From 6b29a5bebb957387fe1aac8fcbfd431e6be237f0 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Fri, 11 Dec 2015 11:10:14 +0100 Subject: tests/: rearrange tests directory Rearrange the directory to obtain a better organization of files and tests-suites. We end with a tree like this: tests | .--- py .--- shell .--- files This was suggested by Pablo. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- tests/chain-rename.1 | 7 - tests/chain-rename.2 | 4 - tests/chain-rename.3 | 5 - tests/dictionary | 52 -- tests/error.1 | 9 - tests/error.2 | 18 - tests/expr-concat | 19 - tests/expr-ct | 26 - tests/expr-meta | 40 -- tests/family-bridge | 13 - tests/family-ipv4 | 14 - tests/family-ipv6 | 13 - tests/feat-adjancent-load-merging | 13 - tests/files/chain-rename.1 | 7 + tests/files/chain-rename.2 | 4 + tests/files/chain-rename.3 | 5 + tests/files/dictionary | 52 ++ tests/files/error.1 | 9 + tests/files/error.2 | 18 + tests/files/expr-concat | 19 + tests/files/expr-ct | 26 + tests/files/expr-meta | 40 ++ tests/files/family-bridge | 13 + tests/files/family-ipv4 | 14 + tests/files/family-ipv6 | 13 + tests/files/feat-adjancent-load-merging | 13 + tests/files/loop-detect.1 | 8 + tests/files/loop-detect.2 | 7 + tests/files/loop-detect.3 | 7 + tests/files/loop-detect.4 | 7 + tests/files/obj-chain | 22 + tests/files/obj-table | 9 + tests/files/payload-ll | 15 + tests/files/prefix | 5 + tests/files/set | 14 + tests/files/stmt-log | 6 + tests/files/symbolic-define.1 | 7 + tests/files/symbolic-define.2 | 7 + tests/files/symbolic-define.3 | 6 + tests/files/verdict-maps | 20 + tests/loop-detect.1 | 8 - tests/loop-detect.2 | 7 - tests/loop-detect.3 | 7 - tests/loop-detect.4 | 7 - tests/obj-chain | 22 - tests/obj-table | 9 - tests/payload-ll | 15 - tests/prefix | 5 - tests/py/README | 141 ++++ tests/py/any/ct.t | 109 +++ tests/py/any/ct.t.payload | 275 ++++++++ tests/py/any/frag.t | 64 ++ tests/py/any/frag.t.payload | 109 +++ tests/py/any/limit.t | 25 + tests/py/any/limit.t.payload | 64 ++ tests/py/any/log.t | 26 + tests/py/any/log.t.payload | 52 ++ tests/py/any/meta.t | 197 ++++++ tests/py/any/meta.t.payload | 756 ++++++++++++++++++++ tests/py/any/queue.t | 15 + tests/py/any/queue.t.payload | 24 + tests/py/arp/arp.t | 53 ++ tests/py/arp/arp.t.payload | 217 ++++++ tests/py/arp/chains.t | 6 + tests/py/arp/chains.t.payload | 0 tests/py/bridge/chains.t | 8 + tests/py/bridge/chains.t.payload | 0 tests/py/bridge/ether.t | 8 + tests/py/bridge/ether.t.payload | 44 ++ tests/py/bridge/reject.t | 38 + tests/py/bridge/reject.t.payload | 106 +++ tests/py/bridge/vlan.t | 34 + tests/py/bridge/vlan.t.payload | 201 ++++++ tests/py/inet/ah.t | 58 ++ tests/py/inet/ah.t.payload.inet | 186 +++++ tests/py/inet/ah.t.payload.ip | 186 +++++ tests/py/inet/ah.t.payload.ip6 | 186 +++++ tests/py/inet/comp.t | 31 + tests/py/inet/comp.t.payload.inet | 107 +++ tests/py/inet/comp.t.payload.ip | 107 +++ tests/py/inet/comp.t.payload.ip6 | 107 +++ tests/py/inet/dccp.t | 33 + tests/py/inet/dccp.t.payload.inet | 82 +++ tests/py/inet/dccp.t.payload.ip | 82 +++ tests/py/inet/dccp.t.payload.ip6 | 82 +++ tests/py/inet/esp.t | 23 + tests/py/inet/esp.t.payload.inet | 93 +++ tests/py/inet/esp.t.payload.ip | 93 +++ tests/py/inet/esp.t.payload.ip6 | 93 +++ tests/py/inet/ether-ip.t | 5 + tests/py/inet/ether-ip.t.payload | 28 + tests/py/inet/ether.t | 13 + tests/py/inet/ether.t.payload | 55 ++ tests/py/inet/ether.t.payload.bridge | 49 ++ tests/py/inet/ether.t.payload.ip | 55 ++ tests/py/inet/ether.t.payload.ip6 | 55 ++ tests/py/inet/ip.t | 7 + tests/py/inet/ip.t.payload.bridge | 11 + tests/py/inet/ip.t.payload.inet | 13 + tests/py/inet/ip.t.payload.ip | 11 + tests/py/inet/reject.t | 35 + tests/py/inet/reject.t.payload.inet | 220 ++++++ tests/py/inet/sctp.t | 42 ++ tests/py/inet/sctp.t.payload.inet | 200 ++++++ tests/py/inet/sctp.t.payload.ip | 200 ++++++ tests/py/inet/sctp.t.payload.ip6 | 200 ++++++ tests/py/inet/tcp.t | 105 +++ tests/py/inet/tcp.t.payload.inet | 508 ++++++++++++++ tests/py/inet/tcp.t.payload.ip | 508 ++++++++++++++ tests/py/inet/tcp.t.payload.ip6 | 508 ++++++++++++++ tests/py/inet/udp.t | 49 ++ tests/py/inet/udp.t.payload.ip | 222 ++++++ tests/py/inet/udplite.t | 42 ++ tests/py/inet/udplite.t.payload.inet | 169 +++++ tests/py/inet/udplite.t.payload.ip | 169 +++++ tests/py/inet/udplite.t.payload.ip6 | 169 +++++ tests/py/ip/chains.t | 15 + tests/py/ip/dnat.t | 15 + tests/py/ip/dnat.t.payload.ip | 69 ++ tests/py/ip/dup.t | 6 + tests/py/ip/dup.t.payload | 21 + tests/py/ip/ether.t | 8 + tests/py/ip/ether.t.payload | 50 ++ tests/py/ip/icmp.t | 93 +++ tests/py/ip/icmp.t.payload.ip | 463 ++++++++++++ tests/py/ip/ip.t | 117 ++++ tests/py/ip/ip.t.payload | 386 ++++++++++ tests/py/ip/ip.t.payload.inet | 506 ++++++++++++++ tests/py/ip/masquerade.t | 25 + tests/py/ip/masquerade.t.payload | 127 ++++ tests/py/ip/redirect.t | 45 ++ tests/py/ip/redirect.t.payload | 201 ++++++ tests/py/ip/reject.t | 14 + tests/py/ip/reject.t.payload | 32 + tests/py/ip/sets.t | 30 + tests/py/ip/sets.t.payload.inet | 16 + tests/py/ip/sets.t.payload.ip | 12 + tests/py/ip/snat.t | 12 + tests/py/ip/snat.t.payload | 50 ++ tests/py/ip6/chains.t | 17 + tests/py/ip6/dnat.t | 5 + tests/py/ip6/dnat.t.payload.ip6 | 25 + tests/py/ip6/dst.t | 25 + tests/py/ip6/dst.t.payload.inet | 94 +++ tests/py/ip6/dst.t.payload.ip6 | 95 +++ tests/py/ip6/dup.t | 6 + tests/py/ip6/dup.t.payload | 21 + tests/py/ip6/ether.t | 8 + tests/py/ip6/ether.t.payload | 49 ++ tests/py/ip6/hbh.t | 25 + tests/py/ip6/hbh.t.payload.inet | 94 +++ tests/py/ip6/hbh.t.payload.ip6 | 94 +++ tests/py/ip6/icmpv6.t | 96 +++ tests/py/ip6/icmpv6.t.payload.ip6 | 409 +++++++++++ tests/py/ip6/ip6.t | 143 ++++ tests/py/ip6/ip6.t.payload.inet | 461 ++++++++++++ tests/py/ip6/ip6.t.payload.ip6 | 339 +++++++++ tests/py/ip6/masquerade.t | 25 + tests/py/ip6/masquerade.t.payload.ip6 | 127 ++++ tests/py/ip6/mh.t | 49 ++ tests/py/ip6/mh.t.payload.inet | 198 ++++++ tests/py/ip6/mh.t.payload.ip6 | 198 ++++++ tests/py/ip6/redirect.t | 44 ++ tests/py/ip6/redirect.t.payload.ip6 | 185 +++++ tests/py/ip6/reject.t | 12 + tests/py/ip6/reject.t.payload.ip6 | 26 + tests/py/ip6/rt.t | 45 ++ tests/py/ip6/rt.t.payload.inet | 180 +++++ tests/py/ip6/rt.t.payload.ip6 | 180 +++++ tests/py/ip6/sets.t | 22 + tests/py/ip6/sets.t.payload | 0 tests/py/ip6/sets.t.payload.inet | 8 + tests/py/ip6/sets.t.payload.ip6 | 6 + tests/py/ip6/snat.t | 5 + tests/py/ip6/snat.t.payload.ip6 | 25 + tests/py/ip6/vmap.t | 54 ++ tests/py/ip6/vmap.t.payload.inet | 420 +++++++++++ tests/py/ip6/vmap.t.payload.ip6 | 336 +++++++++ tests/py/nft-test.py | 968 ++++++++++++++++++++++++++ tests/regression/README | 141 ---- tests/regression/any/ct.t | 109 --- tests/regression/any/ct.t.payload | 275 -------- tests/regression/any/frag.t | 64 -- tests/regression/any/frag.t.payload | 109 --- tests/regression/any/limit.t | 25 - tests/regression/any/limit.t.payload | 64 -- tests/regression/any/log.t | 26 - tests/regression/any/log.t.payload | 52 -- tests/regression/any/meta.t | 197 ------ tests/regression/any/meta.t.payload | 756 -------------------- tests/regression/any/queue.t | 15 - tests/regression/any/queue.t.payload | 24 - tests/regression/arp/arp.t | 53 -- tests/regression/arp/arp.t.payload | 217 ------ tests/regression/arp/chains.t | 6 - tests/regression/arp/chains.t.payload | 0 tests/regression/bridge/chains.t | 8 - tests/regression/bridge/chains.t.payload | 0 tests/regression/bridge/ether.t | 8 - tests/regression/bridge/ether.t.payload | 44 -- tests/regression/bridge/reject.t | 38 - tests/regression/bridge/reject.t.payload | 106 --- tests/regression/bridge/vlan.t | 34 - tests/regression/bridge/vlan.t.payload | 201 ------ tests/regression/inet/ah.t | 58 -- tests/regression/inet/ah.t.payload.inet | 186 ----- tests/regression/inet/ah.t.payload.ip | 186 ----- tests/regression/inet/ah.t.payload.ip6 | 186 ----- tests/regression/inet/comp.t | 31 - tests/regression/inet/comp.t.payload.inet | 107 --- tests/regression/inet/comp.t.payload.ip | 107 --- tests/regression/inet/comp.t.payload.ip6 | 107 --- tests/regression/inet/dccp.t | 33 - tests/regression/inet/dccp.t.payload.inet | 82 --- tests/regression/inet/dccp.t.payload.ip | 82 --- tests/regression/inet/dccp.t.payload.ip6 | 82 --- tests/regression/inet/esp.t | 23 - tests/regression/inet/esp.t.payload.inet | 93 --- tests/regression/inet/esp.t.payload.ip | 93 --- tests/regression/inet/esp.t.payload.ip6 | 93 --- tests/regression/inet/ether-ip.t | 5 - tests/regression/inet/ether-ip.t.payload | 28 - tests/regression/inet/ether.t | 13 - tests/regression/inet/ether.t.payload | 55 -- tests/regression/inet/ether.t.payload.bridge | 49 -- tests/regression/inet/ether.t.payload.ip | 55 -- tests/regression/inet/ether.t.payload.ip6 | 55 -- tests/regression/inet/ip.t | 7 - tests/regression/inet/ip.t.payload.bridge | 11 - tests/regression/inet/ip.t.payload.inet | 13 - tests/regression/inet/ip.t.payload.ip | 11 - tests/regression/inet/reject.t | 35 - tests/regression/inet/reject.t.payload.inet | 220 ------ tests/regression/inet/sctp.t | 42 -- tests/regression/inet/sctp.t.payload.inet | 200 ------ tests/regression/inet/sctp.t.payload.ip | 200 ------ tests/regression/inet/sctp.t.payload.ip6 | 200 ------ tests/regression/inet/tcp.t | 105 --- tests/regression/inet/tcp.t.payload.inet | 508 -------------- tests/regression/inet/tcp.t.payload.ip | 508 -------------- tests/regression/inet/tcp.t.payload.ip6 | 508 -------------- tests/regression/inet/udp.t | 49 -- tests/regression/inet/udp.t.payload.ip | 222 ------ tests/regression/inet/udplite.t | 42 -- tests/regression/inet/udplite.t.payload.inet | 169 ----- tests/regression/inet/udplite.t.payload.ip | 169 ----- tests/regression/inet/udplite.t.payload.ip6 | 169 ----- tests/regression/ip/chains.t | 15 - tests/regression/ip/dnat.t | 15 - tests/regression/ip/dnat.t.payload.ip | 69 -- tests/regression/ip/dup.t | 6 - tests/regression/ip/dup.t.payload | 21 - tests/regression/ip/ether.t | 8 - tests/regression/ip/ether.t.payload | 50 -- tests/regression/ip/icmp.t | 93 --- tests/regression/ip/icmp.t.payload.ip | 463 ------------ tests/regression/ip/ip.t | 117 ---- tests/regression/ip/ip.t.payload | 386 ---------- tests/regression/ip/ip.t.payload.inet | 506 -------------- tests/regression/ip/masquerade.t | 25 - tests/regression/ip/masquerade.t.payload | 127 ---- tests/regression/ip/redirect.t | 45 -- tests/regression/ip/redirect.t.payload | 201 ------ tests/regression/ip/reject.t | 14 - tests/regression/ip/reject.t.payload | 32 - tests/regression/ip/sets.t | 30 - tests/regression/ip/sets.t.payload.inet | 16 - tests/regression/ip/sets.t.payload.ip | 12 - tests/regression/ip/snat.t | 12 - tests/regression/ip/snat.t.payload | 50 -- tests/regression/ip6/chains.t | 17 - tests/regression/ip6/dnat.t | 5 - tests/regression/ip6/dnat.t.payload.ip6 | 25 - tests/regression/ip6/dst.t | 25 - tests/regression/ip6/dst.t.payload.inet | 94 --- tests/regression/ip6/dst.t.payload.ip6 | 95 --- tests/regression/ip6/dup.t | 6 - tests/regression/ip6/dup.t.payload | 21 - tests/regression/ip6/ether.t | 8 - tests/regression/ip6/ether.t.payload | 49 -- tests/regression/ip6/hbh.t | 25 - tests/regression/ip6/hbh.t.payload.inet | 94 --- tests/regression/ip6/hbh.t.payload.ip6 | 94 --- tests/regression/ip6/icmpv6.t | 96 --- tests/regression/ip6/icmpv6.t.payload.ip6 | 409 ----------- tests/regression/ip6/ip6.t | 143 ---- tests/regression/ip6/ip6.t.payload.inet | 461 ------------ tests/regression/ip6/ip6.t.payload.ip6 | 339 --------- tests/regression/ip6/masquerade.t | 25 - tests/regression/ip6/masquerade.t.payload.ip6 | 127 ---- tests/regression/ip6/mh.t | 49 -- tests/regression/ip6/mh.t.payload.inet | 198 ------ tests/regression/ip6/mh.t.payload.ip6 | 198 ------ tests/regression/ip6/redirect.t | 44 -- tests/regression/ip6/redirect.t.payload.ip6 | 185 ----- tests/regression/ip6/reject.t | 12 - tests/regression/ip6/reject.t.payload.ip6 | 26 - tests/regression/ip6/rt.t | 45 -- tests/regression/ip6/rt.t.payload.inet | 180 ----- tests/regression/ip6/rt.t.payload.ip6 | 180 ----- tests/regression/ip6/sets.t | 22 - tests/regression/ip6/sets.t.payload | 0 tests/regression/ip6/sets.t.payload.inet | 8 - tests/regression/ip6/sets.t.payload.ip6 | 6 - tests/regression/ip6/snat.t | 5 - tests/regression/ip6/snat.t.payload.ip6 | 25 - tests/regression/ip6/vmap.t | 54 -- tests/regression/ip6/vmap.t.payload.inet | 420 ----------- tests/regression/ip6/vmap.t.payload.ip6 | 336 --------- tests/regression/nft-test.py | 968 -------------------------- tests/set | 14 - tests/stmt-log | 6 - tests/symbolic-define.1 | 7 - tests/symbolic-define.2 | 7 - tests/symbolic-define.3 | 6 - tests/verdict-maps | 20 - 316 files changed, 15574 insertions(+), 15574 deletions(-) delete mode 100644 tests/chain-rename.1 delete mode 100644 tests/chain-rename.2 delete mode 100644 tests/chain-rename.3 delete mode 100644 tests/dictionary delete mode 100644 tests/error.1 delete mode 100644 tests/error.2 delete mode 100644 tests/expr-concat delete mode 100644 tests/expr-ct delete mode 100644 tests/expr-meta