject.t.payload.inet @@ -0,0 +1,220 @@ +# reject with icmp type host-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 1 ] + +# reject with icmp type net-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 10 ] + +# reject with icmp type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 13 ] + +# reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with tcp reset +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + +# reject +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# meta nfproto ipv6 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with icmpx type host-unreachable +inet test-inet input + [ reject type 2 code 2 ] + +# reject with icmpx type no-route +inet test-inet input + [ reject type 2 code 0 ] + +# reject with icmpx type admin-prohibited +inet test-inet input + [ reject type 2 code 3 ] + +# reject with icmpx type port-unreachable +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject with icmp type host-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 1 ] + +# meta nfproto ipv6 reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 10 ] + +# reject with icmp type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 13 ] + +# reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with tcp reset +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + +# reject +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# meta nfproto ipv6 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with icmpx type host-unreachable +inet test-inet input + [ reject type 2 code 2 ] + +# reject with icmpx type no-route +inet test-inet input + [ reject type 2 code 0 ] + +# reject with icmpx type admin-prohibited +inet test-inet input + [ reject type 2 code 3 ] + +# reject with icmpx type port-unreachable +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject with icmp type host-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 1 ] + +# meta nfproto ipv6 reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + diff --git a/tests/regression/inet/sctp.t.payload.inet b/tests/regression/inet/sctp.t.payload.inet new file mode 100644 index 00000000..dd6e2759 --- /dev/null +++ b/tests/regression/inet/sctp.t.payload.inet @@ -0,0 +1,200 @@ +# sctp sport 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp sport != 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp sport 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp sport != 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp sport { 23, 24, 25} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp sport { 23-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp dport != 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp dport 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp dport != 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp dport { 23, 24, 25} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport { 23-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum 1111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x57040000 ] + +# sctp checksum != 11 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x0b000000 ] + +# sctp checksum 21-333 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x15000000 ] + [ cmp lte reg 1 0x4d010000 ] + +# sctp checksum != 32-111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x20000000 ] + [ cmp gt reg 1 0x6f000000 ] + +# sctp checksum { 22, 33, 44} +set%d test-inet 3 +set%d test-inet 0 + element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum { 22-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# sctp vtag != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# sctp vtag 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# sctp vtag != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# sctp vtag {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/sctp.t.payload.ip b/tests/regression/inet/sctp.t.payload.ip new file mode 100644 index 00000000..053d319e --- /dev/null +++ b/tests/regression/inet/sctp.t.payload.ip @@ -0,0 +1,200 @@ +# sctp sport 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp sport != 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp sport 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp sport != 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp sport { 23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp sport { 23-44} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp dport != 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp dport 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp dport != 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp dport { 23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport { 23-44} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum 1111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x57040000 ] + +# sctp checksum != 11 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x0b000000 ] + +# sctp checksum 21-333 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x15000000 ] + [ cmp lte reg 1 0x4d010000 ] + +# sctp checksum != 32-111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x20000000 ] + [ cmp gt reg 1 0x6f000000 ] + +# sctp checksum { 22, 33, 44} +set%d test-ip4 3 +set%d test-ip4 0 + element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum { 22-44} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# sctp vtag != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# sctp vtag 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# sctp vtag != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# sctp vtag {33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/sctp.t.payload.ip6 b/tests/regression/inet/sctp.t.payload.ip6 new file mode 100644 index 00000000..eae6fa94 --- /dev/null +++ b/tests/regression/inet/sctp.t.payload.ip6 @@ -0,0 +1,200 @@ +# sctp sport 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp sport != 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp sport 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp sport != 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp sport { 23, 24, 25} +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp sport { 23-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp dport != 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp dport 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp dport != 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp dport { 23, 24, 25} +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport { 23-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum 1111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x57040000 ] + +# sctp checksum != 11 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x0b000000 ] + +# sctp checksum 21-333 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x15000000 ] + [ cmp lte reg 1 0x4d010000 ] + +# sctp checksum != 32-111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x20000000 ] + [ cmp gt reg 1 0x6f000000 ] + +# sctp checksum { 22, 33, 44} +set%d test-ip6 3 +set%d test-ip6 0 + element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum { 22-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# sctp vtag != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# sctp vtag 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# sctp vtag != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# sctp vtag {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/tcp.t.payload.inet b/tests/regression/inet/tcp.t.payload.inet new file mode 100644 index 00000000..e1673dbe --- /dev/null +++ b/tests/regression/inet/tcp.t.payload.inet @@ -0,0 +1,500 @@ +# tcp dport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp dport != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp dport 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp dport != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp dport { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport {telnet, http, https} accept +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# tcp dport vmap { 22 : accept, 23 : drop } +map%d test-inet b +map%d test-inet 0 + element 00001600 : 0 [end] element 00001700 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport vmap { 25:accept, 28:drop } +map%d test-inet b +map%d test-inet 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport { 22, 53, 80, 110 } +set%d test-inet 3 +set%d test-inet 0 + element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp sport 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp sport != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp sport { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport vmap { 25:accept, 28:drop } +map%d test-inet b +map%d test-inet 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp sport 8080 drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000901f ] + [ immediate reg 0 drop ] + +# tcp sport 1024 tcp dport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 ] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +set%d test-inet 3 +set%d test-inet 0 + element 00000004 : 0 [end] element 0000fe03 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ payload load 6b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 0x00000000 ] + +# tcp sequence 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp sequence != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp sequence 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp sequence != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp sequence { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sequence { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq 42949672 drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x285c8f02 ] + [ immediate reg 0 drop ] + +# tcp ackseq 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp ackseq != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp ackseq 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp ackseq != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp ackseq { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +set%d test-inet 3 +set%d test-inet 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# tcp flags cwr +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags != cwr +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ cmp neq reg 1 0x00000080 ] + +# tcp window 22222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x0000ce56 ] + +# tcp window 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp window != