From 1e173590ef999f110f90112573f5c590088165b0 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 28 Mar 2018 10:38:06 +0200 Subject: proto: permit icmp-in-ipv6 and icmpv6-in-ipv4 Jozsef points out that meta l4proto icmp icmp type destination-unreachable is hard to read. So, lets just add icmp/icmpv6 to ip/ip6 protocol base so users can just go with icmp type destination-unreachable and let nft fill in needed dependency. After this patch, the recent patch to not remove the dependency can be reverted again. Suggested-by: Pablo Neira Ayuso Signed-off-by: Florian Westphal --- tests/py/ip/meta.t | 6 +++--- tests/py/ip/meta.t.payload | 7 +++++++ tests/py/ip6/meta.t | 7 +++---- tests/py/ip6/meta.t.payload | 34 ++++++++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+), 7 deletions(-) create mode 100644 tests/py/ip6/meta.t.payload (limited to 'tests') diff --git a/tests/py/ip/meta.t b/tests/py/ip/meta.t index 31c99500..d0682adf 100644 --- a/tests/py/ip/meta.t +++ b/tests/py/ip/meta.t @@ -4,6 +4,6 @@ icmp type echo-request;ok meta l4proto icmp icmp type echo-request;ok;icmp type echo-request -meta l4proto ipv6-icmp icmpv6 type nd-router-advert;ok;meta l4proto 58 icmpv6 type nd-router-advert -meta l4proto 58 icmpv6 type nd-router-advert;ok -icmpv6 type nd-router-advert;fail +meta l4proto ipv6-icmp icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-advert +meta l4proto 58 icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-advert +icmpv6 type nd-router-advert;ok diff --git a/tests/py/ip/meta.t.payload b/tests/py/ip/meta.t.payload index b186b4b5..322c0878 100644 --- a/tests/py/ip/meta.t.payload +++ b/tests/py/ip/meta.t.payload @@ -26,3 +26,10 @@ ip test-ip4 input [ payload load 1b @ transport header + 0 => reg 1 ] [ cmp eq reg 1 0x00000086 ] +# icmpv6 type nd-router-advert +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000086 ] + diff --git a/tests/py/ip6/meta.t b/tests/py/ip6/meta.t index 68fa89f5..24445084 100644 --- a/tests/py/ip6/meta.t +++ b/tests/py/ip6/meta.t @@ -5,7 +5,6 @@ icmpv6 type nd-router-advert;ok meta l4proto ipv6-icmp icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-advert -meta l4proto icmp icmp type echo-request;ok;meta l4proto 1 icmp type echo-request -meta l4proto 1 icmp type echo-request;ok - -icmp type echo-request;fail +meta l4proto icmp icmp type echo-request;ok;icmp type echo-request +meta l4proto 1 icmp type echo-request;ok;icmp type echo-request +icmp type echo-request;ok diff --git a/tests/py/ip6/meta.t.payload b/tests/py/ip6/meta.t.payload new file mode 100644 index 00000000..f203baab --- /dev/null +++ b/tests/py/ip6/meta.t.payload @@ -0,0 +1,34 @@ +# icmpv6 type nd-router-advert +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000086 ] + +# meta l4proto ipv6-icmp icmpv6 type nd-router-advert +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000086 ] + +# meta l4proto icmp icmp type echo-request +ip6 test-ip6 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + +# meta l4proto 1 icmp type echo-request +ip6 test-ip6 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + +# icmp type echo-request +ip6 test-ip6 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] -- cgit v1.2.3