delete mode 100644 tests/family-bridge delete mode 100644 tests/family-ipv4 delete mode 100644 tests/family-ipv6 delete mode 100644 tests/feat-adjancent-load-merging create mode 100644 tests/files/chain-rename.1 create mode 100644 tests/files/chain-rename.2 create mode 100644 tests/files/chain-rename.3 create mode 100644 tests/files/dictionary create mode 100644 tests/files/error.1 create mode 100644 tests/files/error.2 create mode 100644 tests/files/expr-concat create mode 100644 tests/files/expr-ct create mode 100644 tests/files/expr-meta create mode 100644 tests/files/family-bridge create mode 100644 tests/files/family-ipv4 create mode 100644 tests/files/family-ipv6 create mode 100644 tests/files/feat-adjancent-load-merging create mode 100644 tests/files/loop-detect.1 create mode 100644 tests/files/loop-detect.2 create mode 100644 tests/files/loop-detect.3 create mode 100644 tests/files/loop-detect.4 create mode 100644 tests/files/obj-chain create mode 100644 tests/files/obj-table create mode 100644 tests/files/payload-ll create mode 100644 tests/files/prefix create mode 100644 tests/files/set create mode 100644 tests/files/stmt-log create mode 100644 tests/files/symbolic-define.1 create mode 100644 tests/files/symbolic-define.2 create mode 100644 tests/files/symbolic-define.3 create mode 100644 tests/files/verdict-maps delete mode 100644 tests/loop-detect.1 delete mode 100644 tests/loop-detect.2 delete mode 100644 tests/loop-detect.3 delete mode 100644 tests/loop-detect.4 delete mode 100644 tests/obj-chain delete mode 100644 tests/obj-table delete mode 100644 tests/payload-ll delete mode 100644 tests/prefix create mode 100644 tests/py/README create mode 100644 tests/py/any/ct.t create mode 100644 tests/py/any/ct.t.payload create mode 100644 tests/py/any/frag.t create mode 100644 tests/py/any/frag.t.payload create mode 100644 tests/py/any/limit.t create mode 100644 tests/py/any/limit.t.payload create mode 100644 tests/py/any/log.t create mode 100644 tests/py/any/log.t.payload create mode 100644 tests/py/any/meta.t create mode 100644 tests/py/any/meta.t.payload create mode 100644 tests/py/any/queue.t create mode 100644 tests/py/any/queue.t.payload create mode 100644 tests/py/arp/arp.t create mode 100644 tests/py/arp/arp.t.payload create mode 100644 tests/py/arp/chains.t create mode 100644 tests/py/arp/chains.t.payload create mode 100644 tests/py/bridge/chains.t create mode 100644 tests/py/bridge/chains.t.payload create mode 100644 tests/py/bridge/ether.t create mode 100644 tests/py/bridge/ether.t.payload create mode 100644 tests/py/bridge/reject.t create mode 100644 tests/py/bridge/reject.t.payload create mode 100644 tests/py/bridge/vlan.t create mode 100644 tests/py/bridge/vlan.t.payload create mode 100644 tests/py/inet/ah.t create mode 100644 tests/py/inet/ah.t.payload.inet create mode 100644 tests/py/inet/ah.t.payload.ip create mode 100644 tests/py/inet/ah.t.payload.ip6 create mode 100644 tests/py/inet/comp.t create mode 100644 tests/py/inet/comp.t.payload.inet create mode 100644 tests/py/inet/comp.t.payload.ip create mode 100644 tests/py/inet/comp.t.payload.ip6 create mode 100644 tests/py/inet/dccp.t create mode 100644 tests/py/inet/dccp.t.payload.inet create mode 100644 tests/py/inet/dccp.t.payload.ip create mode 100644 tests/py/inet/dccp.t.payload.ip6 create mode 100644 tests/py/inet/esp.t create mode 100644 tests/py/inet/esp.t.payload.inet create mode 100644 tests/py/inet/esp.t.payload.ip create mode 100644 tests/py/inet/esp.t.payload.ip6 create mode 100644 tests/py/inet/ether-ip.t create mode 100644 tests/py/inet/ether-ip.t.payload create mode 100644 tests/py/inet/ether.t create mode 100644 tests/py/inet/ether.t.payload create mode 100644 tests/py/inet/ether.t.payload.bridge create mode 100644 tests/py/inet/ether.t.payload.ip create mode 100644 tests/py/inet/ether.t.payload.ip6 create mode 100644 tests/py/inet/ip.t create mode 100644 tests/py/inet/ip.t.payload.bridge create mode 100644 tests/py/inet/ip.t.payload.inet create mode 100644 tests/py/inet/ip.t.payload.ip create mode 100644 tests/py/inet/reject.t create mode 100644 tests/py/inet/reject.t.payload.inet create mode 100644 tests/py/inet/sctp.t create mode 100644 tests/py/inet/sctp.t.payload.inet create mode 100644 tests/py/inet/sctp.t.payload.ip create mode 100644 tests/py/inet/sctp.t.payload.ip6 