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp window 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp window != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp window { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp window { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum 23456 log drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x0000a05b ] + [ log prefix (null) ] + [ immediate reg 0 drop ] + +# tcp checksum 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp checksum != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp checksum 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp checksum != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp checksum { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr 1234 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 0 accept ] + +# tcp urgptr 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp urgptr != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp urgptr 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp urgptr != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp urgptr { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/tcp.t.payload.ip b/tests/regression/inet/tcp.t.payload.ip new file mode 100644 index 00000000..c21cca1b --- /dev/null +++ b/tests/regression/inet/tcp.t.payload.ip @@ -0,0 +1,500 @@ +# tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp dport != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp dport 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp dport != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp dport { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport {telnet, http, https} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# tcp dport vmap { 22 : accept, 23 : drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001600 : 0 [end] element 00001700 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport vmap { 25:accept, 28:drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport { 22, 53, 80, 110 } +set%d test-ip4 3 +set%d test-ip4 0 + element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp sport 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp sport != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp sport { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport vmap { 25:accept, 28:drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp sport 8080 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000901f ] + [ immediate reg 0 drop ] + +# tcp sport 1024 tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 ] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +set%d test-ip4 3 +set%d test-ip4 0 + element 00000004 : 0 [end] element 0000fe03 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ payload load 6b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 0x00000000 ] + +# tcp sequence 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp sequence != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp sequence 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp sequence != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp sequence { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sequence { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq 42949672 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x285c8f02 ] + [ immediate reg 0 drop ] + +# tcp ackseq 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp ackseq != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp ackseq 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp ackseq != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp ackseq { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# tcp flags cwr +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags != cwr +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ cmp neq reg 1 0x00000080 ] + +# tcp window 22222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x0000ce56 ] + +# tcp window 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp window != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp window 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp window != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp window { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp window { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum 23456 log drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x0000a05b ] + [ log prefix (null) ] + [ immediate reg 0 drop ] + +# tcp checksum 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp checksum != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp checksum 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp checksum != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr 1234 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 0 accept ] + +# tcp urgptr 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp urgptr != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp urgptr 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp urgptr != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp urgptr { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/tcp.t.payload.ip6 b/tests/regression/inet/tcp.t.payload.ip6 new file mode 100644 index 00000000..32115edc --- /dev/null +++ b/tests/regression/inet/tcp.t.payload.ip6 @@ -0,0 +1,500 @@ +# tcp dport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp dport != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp dport 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp dport != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp dport { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport {telnet, http, https} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# tcp dport vmap { 22 : accept, 23 : drop } +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0 [end] element 00001700 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport vmap { 25:accept, 28:drop } +map%d test-ip6 b +map%d test-ip6 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport { 22, 53, 80, 110 } +set%d test-ip6 3 +set%d test-ip6 0 + element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp sport 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp sport != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp sport { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport vmap { 25:accept, 28:drop } +map%d test-ip6 b +map%d test-ip6 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp sport 8080 drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000901f ] + [ immediate reg 0 drop ] + +# tcp sport 1024 tcp dport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 ] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +set%d test-ip6 3 +set%d test-ip6 0 + element 00000004 : 0 [end] element 0000fe03 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ payload load 6b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 0x00000000 ] + +# tcp sequence 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp sequence != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp sequence 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp sequence != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp sequence { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sequence { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq 42949672 drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x285c8f02 ] + [ immediate reg 0 drop ] + +# tcp ackseq 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp ackseq != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp ackseq 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp ackseq != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp ackseq { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +set%d test-ip6 3 +set%d test-ip6 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# tcp flags cwr +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags != cwr +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ cmp neq reg 1 0x00000080 ] + +# tcp window 22222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x0000ce56 ] + +# tcp window 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp window != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp window 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp window != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp window { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp window { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum 23456 log drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x0000a05b ] + [ log prefix (null) ] + [ immediate reg 0 drop ] + +# tcp checksum 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp checksum != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp checksum 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp checksum != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp checksum { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr 1234 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 0 accept ] + +# tcp urgptr 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp urgptr != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp urgptr 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp urgptr != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp urgptr { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/udp.t.payload.ip b/tests/regression/inet/udp.t.payload.ip new file mode 100644 index 00000000..b3ec24b2 --- /dev/null +++ b/tests/regression/inet/udp.t.payload.ip @@ -0,0 +1,222 @@ +# udp sport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udp sport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp sport 50-70 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udp sport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udp sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udp dport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udp dport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp dport 70-75 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udp dport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udp dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udp length 6666 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + +# udp length != 6666 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x00000a1a ] + +# udp length 50-65 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004100 ] + [ immediate reg 0 accept ] + +# udp length != 50-65 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00004100 ] + [ immediate reg 0 accept ] + +# udp length { 50, 65} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00003200 : 0 [end] element 00004100 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udp length { 35-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002300 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udp checksum 6666 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udp checksum 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udp checksum != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udp checksum 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udp checksum != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udp checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udp checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/udplite.t.payload.inet b/tests/regression/inet/udplite.t.payload.inet new file mode 100644 index 00000000..4c57239f --- /dev/null +++ b/tests/regression/inet/udplite.t.payload.inet @@ -0,0 +1,169 @@ +# udplite sport 80 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite sport != 60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport 50-70 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udplite sport != 50-60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite dport 80 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite dport != 60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport 70-75 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udplite dport != 50-60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udplite checksum 6666 drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udplite checksum 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udplite checksum != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udplite checksum 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udplite checksum != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udplite checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/udplite.t.payload.ip b/tests/regression/inet/udplite.t.payload.ip new file mode 100644 index 00000000..e870c701 --- /dev/null +++ b/tests/regression/inet/udplite.t.payload.ip @@ -0,0 +1,169 @@ +# udplite sport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite sport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport 50-70 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udplite sport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite dport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite dport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport 70-75 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udplite dport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udplite checksum 6666 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udplite checksum 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udplite checksum != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udplite checksum 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udplite checksum != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udplite checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/inet/udplite.t.payload.ip6 b/tests/regression/inet/udplite.t.payload.ip6 new file mode 100644 index 00000000..2d318854 --- /dev/null +++ b/tests/regression/inet/udplite.t.payload.ip6 @@ -0,0 +1,169 @@ +# udplite sport 80 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite sport != 60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport 50-70 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udplite sport != 50-60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite dport 80 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite dport != 60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport 70-75 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udplite dport != 50-60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udplite checksum 6666 drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udplite checksum 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udplite checksum != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udplite checksum 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udplite checksum != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udplite checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/ip/dnat.t.payload.ip b/tests/regression/ip/dnat.t.payload.ip new file mode 100644 index 00000000..93c4d68b --- /dev/null +++ b/tests/regression/ip/dnat.t.payload.ip @@ -0,0 +1,50 @@ +# iifname "eth0" tcp dport 80-90 dnat 192.168.3.2 +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2 +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00005000 ] + [ cmp gt reg 1 0x00005a00 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2 +set%d test-ip4 3 +set%d test-ip4 0 + element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 1 0x0203a8c0 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2 +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002200 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + diff --git a/tests/regression/ip/icmp.t.payload.ip b/tests/regression/ip/icmp.t.payload.ip new file mode 100644 index 00000000..a6071a65 --- /dev/null +++ b/tests/regression/ip/icmp.t.payload.ip @@ -0,0 +1,463 @@ +# icmp type echo-reply accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + [ immediate reg 0 accept ] + +# icmp type destination-unreachable accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] + [ immediate reg 0 accept ] + +# icmp type source-quench accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + [ immediate reg 0 accept ] + +# icmp type redirect accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] + [ immediate reg 0 accept ] + +# icmp type echo-request accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ immediate reg 0 accept ] + +# icmp type time-exceeded accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000000b ] + [ immediate reg 0 accept ] + +# icmp type parameter-problem accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000000c ] + [ immediate reg 0 accept ] + +# icmp type timestamp-request accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000000d ] + [ immediate reg 0 accept ] + +# icmp type timestamp-reply accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000000e ] + [ immediate reg 0 accept ] + +# icmp type info-request accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000000f ] + [ immediate reg 0 accept ] + +# icmp type info-reply accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000010 ] + [ immediate reg 0 accept ] + +# icmp type address-mask-request accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 0 accept ] + +# icmp type address-mask-reply accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000012 ] + [ immediate reg 0 accept ] + +# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000000 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000008 : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] element 0000000d : 0 [end] element 0000000e : 0 [end] element 0000000f : 0 [end] element 00000010 : 0 [end] element 00000011 : 0 [end] element 00000012 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmp code 111 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x0000006f ] + [ immediate reg 0 accept ] + +# icmp code != 111 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x0000006f ] + [ immediate reg 0 accept ] + +# icmp code 33-55 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x00000037 ] + +# icmp code != 33-55 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x00000037 ] + +# icmp code { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp code { 2, 4, 54, 33, 56} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000036 : 0 [end] element 00000021 : 0 [end] element 00000038 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp checksum 12343 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003730 ] + [ immediate reg 0 accept ] + +# icmp checksum != 12343 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003730 ] + [ immediate reg 0 accept ] + +# icmp checksum 11-343 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00000b00 ] + [ cmp lte reg 1 0x00005701 ] + [ immediate reg 0 accept ] + +# icmp checksum != 11-343 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00000b00 ] + [ cmp gt reg 1 0x00005701 ] + [ immediate reg 0 accept ] + +# icmp checksum { 11-343} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmp checksum { 1111, 222, 343} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmp id 1245 log +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x0000dd04 ] + [ log prefix (null) ] + +# icmp id 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# icmp id != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# icmp id 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmp id != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmp id { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp id { 22, 34, 333} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001600 : 0 [end] element 00002200 : 0 [end] element 00004d01 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp sequence 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# icmp sequence != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# icmp sequence 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmp sequence != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmp sequence { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp sequence { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp mtu 33 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00002100 ] + +# icmp mtu 22-33 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00001600 ] + [ cmp lte reg 1 0x00002100 ] + +# icmp mtu { 22-33} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp mtu 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# icmp mtu != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# icmp mtu 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmp mtu != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmp mtu { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp mtu { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp gateway 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# icmp gateway != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# icmp gateway 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# icmp gateway != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# icmp gateway { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp gateway { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp gateway != 34 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x22000000 ] + diff --git a/tests/regression/ip/ip.t.payload b/tests/regression/ip/ip.t.payload new file mode 100644 index 00000000..18db172a --- /dev/null +++ b/tests/regression/ip/ip.t.payload @@ -0,0 +1,337 @@ +# ip length 232 +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000e800 ] + +# ip length != 233 +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip length 333-435 +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004d01 ] + [ cmp lte reg 1 0x0000b301 ] + +# ip length != 333-453 +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp lt reg 1 0x00004d01 ] + [ cmp gt reg 1 0x0000c501 ] + +# ip length { 333, 553, 673, 838} +set%d test-ip4 3 +set%d test-ip4 0 + element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip length { 333-535} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip id 22 +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip id != 233 +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip id 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip id != 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip id { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip id { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip frag-off 222 accept +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000de00 ] + [ immediate reg 0 accept ] + +# ip frag-off != 233 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip frag-off 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip frag-off != 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip frag-off { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip frag-off { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip ttl 0 drop +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + [ immediate reg 0 drop ] + +# ip ttl 233 log +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x000000e9 ] + [ log prefix (null) ] + +# ip ttl 33-55 +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x00000037 ] + +# ip ttl != 45-50 +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp lt reg 1 0x0000002d ] + [ cmp gt reg 1 0x00000032 ] + +# ip ttl {43, 53, 45 } +set%d test-ip4 3 +set%d test-ip4 0 + element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip ttl { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip protocol tcp log +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ log prefix (null) ] + +# ip protocol != tcp log +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp neq reg 1 0x00000006 ] + [ log prefix (null) ] + +# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# ip checksum 13172 drop +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp eq reg 1 0x00007433 ] + [ immediate reg 0 drop ] + +# ip checksum 22 +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip checksum != 233 +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip checksum 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip checksum != 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip saddr 192.168.2.0/24 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0002a8c0 ] + +# ip saddr != 192.168.2.0/24 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ cmp neq reg 1 0x0002a8c0 ] + +# ip saddr 192.168.3.1 ip daddr 192.168.3.100 +ip test-ip4 input + [ payload load 8b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ] + +# ip saddr != 1.1.1.1 log prefix giuseppe +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp neq reg 1 0x01010101 ] + [ log prefix giuseppe ] + +# ip saddr 1.1.1.1 log prefix example group 1 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x01010101 ] + [ log prefix example group 1 snaplen 0 qthreshold 0] + +# ip daddr 192.168.0.1-192.168.0.250 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0100a8c0 ] + [ cmp lte reg 1 0xfa00a8c0 ] + +# ip daddr 10.0.0.0-10.255.255.255 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0000000a ] + [ cmp lte reg 1 0xffffff0a ] + +# ip daddr 172.16.0.0-172.31.255.255 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x000010ac ] + [ cmp lte reg 1 0xffff1fac ] + +# ip daddr 192.168.3.1-192.168.4.250 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0103a8c0 ] + [ cmp lte reg 1 0xfa04a8c0 ] + +# ip daddr != 192.168.0.1-192.168.0.250 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp lt reg 1 0x0100a8c0 ] + [ cmp gt reg 1 0xfa00a8c0 ] + +# ip daddr { 192.168.0.1-192.168.0.250} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept +set%d test-ip4 3 +set%d test-ip4 0 + element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# ip daddr 192.168.1.2-192.168.1.55 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0201a8c0 ] + [ cmp lte reg 1 0x3701a8c0 ] + +# ip daddr != 192.168.1.2-192.168.1.55 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp lt reg 1 0x0201a8c0 ] + [ cmp gt reg 1 0x3701a8c0 ] + +# ip saddr 192.168.1.3-192.168.33.55 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp gte reg 1 0x0301a8c0 ] + [ cmp lte reg 1 0x3721a8c0 ] + +# ip saddr != 192.168.1.3-192.168.33.55 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp lt reg 1 0x0301a8c0 ] + [ cmp gt reg 1 0x3721a8c0 ] + +# ip daddr 192.168.0.1 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + +# ip daddr 192.168.0.1 drop +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + [ immediate reg 0 drop ] + +# ip daddr 192.168.0.2 log +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0200a8c0 ] + [ log prefix (null) ] + diff --git a/tests/regression/ip/ip.t.payload.inet b/tests/regression/ip/ip.t.payload.inet new file mode 100644 index 00000000..be635cdb --- /dev/null +++ b/tests/regression/ip/ip.t.payload.inet @@ -0,0 +1,443 @@ +# ip length 232 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000e800 ] + +# ip length != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip length 333-435 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004d01 ] + [ cmp lte reg 1 0x0000b301 ] + +# ip length != 333-453 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp lt reg 1 0x00004d01 ] + [ cmp gt reg 1 0x0000c501 ] + +# ip length { 333, 553, 673, 838} +set%d test-inet 3 +set%d test-inet 0 + element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip length { 333-535} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip id 22 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip id != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip id 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip id != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip id { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip id { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip frag-off 222 accept +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000de00 ] + [ immediate reg 0 accept ] + +# ip frag-off != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip frag-off 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip frag-off != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip frag-off { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip frag-off { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip ttl 0 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + [ immediate reg 0 drop ] + +# ip ttl 233 log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x000000e9 ] + [ log prefix (null) ] + +# ip ttl 33-55 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x00000037 ] + +# ip ttl != 45-50 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp lt reg 1 0x0000002d ] + [ cmp gt reg 1 0x00000032 ] + +# ip ttl {43, 53, 45 } +set%d test-inet 3 +set%d test-inet 0 + element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip ttl { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip protocol tcp log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ log prefix (null) ] + +# ip protocol != tcp log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp neq reg 1 0x00000006 ] + [ log prefix (null) ] + +# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +set%d test-inet 3 +set%d test-inet 0 + element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# ip checksum 13172 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp eq reg 1 0x00007433 ] + [ immediate reg 0 drop ] + +# ip checksum 22 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip checksum != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip checksum 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip checksum != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip checksum { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip checksum { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip saddr 192.168.2.0/24 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0002a8c0 ] + +# ip saddr != 192.168.2.0/24 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ cmp neq reg 1 0x0002a8c0 ] + +# ip saddr 192.168.3.1 ip daddr 192.168.3.100 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 8b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ] + +# ip saddr != 1.1.1.1 log prefix giuseppe +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp neq reg 1 0x01010101 ] + [ log prefix giuseppe ] + +# ip saddr 1.1.1.1 log prefix example group 1 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x01010101 ] + [ log prefix example group 1 snaplen 0 qthreshold 0] + +# ip daddr 192.168.0.1-192.168.0.250 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0100a8c0 ] + [ cmp lte reg 1 0xfa00a8c0 ] + +# ip daddr 10.0.0.0-10.255.255.255 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0000000a ] + [ cmp lte reg 1 0xffffff0a ] + +# ip daddr 172.16.0.0-172.31.255.255 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x000010ac ] + [ cmp lte reg 1 0xffff1fac ] + +# ip daddr 192.168.3.1-192.168.4.250 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0103a8c0 ] + [ cmp lte reg 1 0xfa04a8c0 ] + +# ip daddr != 192.168.0.1-192.168.0.250 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp lt reg 1 0x0100a8c0 ] + [ cmp gt reg 1 0xfa00a8c0 ] + +# ip daddr { 192.168.0.1-192.168.0.250} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept +set%d test-inet 3 +set%d test-inet 0 + element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# ip