create mode 100644 tests/py/inet/tcp.t create mode 100644 tests/py/inet/tcp.t.payload.inet create mode 100644 tests/py/inet/tcp.t.payload.ip create mode 100644 tests/py/inet/tcp.t.payload.ip6 create mode 100644 tests/py/inet/udp.t create mode 100644 tests/py/inet/udp.t.payload.ip create mode 100644 tests/py/inet/udplite.t create mode 100644 tests/py/inet/udplite.t.payload.inet create mode 100644 tests/py/inet/udplite.t.payload.ip create mode 100644 tests/py/inet/udplite.t.payload.ip6 create mode 100644 tests/py/ip/chains.t create mode 100644 tests/py/ip/dnat.t create mode 100644 tests/py/ip/dnat.t.payload.ip create mode 100644 tests/py/ip/dup.t create mode 100644 tests/py/ip/dup.t.payload create mode 100644 tests/py/ip/ether.t create mode 100644 tests/py/ip/ether.t.payload create mode 100644 tests/py/ip/icmp.t create mode 100644 tests/py/ip/icmp.t.payload.ip create mode 100644 tests/py/ip/ip.t create mode 100644 tests/py/ip/ip.t.payload create mode 100644 tests/py/ip/ip.t.payload.inet create mode 100644 tests/py/ip/masquerade.t create mode 100644 tests/py/ip/masquerade.t.payload create mode 100644 tests/py/ip/redirect.t create mode 100644 tests/py/ip/redirect.t.payload create mode 100644 tests/py/ip/reject.t create mode 100644 tests/py/ip/reject.t.payload create mode 100644 tests/py/ip/sets.t create mode 100644 tests/py/ip/sets.t.payload.inet create mode 100644 tests/py/ip/sets.t.payload.ip create mode 100644 tests/py/ip/snat.t create mode 100644 tests/py/ip/snat.t.payload create mode 100644 tests/py/ip6/chains.t create mode 100644 tests/py/ip6/dnat.t create mode 100644 tests/py/ip6/dnat.t.payload.ip6 create mode 100644 tests/py/ip6/dst.t create mode 100644 tests/py/ip6/dst.t.payload.inet create mode 100644 tests/py/ip6/dst.t.payload.ip6 create mode 100644 tests/py/ip6/dup.t create mode 100644 tests/py/ip6/dup.t.payload create mode 100644 tests/py/ip6/ether.t create mode 100644 tests/py/ip6/ether.t.payload create mode 100644 tests/py/ip6/hbh.t create mode 100644 tests/py/ip6/hbh.t.payload.inet create mode 100644 tests/py/ip6/hbh.t.payload.ip6 create mode 100644 tests/py/ip6/icmpv6.t create mode 100644 tests/py/ip6/icmpv6.t.payload.ip6 create mode 100644 tests/py/ip6/ip6.t create mode 100644 tests/py/ip6/ip6.t.payload.inet create mode 100644 tests/py/ip6/ip6.t.payload.ip6 create mode 100644 tests/py/ip6/masquerade.t create mode 100644 tests/py/ip6/masquerade.t.payload.ip6 create mode 100644 tests/py/ip6/mh.t create mode 100644 tests/py/ip6/mh.t.payload.inet create mode 100644 tests/py/ip6/mh.t.payload.ip6 create mode 100644 tests/py/ip6/redirect.t create mode 100644 tests/py/ip6/redirect.t.payload.ip6 create mode 100644 tests/py/ip6/reject.t create mode 100644 tests/py/ip6/reject.t.payload.ip6 create mode 100644 tests/py/ip6/rt.t create mode 100644 tests/py/ip6/rt.t.payload.inet create mode 100644 tests/py/ip6/rt.t.payload.ip6 create mode 100644 tests/py/ip6/sets.t create mode 100644 tests/py/ip6/sets.t.payload create mode 100644 tests/py/ip6/sets.t.payload.inet create mode 100644 tests/py/ip6/sets.t.payload.ip6 create mode 100644 tests/py/ip6/snat.t create mode 100644 tests/py/ip6/snat.t.payload.ip6 create mode 100644 tests/py/ip6/vmap.t create mode 100644 tests/py/ip6/vmap.t.payload.inet create mode 100644 tests/py/ip6/vmap.t.payload.ip6 create mode 100755 tests/py/nft-test.py delete mode 100644 tests/regression/README delete mode 100644 tests/regression/any/ct.t delete mode 100644 tests/regression/any/ct.t.payload delete mode 100644 tests/regression/any/frag.t delete mode 100644 tests/regression/any/frag.t.payload delete mode 100644 tests/regression/any/limit.t delete mode 100644 tests/regression/any/limit.t.payload delete mode 100644 tests/regression/any/log.t delete mode 100644 tests/regression/any/log.t.payload delete mode 100644 tests/regression/any/meta.t delete mode 100644 tests/regression/any/meta.t.payload delete mode 100644 tests/regression/any/queue.t delete mode 100644 tests/regression/any/queue.t.payload delete mode 100644 tests/regression/arp/arp.t delete mode 100644 tests/regression/arp/arp.t.payload delete mode 100644 tests/regression/arp/chains.t delete mode 100644 tests/regression/arp/chains.t.payload delete mode 100644 tests/regression/bridge/chains.t delete mode 100644 tests/regression/bridge/chains.t.payload delete mode 100644 tests/regression/bridge/ether.t delete mode 100644 tests/regression/bridge/ether.t.payload delete mode 100644 tests/regression/bridge/reject.t delete mode 100644 tests/regression/bridge/reject.t.payload delete mode 100644 tests/regression/bridge/vlan.t delete mode 100644 tests/regression/bridge/vlan.t.payload delete mode 100644 tests/regression/inet/ah.t delete mode 100644 tests/regression/inet/ah.t.payload.inet delete mode 100644 tests/regression/inet/ah.t.payload.ip delete mode 100644 tests/regression/inet/ah.t.payload.ip6 delete mode 100644 tests/regression/inet/comp.t delete mode 100644 tests/regression/inet/comp.t.payload.inet delete mode 100644 tests/regression/inet/comp.t.payload.ip delete mode 100644 tests/regression/inet/comp.t.payload.ip6 delete mode 100644 tests/regression/inet/dccp.t delete mode 100644 tests/regression/inet/dccp.t.payload.inet delete mode 100644 tests/regression/inet/dccp.t.payload.ip delete mode 100644 tests/regression/inet/dccp.t.payload.ip6 delete mode 100644 tests/regression/inet/esp.t delete mode 100644 tests/regression/inet/esp.t.payload.inet delete mode 100644 tests/regression/inet/esp.t.payload.ip delete mode 100644 tests/regression/inet/esp.t.payload.ip6 delete mode 100644 tests/regression/inet/ether-ip.t delete mode 100644 tests/regression/inet/ether-ip.t.payload delete mode 100644 tests/regression/inet/ether.t delete mode 100644 tests/regression/inet/ether.t.payload delete mode 100644 tests/regression/inet/ether.t.payload.bridge delete mode 100644 tests/regression/inet/ether.t.payload.ip delete mode 100644 tests/regression/inet/ether.t.payload.ip6 delete mode 100644 tests/regression/inet/ip.t delete mode 100644 tests/regression/inet/ip.t.payload.bridge delete mode 100644 tests/regression/inet/ip.t.payload.inet delete mode 100644 tests/regression/inet/ip.t.payload.ip delete mode 100644 tests/regression/inet/reject.t delete mode 100644 tests/regression/inet/reject.t.payload.inet delete mode 100644 tests/regression/inet/sctp.t delete mode 100644 tests/regression/inet/sctp.t.payload.inet delete mode 100644 tests/regression/inet/sctp.t.payload.ip delete mode 100644 tests/regression/inet/sctp.t.payload.ip6 delete mode 100644 tests/regression/inet/tcp.t delete mode 100644 tests/regression/inet/tcp.t.payload.inet delete mode 100644 tests/regression/inet/tcp.t.payload.ip delete mode 100644 tests/regression/inet/tcp.t.payload.ip6 delete mode 100644 tests/regression/inet/udp.t delete mode 100644 tests/regression/inet/udp.t.payload.ip delete mode 100644 tests/regression/inet/udplite.t delete mode 100644 tests/regression/inet/udplite.t.payload.inet delete mode 100644 tests/regression/inet/udplite.t.payload.ip delete mode 100644 tests/regression/inet/udplite.t.payload.ip6 delete mode 100644 tests/regression/ip/chains.t delete mode 100644 tests/regression/ip/dnat.t delete mode 100644 tests/regression/ip/dnat.t.payload.ip delete mode 100644 tests/regression/ip/dup.t delete mode 100644 tests/regression/ip/dup.t.payload delete mode 100644 tests/regression/ip/ether.t delete mode 100644 tests/regression/ip/ether.t.payload delete mode 100644 tests/regression/ip/icmp.t delete mode 100644 tests/regression/ip/icmp.t.payload.ip delete mode 100644 tests/regression/ip/ip.t delete mode 100644 tests/regression/ip/ip.t.payload delete mode 100644 tests/regression/ip/ip.t.payload.inet delete mode 100644 tests/regression/ip/masquerade.t delete mode 100644 tests/regression/ip/masquerade.t.payload delete mode 100644 tests/regression/ip/redirect.t delete mode 100644 tests/regression/ip/redirect.t.payload delete mode 100644 tests/regression/ip/reject.t delete mode 100644 tests/regression/ip/reject.t.payload delete mode 100644 tests/regression/ip/sets.t delete mode 100644 tests/regression/ip/sets.t.payload.inet delete mode 100644 tests/regression/ip/sets.t.payload.ip delete mode 100644 tests/regression/ip/snat.t delete mode 100644 tests/regression/ip/snat.t.payload delete mode 100644 tests/regression/ip6/chains.t delete mode 100644 tests/regression/ip6/dnat.t delete mode 100644 tests/regression/ip6/dnat.t.payload.ip6 delete mode 100644 tests/regression/ip6/dst.t delete mode 100644 tests/regression/ip6/dst.t.payload.inet delete mode 100644 tests/regression/ip6/dst.t.payload.ip6 delete mode 100644 tests/regression/ip6/dup.t delete mode 100644 tests/regression/ip6/dup.t.payload