daddr 192.168.1.2-192.168.1.55 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0201a8c0 ] + [ cmp lte reg 1 0x3701a8c0 ] + +# ip daddr != 192.168.1.2-192.168.1.55 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp lt reg 1 0x0201a8c0 ] + [ cmp gt reg 1 0x3701a8c0 ] + +# ip saddr 192.168.1.3-192.168.33.55 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp gte reg 1 0x0301a8c0 ] + [ cmp lte reg 1 0x3721a8c0 ] + +# ip saddr != 192.168.1.3-192.168.33.55 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp lt reg 1 0x0301a8c0 ] + [ cmp gt reg 1 0x3721a8c0 ] + +# ip daddr 192.168.0.1 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + +# ip daddr 192.168.0.1 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + [ immediate reg 0 drop ] + +# ip daddr 192.168.0.2 log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0200a8c0 ] + [ log prefix (null) ] + diff --git a/tests/regression/ip/masquerade.t.payload b/tests/regression/ip/masquerade.t.payload new file mode 100644 index 00000000..9390f0cf --- /dev/null +++ b/tests/regression/ip/masquerade.t.payload @@ -0,0 +1,127 @@ +# udp dport 53 masquerade +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq ] + +# udp dport 53 masquerade random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x4 ] + +# udp dport 53 masquerade random,persistent +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade random,persistent,fully-random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade random,fully-random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x14 ] + +# udp dport 53 masquerade random,fully-random,persistent +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x8 ] + +# udp dport 53 masquerade persistent,random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade persistent,random,fully-random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent,fully-random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x18 ] + +# udp dport 53 masquerade persistent,fully-random,random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade +set%d test-ip4 3 +set%d test-ip4 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ masq ] + +# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 masquerade +ip test-ip4 postrouting + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0000000a ] + [ cmp lte reg 1 0x0403020a ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ masq ] + +# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade +map%d test-ip4 b +map%d test-ip4 0 + element 00001600 : 0 [end] element 0000de00 : 0 [end] +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + [ masq ] + diff --git a/tests/regression/ip/redirect.t.payload b/tests/regression/ip/redirect.t.payload new file mode 100644 index 00000000..3c6e1e06 --- /dev/null +++ b/tests/regression/ip/redirect.t.payload @@ -0,0 +1,201 @@ +# udp dport 53 redirect +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect random,persistent +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect random,persistent,fully-random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect random,fully-random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect random,fully-random,persistent +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect persistent +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect persistent,random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect persistent,random,fully-random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect persistent,fully-random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect persistent,fully-random,random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# tcp dport 22 redirect to 22 +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ immediate reg 1 0x00001600 ] + [ redir ] + +# udp dport 1234 redirect to 4321 +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 1 0x0000e110 ] + [ redir ] + +# ip daddr 172.16.0.1 udp dport 9998 redirect to 6515 +ip test-ip4 output + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x010010ac ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00000e27 ] + [ immediate reg 1 0x00007319 ] + [ redir ] + +# tcp dport 39128 redirect to 993 +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000d898 ] + [ immediate reg 1 0x0000e103 ] + [ redir ] + +# tcp dport 9128 redirect to 993 random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x0000e103 ] + [ redir ] + +# tcp dport 9128 redirect to 993 fully-random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x0000e103 ] + [ redir ] + +# tcp dport 9128 redirect to 123 persistent +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x00007b00 ] + [ redir ] + +# tcp dport 9128 redirect to 123 random,persistent +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x00007b00 ] + [ redir ] + +# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect +set%d test-ip4 3 +set%d test-ip4 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ redir ] + +# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect +ip test-ip4 output + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0000000a ] + [ cmp lte reg 1 0x0403020a ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ redir ] + +# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect +map%d test-ip4 b +map%d test-ip4 0 + element 00001600 : 0 [end] element 0000de00 : 0 [end] +ip test-ip4 output + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + [ redir ] + diff --git a/tests/regression/ip/reject.t.payload b/tests/regression/ip/reject.t.payload new file mode 100644 index 00000000..d5e87665 --- /dev/null +++ b/tests/regression/ip/reject.t.payload @@ -0,0 +1,32 @@ +# reject +ip test-ip4 output + [ reject type 0 code 3 ] + +# reject with icmp type host-unreachable +ip test-ip4 output + [ reject type 0 code 1 ] + +# reject with icmp type net-unreachable +ip test-ip4 output + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +ip test-ip4 output + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +ip test-ip4 output + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +ip test-ip4 output + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +ip test-ip4 output + [ reject type 0 code 10 ] + +# reject with icmp type admin-prohibited +ip test-ip4 output + [ reject type 0 code 13 ] + diff --git a/tests/regression/ip/sets.t.payload.inet b/tests/regression/ip/sets.t.payload.inet new file mode 100644 index 00000000..90417815 --- /dev/null +++ b/tests/regression/ip/sets.t.payload.inet @@ -0,0 +1,18 @@ +# ip saddr @set1 drop +set1 test-inet 0 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set1 ] + [ immediate reg 0 drop ] + +# ip saddr @set2 drop +set2 test-inet 0 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/regression/ip/sets.t.payload.ip b/tests/regression/ip/sets.t.payload.ip new file mode 100644 index 00000000..eb3770ea --- /dev/null +++ b/tests/regression/ip/sets.t.payload.ip @@ -0,0 +1,14 @@ +# ip saddr @set1 drop +set1 test-ip4 0 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set1 ] + [ immediate reg 0 drop ] + +# ip saddr @set2 drop +set2 test-ip4 0 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/regression/ip/snat.t.payload b/tests/regression/ip/snat.t.payload new file mode 100644 index 00000000..32ba4fa8 --- /dev/null +++ b/tests/regression/ip/snat.t.payload @@ -0,0 +1,50 @@ +# iifname "eth0" tcp dport 80-90 snat 192.168.3.2 +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport != 80-90 snat 192.168.3.2 +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00005000 ] + [ cmp gt reg 1 0x00005a00 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2 +set%d test-ip4 3 +set%d test-ip4 0 + element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 1 0x0203a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport != 23-34 snat 192.168.3.2 +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002200 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 0 ] + diff --git a/tests/regression/ip6/dnat.t.payload.ip6 b/tests/regression/ip6/dnat.t.payload.ip6 new file mode 100644 index 00000000..13c7a0e3 --- /dev/null +++ b/tests/regression/ip6/dnat.t.payload.ip6 @@ -0,0 +1,25 @@ +# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100 +ip6 test-ip6 prerouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00005000 ] + [ immediate reg 4 0x00006400 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] + +# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100 +ip6 test-ip6 prerouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00006400 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] + diff --git a/tests/regression/ip6/dst.t.payload.inet b/tests/regression/ip6/dst.t.payload.inet new file mode 100644 index 00000000..7a219f41 --- /dev/null +++ b/tests/regression/ip6/dst.t.payload.inet @@ -0,0 +1,94 @@ +# dst nexthdr 22 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst nexthdr != 233 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst nexthdr 33-45 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst nexthdr != 33-45 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst nexthdr { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-inet 3 +set%d test-inet 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr icmp +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# dst nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# dst hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst hdrlength { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/ip6/dst.t.payload.ip6 b/tests/regression/ip6/dst.t.payload.ip6 new file mode 100644 index 00000000..3c778f93 --- /dev/null +++ b/tests/regression/ip6/dst.t.payload.ip6 @@ -0,0 +1,95 @@ +# dst nexthdr 22 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst nexthdr != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst nexthdr 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst nexthdr != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst nexthdr { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr icmp +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# dst nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# dst hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst hdrlength { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + + diff --git a/tests/regression/ip6/hbh.t.payload.inet b/tests/regression/ip6/hbh.t.payload.inet new file mode 100644 index 00000000..2b4c9c77 --- /dev/null +++ b/tests/regression/ip6/hbh.t.payload.inet @@ -0,0 +1,94 @@ +# hbh hdrlength 22 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh hdrlength != 233 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh hdrlength 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh hdrlength != 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh hdrlength {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh hdrlength { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-inet 3 +set%d test-inet 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr 22 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh nexthdr != 233 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh nexthdr 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh nexthdr != 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh nexthdr {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr ip +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# hbh nexthdr != ip +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + diff --git a/tests/regression/ip6/hbh.t.payload.ip6 b/tests/regression/ip6/hbh.t.payload.ip6 new file mode 100644 index 00000000..a201ef56 --- /dev/null +++ b/tests/regression/ip6/hbh.t.payload.ip6 @@ -0,0 +1,94 @@ +# hbh hdrlength 22 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh hdrlength != 233 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh hdrlength 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh hdrlength != 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh hdrlength {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr 22 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh nexthdr != 233 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh nexthdr 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh nexthdr != 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh nexthdr {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr ip +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# hbh nexthdr != ip +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + diff --git a/tests/regression/ip6/icmpv6.t.payload.ip6 b/tests/regression/ip6/icmpv6.t.payload.ip6 new file mode 100644 index 00000000..55af9d8d --- /dev/null +++ b/tests/regression/ip6/icmpv6.t.payload.ip6 @@ -0,0 +1,409 @@ +# icmpv6 type destination-unreachable accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + +# icmpv6 type packet-too-big accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# icmpv6 type time-exceeded accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] + [ immediate reg 0 accept ] + +# icmpv6 type echo-request accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000080 ] + [ immediate reg 0 accept ] + +# icmpv6 type echo-reply accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ immediate reg 0 accept ] + +# icmpv6 type mld-listener-query accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000082 ] + [ immediate reg 0 accept ] + +# icmpv6 type mld-listener-report accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000083 ] + [ immediate reg 0 accept ] + +# icmpv6 type mld-listener-reduction accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-router-solicit accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000085 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-router-advert accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000086 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-neighbor-solicit accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000087 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-neighbor-advert accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-redirect accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000089 ] + [ immediate reg 0 accept ] + +# icmpv6 type router-renumbering accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000008a ] + [ immediate reg 0 accept ] + +# icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000001 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 0000008a : 0 [end] element 00000084 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000082 : 0 [end] element 00000003 : 0 [end] element 00000086 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 code 4 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + +# icmpv6 code 3-66 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000003 ] + [ cmp lte reg 1 0x00000042 ] + +# icmpv6 code {5, 6, 7} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 code { 3-66} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000003 : 0 [end] element 00000043 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 checksum 2222 log +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000ae08 ] + [ log prefix (null) ] + +# icmpv6 checksum != 2222 log +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000ae08 ] + [ log prefix (null) ] + +# icmpv6 checksum 222-226 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x0000de00 ] + [ cmp lte reg 1 0x0000e200 ] + +# icmpv6 checksum != 2222 log +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000ae08 ] + [ log prefix (null) ] + +# icmpv6 checksum { 222, 226} +set%d test-ip6 3 +set%d test-ip6 0 + element 0000de00 : 0 [end] element 0000e200 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 checksum { 222-226} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 0000de00 : 0 [end] element 0000e300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 mtu 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# icmpv6 mtu != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# icmpv6 mtu 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# icmpv6 mtu != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# icmpv6 mtu {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 mtu {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 id 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmpv6 id != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmpv6 id {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 id {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 sequence 2 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000200 ] + +# icmpv6 sequence {3, 4, 5, 6, 7} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 sequence {2, 4} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000200 : 0 [end] element 00000400 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 sequence 2-4 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00000200 ] + [ cmp lte reg 1 0x00000400 ] + +# icmpv6 sequence != 2-4 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00000200 ] + [ cmp gt reg 1 0x00000400 ] + +# icmpv6 sequence { 2-4} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000200 : 0 [end] element 00000500 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 max-delay 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmpv6 max-delay != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmpv6 max-delay {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 max-delay {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/ip6/ip6.t.payload.inet b/tests/regression/ip6/ip6.t.payload.inet new file mode 100644 index 00000000..b4fd2779 --- /dev/null +++ b/tests/regression/ip6/ip6.t.payload.inet @@ -0,0 +1,461 @@ +# ip6 flowlabel 22 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp eq reg 1 0x00160000 ] + +# ip6 flowlabel != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp neq reg 1 0x00e90000 ] + +# ip6 flowlabel { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 flowlabel { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 length 22 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip6 length != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip6 length 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip6 length != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip6 length { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log +set%d test-inet 3 +set%d test-inet 0 + element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + [ log prefix (null) ] + +# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-inet 3 +set%d test-inet 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr esp +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ip6 nexthdr != esp +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# ip6 nexthdr { 33-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr 33-44 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002c ] + +# ip6 nexthdr != 33-44 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002c ] + +# ip6 hoplimit 1 log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ log prefix (null) ] + +# ip6 hoplimit != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# ip6 hoplimit 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# ip6 hoplimit != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# ip6 hoplimit {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 hoplimit {33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::/64 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] + +# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + diff --git a/tests/regression/ip6/ip6.t.payload.ip6 b/tests/regression/ip6/ip6.t.payload.ip6 new file mode 100644 index 00000000..d355adae --- /dev/null +++ b/tests/regression/ip6/ip6.t.payload.ip6 @@ -0,0 +1,339 @@ +# ip6 flowlabel 22 +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp eq reg 1 0x00160000 ] + +# ip6 flowlabel != 233 +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp neq reg 1 0x00e90000 ] + +# ip6 flowlabel { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 flowlabel { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 length 22 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip6 length != 233 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip6 length 33-45 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip6 length != 33-45 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip6 length { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log +set%d test-ip6 3 +set%d test-ip6 0 + element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + [ log prefix (null) ] + +# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr esp +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ip6 nexthdr != esp +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# ip6 nexthdr { 33-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr 33-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002c ] + +# ip6 nexthdr != 33-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002c ] + +# ip6 hoplimit 1 log +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ log prefix (null) ] + +# ip6 hoplimit != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# ip6 hoplimit 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# ip6 hoplimit != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# ip6 hoplimit {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 hoplimit {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::/64 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] + +# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + diff --git a/tests/regression/ip6/masquerade.t.payload.ip6 b/tests/regression/ip6/masquerade.t.payload.ip6 new file mode 100644 index 00000000..2e8bf959 --- /dev/null +++ b/tests/regression/ip6/masquerade.t.payload.ip6 @@ -0,0 +1,127 @@ +# udp dport 53 masquerade +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq ] + +# udp dport 53 masquerade random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x4 ] + +# udp dport 53 masquerade random,persistent +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade random,persistent,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade random,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x14 ] + +# udp dport 53 masquerade random,fully-random,persistent +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x8 ] + +# udp dport 53 masquerade persistent,random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade persistent,random,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x18 ] + +# udp dport 53 masquerade persistent,fully-random,random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade +set%d test-ip6 3 +set%d test-ip6 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ masq ] + +# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade +ip6 test-ip6 postrouting + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] + [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ masq ] + +# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0 [end] element 0000de00 : 0 [end] +ip6 test-ip6 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + [ masq ] + diff --git a/tests/regression/ip6/mh.t.payload.inet b/tests/regression/ip6/mh.t.payload.inet new file mode 100644 index 00000000..53a0ce08 --- /dev/null +++ b/tests/regression/ip6/mh.t.payload.inet @@ -0,0 +1,198 @@ +# mh nexthdr 1 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != 1 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } +set%d test-inet 3 +set%d test-inet 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr icmp +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != icmp +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr 22 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh nexthdr != 233 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh nexthdr 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh nexthdr != 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh nexthdr { 33, 55, 67, 88 } +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr { 33-55 } +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength 22 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh hdrlength != 233 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh hdrlength 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh hdrlength != 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh hdrlength { 33, 55, 67, 88 } +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength { 33-55 } +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} +set%d test-inet 3 +set%d test-inet 0 + element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type home-agent-switch-message +inet test-inet input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp eq reg 1 0x0000000c ] + +# mh type != home-agent-switch-message +inet test-inet input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp neq reg 1 0x0000000c ] + +# mh reserved 22 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh reserved != 233 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh reserved 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh reserved != 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh reserved { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh reserved { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum 22 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# mh checksum != 233 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# mh checksum 33-45 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# mh checksum != 33-45 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# mh checksum { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/ip6/mh.t.payload.ip6 b/tests/regression/ip6/mh.t.payload.ip6 new file mode 100644 index 00000000..e903b74f --- /dev/null +++ b/tests/regression/ip6/mh.t.payload.ip6 @@ -0,0 +1,198 @@ +# mh nexthdr 1 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != 1 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } +set%d test-ip6 3 +set%d test-ip6 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr icmp +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr 22 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh nexthdr != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh nexthdr 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh nexthdr != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh nexthdr { 33, 55, 67, 88 } +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr { 33-55 } +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh hdrlength { 33, 55, 67, 88 } +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength { 33-55 } +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type home-agent-switch-message +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp eq reg 1 0x0000000c ] + +# mh type != home-agent-switch-message +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp neq reg 1 0x0000000c ] + +# mh reserved 22 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh reserved != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh reserved 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh reserved != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh reserved { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh reserved { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum 22 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# mh checksum != 233 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# mh checksum 33-45 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# mh checksum != 33-45 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# mh checksum { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/ip6/redirect.t.payload.ip6 b/tests/regression/ip6/redirect.t.payload.ip6 new file mode 100644 index 00000000..b05e2c9a --- /dev/null +++ b/tests/regression/ip6/redirect.t.payload.ip6 @@ -0,0 +1,185 @@ +# redirect +ip6 test-ip6 output + [ redir ] + +# udp dport 954 redirect +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000ba03 ] + [ redir ] + +# ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect +ip6 test-ip6 output + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ] + [ counter pkts 0 bytes 0 ] + [ redir ] + +# udp dport 53 redirect random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect random,persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect random,persistent,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect random,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect random,fully-random,persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect persistent,random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect persistent,random,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect persistent,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect persistent,fully-random,random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 1234 redirect to 1234 +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 1 0x0000d204 ] + [ redir ] + +# ip6 daddr fe00::cafe udp dport 9998 redirect to 6515 +ip6 test-ip6 output + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00000e27 ] + [ immediate reg 1 0x00007319 ] + [ redir ] + +# tcp dport 39128 redirect to 993 +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000d898 ] + [ immediate reg 1 0x0000e103 ] + [ redir ] + +# tcp dport 9128 redirect to 993 random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x0000e103 ] + [ redir ] + +# tcp dport 9128 redirect to 993 fully-random,persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x0000e103 ] + [ redir ] + +# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect +set%d test-ip6 3 +set%d test-ip6 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ redir ] + +# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect +ip6 test-ip6 output + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] + [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ redir ] + +# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0 [end] element 0000de00 : 0 [end] +ip6 test-ip6 output + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + [ redir ] + diff --git a/tests/regression/ip6/reject.t.payload.ip6 b/tests/regression/ip6/reject.t.payload.ip6 new file mode 100644 index 00000000..aa0b9ff2 --- /dev/null +++ b/tests/regression/ip6/reject.t.payload.ip6 @@ -0,0 +1,26 @@ +# reject +ip6 test-ip6 output + [ reject type 0 code 4 ] + +# reject with icmpv6 type no-route +ip6 test-ip6 output + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +ip6 test-ip6 output + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +ip6 test-ip6 output + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +ip6 test-ip6 output + [ reject type 0 code 4 ] + +# reject with tcp reset +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + diff --git a/tests/regression/ip6/rt.t.payload.inet b/tests/regression/ip6/rt.t.payload.inet new file mode 100644 index 00000000..9dc51b97 --- /dev/null +++ b/tests/regression/ip6/rt.t.payload.inet @@ -0,0 +1,180 @@ +# rt nexthdr 1 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != 1 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-inet 3 +set%d test-inet 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr icmp +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != icmp +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr 22 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt nexthdr != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt nexthdr 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt nexthdr != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt nexthdr { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength 22 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt hdrlength != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt hdrlength 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt hdrlength != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt hdrlength { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type 22 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt type != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt type 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt type != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt type { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left 22 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt seg-left != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt seg-left 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt seg-left != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt seg-left { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/ip6/rt.t.payload.ip6 b/tests/regression/ip6/rt.t.payload.ip6 new file mode 100644 index 00000000..f766ec0a --- /dev/null +++ b/tests/regression/ip6/rt.t.payload.ip6 @@ -0,0 +1,180 @@ +# rt nexthdr 1 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != 1 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr icmp +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt nexthdr != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt nexthdr 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt nexthdr != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt nexthdr { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt hdrlength { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt type != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt type 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt type != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt type { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt seg-left != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt seg-left 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt seg-left != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt seg-left { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/regression/ip6/sets.t.payload b/tests/regression/ip6/sets.t.payload new file mode 100644 index 00000000..e69de29b diff --git a/tests/regression/ip6/sets.t.payload.inet b/tests/regression/ip6/sets.t.payload.inet new file mode 100644 index 00000000..11dae48f --- /dev/null +++ b/tests/regression/ip6/sets.t.payload.inet @@ -0,0 +1,9 @@ +# ip6 saddr @set2 drop +set2 test-inet 0 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/regression/ip6/sets.t.payload.ip6 b/tests/regression/ip6/sets.t.payload.ip6 new file mode 100644 index 00000000..96b57f75 --- /dev/null +++ b/tests/regression/ip6/sets.t.payload.ip6 @@ -0,0 +1,7 @@ +# ip6 saddr @set2 drop +set2 test-ip6 0 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/regression/ip6/snat.t.payload.ip6 b/tests/regression/ip6/snat.t.payload.ip6 new file mode 100644 index 00000000..486bbb8b --- /dev/null +++ b/tests/regression/ip6/snat.t.payload.ip6 @@ -0,0 +1,25 @@ +# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100 +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00005000 ] + [ immediate reg 4 0x00006400 ] + [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] + +# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100 +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00006400 ] + [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] + diff --git a/tests/regression/ip6/vmap.t.payload.inet b/tests/regression/ip6/vmap.t.payload.inet new file mode 100644 index 00000000..f0312bf3 --- /dev/null +++ b/tests/regression/ip6/vmap.t.payload.inet @@ -0,0 +1,420 @@ +# ip6 saddr vmap { abcd::3 : accept } +map%d test-inet b +map%d test-inet 0 + element 0000cdab 00000000 00000000 03000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34120000 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34120000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00003412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 00003412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 34120000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00003412 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 34120000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00003412 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::/64 : accept} +map%d test-inet f +map%d test-inet 0 + element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + diff --git a/tests/regression/ip6/vmap.t.payload.ip6 b/tests/regression/ip6/vmap.t.payload.ip6 new file mode 100644 index 00000000..0701b9b3 --- /dev/null +++ b/tests/regression/ip6/vmap.t.payload.ip6 @@ -0,0 +1,336 @@ +# ip6 saddr vmap { abcd::3 : accept } +map%d test-ip6 b +map%d test-ip6 0 + element 0000cdab 00000000 00000000 03000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34120000 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34120000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00003412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 00003412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 34120000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00003412 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 34120000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00003412 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::/64 : accept} +map%d test-ip6 f +map%d test-ip6 0 + element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + diff --git a/tests/regression/nft-test.py b/tests/regression/nft-test.py index 153f5e8b..26fc2ec4 100755 --- a/tests/regression/nft-test.py +++ b/tests/regression/nft-test.py @@ -423,9 +423,32 @@ def output_clean(pre_output, chain): return "" return rule +def payload_check(payload_buffer, file, cmd): + + file.seek(0, 0) + + ret = False + i = 0 + + for lineno, want_line in enumerate(payload_buffer): + line = file.readline() + + if want_line == line: + i += 1 + continue + + if want_line.find('[') < 0 and line.find('[') < 0: + continue + if want_line.find(']') < 0 and line.find(']') < 0: + continue + + print_differences_warning(file.name, lineno, want_line.strip(), line.strip(), cmd); + return 0 + + return i > 0 def rule_add(rule, table_list, chain_list, filename, lineno, - force_all_family_option): + force_all_family_option, filename_path): ''' Adds a rule ''' @@ -437,7 +460,23 @@ def rule_add(rule, table_list, chain_list, filename, lineno, print_error(reason, filename, lineno) return [-1, warning, error, unit_tests] + payload_expected = [] + for table in table_list: + try: + payload_log = open("%s.payload.%s" % (filename_path, table[0])) + except (IOError): + payload_log = open("%s.payload" % filename_path) + + if rule[1].strip() == "ok": + try: + payload_expected.index(rule[0]) + except (ValueError): + payload_expected = payload_find_expected(payload_log, rule[0]) + + if payload_expected == []: + print_error("did not find payload information for rule '%s'" % rule[0], payload_log.name, 1) + for chain in chain_list: if len(rule) == 1: reason = "Skipping malformed test. (" + \ @@ -450,7 +489,10 @@ def rule_add(rule, table_list, chain_list, filename, lineno, table_info = " " + table[0] + " " + table[1] + " " cmd = "nft add rule" + table_info + chain + " " + rule[0] - ret = execute_cmd(cmd, filename, lineno) + payload_log = os.tmpfile(); + + cmd = "nft add rule --debug=netlink" + table_info + chain + " " + rule[0] + ret = execute_cmd(cmd, filename, lineno, payload_log) state = rule[1].rstrip() if (ret == 0 and state == "fail") or (ret != 0 and state == "ok"): @@ -470,6 +512,20 @@ def rule_add(rule, table_list, chain_list, filename, lineno, continue if ret == 0: + # Check for matching payload + if state == "ok" and not payload_check(payload_expected, payload_log, cmd): + error += 1 + gotf = open("%s.payload.got" % filename_path, 'a') + payload_log.seek(0, 0) + gotf.write("# %s\n" % rule[0]) + while True: + line = payload_log.readline() + if line == "": + break + gotf.write(line) + gotf.close() + print_warning("Wrote payload for rule %s" % rule[0], gotf.name, 1) + # Check output of nft process = subprocess.Popen(['nft', '-nnn', 'list', 'table'] + table, shell=False, stdout=subprocess.PIPE, @@ -536,7 +592,7 @@ def signal_handler(signal, frame): signal_received = 1 -def execute_cmd(cmd, filename, lineno): +def execute_cmd(cmd, filename, lineno, stdout_log = False): ''' Executes a command, checks for segfaults and returns the command exit code. @@ -549,8 +605,12 @@ def execute_cmd(cmd, filename, lineno): print >> log_file, "command: %s" % cmd if debug_option: print cmd + + if not stdout_log: + stdout_log = log_file + ret = subprocess.call(cmd, shell=True, universal_newlines=True, - stderr=subprocess.STDOUT, stdout=log_file, + stderr=log_file, stdout=stdout_log, preexec_fn=preexec) log_file.flush() @@ -619,6 +679,36 @@ def set_element_process(element_line, filename, lineno): return set_add_elements(set_element, set_name, all_set, rule_state, table_list, filename, lineno) +def payload_find_expected(payload_log, rule): + ''' + Find the netlink payload that should be generated by given rule in payload_log + + :param payload_log: open file handle of the payload data + :param rule: nft rule we are going to add + ''' + found = 0 + pos = 0 + payload_buffer = [] + + while True: + line = payload_log.readline() + if not line: + break + + if line[0] == "#": # rule start + rule_line = line.strip()[2:] + + if rule_line == rule.strip(): + found = 1 + continue + + if found == 1: + payload_buffer.append(line) + if line.isspace(): + return payload_buffer + + payload_log.seek(0, 0) + return payload_buffer def run_test_file(filename, force_all_family_option, specific_file): ''' @@ -699,7 +789,7 @@ def run_test_file(filename, force_all_family_option, specific_file): continue result = rule_add(rule, table_list, chain_list, filename, lineno, - force_all_family_option) + force_all_family_option, filename_path) tests += 1 ret = result[0] warning = result[1] -- cgit v1.2.3