delete mode 100644 tests/regression/ip6/ether.t delete mode 100644 tests/regression/ip6/ether.t.payload delete mode 100644 tests/regression/ip6/hbh.t delete mode 100644 tests/regression/ip6/hbh.t.payload.inet delete mode 100644 tests/regression/ip6/hbh.t.payload.ip6 delete mode 100644 tests/regression/ip6/icmpv6.t delete mode 100644 tests/regression/ip6/icmpv6.t.payload.ip6 delete mode 100644 tests/regression/ip6/ip6.t delete mode 100644 tests/regression/ip6/ip6.t.payload.inet delete mode 100644 tests/regression/ip6/ip6.t.payload.ip6 delete mode 100644 tests/regression/ip6/masquerade.t delete mode 100644 tests/regression/ip6/masquerade.t.payload.ip6 delete mode 100644 tests/regression/ip6/mh.t delete mode 100644 tests/regression/ip6/mh.t.payload.inet delete mode 100644 tests/regression/ip6/mh.t.payload.ip6 delete mode 100644 tests/regression/ip6/redirect.t delete mode 100644 tests/regression/ip6/redirect.t.payload.ip6 delete mode 100644 tests/regression/ip6/reject.t delete mode 100644 tests/regression/ip6/reject.t.payload.ip6 delete mode 100644 tests/regression/ip6/rt.t delete mode 100644 tests/regression/ip6/rt.t.payload.inet delete mode 100644 tests/regression/ip6/rt.t.payload.ip6 delete mode 100644 tests/regression/ip6/sets.t delete mode 100644 tests/regression/ip6/sets.t.payload delete mode 100644 tests/regression/ip6/sets.t.payload.inet delete mode 100644 tests/regression/ip6/sets.t.payload.ip6 delete mode 100644 tests/regression/ip6/snat.t delete mode 100644 tests/regression/ip6/snat.t.payload.ip6 delete mode 100644 tests/regression/ip6/vmap.t delete mode 100644 tests/regression/ip6/vmap.t.payload.inet delete mode 100644 tests/regression/ip6/vmap.t.payload.ip6 delete mode 100755 tests/regression/nft-test.py delete mode 100644 tests/set delete mode 100644 tests/stmt-log delete mode 100644 tests/symbolic-define.1 delete mode 100644 tests/symbolic-define.2 delete mode 100644 tests/symbolic-define.3 delete mode 100644 tests/verdict-maps (limited to 'tests') diff --git a/tests/chain-rename.1 b/tests/chain-rename.1 deleted file mode 100644 index 870416ca..00000000 --- a/tests/chain-rename.1 +++ /dev/null @@ -1,7 +0,0 @@ -#! nft -f - -# Create table and empty chains for rename test -add table filter - -add chain filter chain1 -add chain filter chain2 diff --git a/tests/chain-rename.2 b/tests/chain-rename.2 deleted file mode 100644 index 1250dab0..00000000 --- a/tests/chain-rename.2 +++ /dev/null @@ -1,4 +0,0 @@ -#! nft -f - -# must fail: already exists -rename chain filter chain1 chain2 diff --git a/tests/chain-rename.3 b/tests/chain-rename.3 deleted file mode 100644 index 796c1a13..00000000 --- a/tests/chain-rename.3 +++ /dev/null @@ -1,5 +0,0 @@ -#! nft -f - -# must succeed -rename chain filter chain1 chain3 -delete chain filter chain3 diff --git a/tests/dictionary b/tests/dictionary deleted file mode 100644 index b4e6c521..00000000 --- a/tests/dictionary +++ /dev/null @@ -1,52 +0,0 @@ -#! nft -f -# -add table ip filter -add chain ip filter output { type filter hook output priority 0 ; } - -add chain ip filter chain1 -add rule ip filter chain1 counter - -add chain ip filter chain2 -add rule ip filter chain2 counter - -# must succeed: expr { expr, ... } -add rule ip filter OUTPUT tcp dport { \ - 22, \ - 23, \ -} - -# must fail: expr { type1, type2, ... } -add rule ip filter OUTPUT tcp dport { \ - 22, \ - 192.168.0.1, \ -} - -# must succeed: expr { expr : verdict, ... } -add rule ip filter OUTPUT tcp dport vmap { \ - 22 : jump chain1, \ - 23 : jump chain2, \ -} - -# must fail: expr { expr : verdict, expr : expr, ... } -add rule ip filter OUTPUT tcp dport vmap { \ - 22 : jump chain1, \ - 23 : 0x100, \ -} - -# must fail: expr { expr : expr, ...} -add rule ip filter OUTPUT tcp dport vmap { \ - 22 : 0x100, \ - 23 : 0x200, \ -} - -# must succeed: expr MAP { expr : expr, ... } expr -add rule ip filter OUTPUT meta mark set tcp dport map { \ - 22 : 1, \ - 23 : 2, \ -} - -# must fail: expr MAP { expr : type1, expr : type2, .. } expr -add rule ip filter OUTPUT meta mark set tcp dport map { \ - 22 : 1, \ - 23 : 192.168.0.1, \ -} diff --git a/tests/error.1 b/tests/error.1 deleted file mode 100644 index bc3bf16a..00000000 --- a/tests/error.1 +++ /dev/null @@ -1,9 +0,0 @@ -#! nft -f - -# mixed syntactical and non-syntactical errors -filter { -filter input -filter input tcp -filter input tcp dport -filter input tcp dport tcp -filter input tcp dport tcp dport diff --git a/tests/error.2 b/tests/error.2 deleted file mode 100644 index 744a63d5..00000000 --- a/tests/error.2 +++ /dev/null @@ -1,18 +0,0 @@ -#! nft -f - -# mixed syntactical and non-syntactical errors in blocks -table filter { - # missing identifier - chain - - # missing chain block - chain output - - chain output { - tcp - tcp dport - tcp dport tcp - tcp dport tcp dport - tcp dport ssh - } -} diff --git a/tests/expr-concat b/tests/expr-concat deleted file mode 100644 index bb284cce..00000000 --- a/tests/expr-concat +++ /dev/null @@ -1,19 +0,0 @@ -#! nft -f - -# Concat element mismatch -add rule ip filter output ip daddr . tcp sport . tcp dport { \ - 192.168.0.1 . 22, \ - 192.168.0.1 . 80, \ -} - -# Concat type mismatch -add rule ip filter output ip daddr . tcp dport { \ - 192.168.0.1 . 192.168.0.2, \ - 192.168.0.1 . 192.168.0.3, \ -} - -# Concat expression -add rule ip filter output ip daddr . tcp dport { \ - 192.168.0.1 . 22, \ - 192.168.0.1 . 80, \ -} diff --git a/tests/expr-ct b/tests/expr-ct deleted file mode 100644 index 1dfc7ac6..00000000 --- a/tests/expr-ct +++ /dev/null @@ -1,26 +0,0 @@ -#! nft -f - -add table ip filter -add chain ip filter output { type filter hook output priority 0 ; } - -# ct: state -add rule ip filter output ct state new,established counter - -# ct: direction original/reply -add rule ip filter output ct direction original counter -add rule ip filter output ct direction reply counter - -# ct: status -add rule ip filter output ct status expected counter - -# ct: mark -add rule ip filter output ct mark 0 counter - -# ct: secmark -add rule ip filter output ct secmark 0 counter - -# ct: expiration -add rule ip filter output ct expiration 30 counter - -# ct: helper ftp -add rule ip filter output ct helper "ftp" counter diff --git a/tests/expr-meta b/tests/expr-meta deleted file mode 100644 index 360caa7d..00000000 --- a/tests/expr-meta +++ /dev/null @@ -1,40 +0,0 @@ -#! nft -f - -add table ip filter -add chain ip filter output { type filter hook output priority 0 ; } - -# meta: skb len -add rule ip filter output meta length 1000 counter - -# meta: skb protocol -add rule ip filter output meta protocol 0x0800 counter - -# meta: skb mark -add rule ip filter output meta mark 0 counter - -# meta: skb iif -add rule ip filter output meta iif lo counter - -# meta: skb iifname -add rule ip filter output meta iifname "eth0" counter - -# meta: skb oif -add rule ip filter output meta oif lo counter - -# meta: skb oifname -add rule ip filter output meta oifname "eth0" counter - -# meta: skb sk uid -add rule ip filter output meta skuid 1000 counter - -# meta: skb sk gid -add rule ip filter output meta skgid 1000 counter - -# meta: nftrace -add rule ip filter output meta nftrace 1 counter - -# meta: rtclassid (see /etc/iproute2/rt_realms) -add rule ip filter output meta rtclassid cosmos counter - -# meta: secmark -add rule ip filter output meta secmark 0 counter diff --git a/tests/family-bridge b/tests/family-bridge deleted file mode 100644 index c87c8320..00000000 --- a/tests/family-bridge +++ /dev/null @@ -1,13 +0,0 @@ -#! nft -f - -add table bridge filter -add chain bridge filter output { type filter hook output priority 0 ; } - -# LL protocol -add rule bridge filter output eth type 0x0800 counter - -# IP address -add rule bridge filter output eth type 0x0800 ip daddr 20.0.0.2 counter - -# IPv6 address -add rule bridge filter output eth type 0x86DD ip6 daddr 2001:6f8:974:3::2 counter diff --git a/tests/family-ipv4 b/tests/family-ipv4 deleted file mode 100644 index 0700e16d..00000000 --- a/tests/family-ipv4 +++ /dev/null @@ -1,14 +0,0 @@ -#! nft -f - -flush chain ip filter output -delete chain ip filter output -delete table filter - -add table ip filter -add chain ip filter output { type filter hook input priority 0; } - -# IP address -add rule ip filter output ip daddr 192.168.0.1 counter - -# TCP ports -add rule ip filter output tcp dport 22 counter diff --git a/tests/family-ipv6 b/tests/family-ipv6 deleted file mode 100644 index cfc740c1..00000000 --- a/tests/family-ipv6 +++ /dev/null @@ -1,13 +0,0 @@ -#! nft -f - -add table ip6 filter -add chain ip6 filter output { type filter hook output priority 0 ; } - -# IP address -add rule ip6 filter output ip6 daddr 2001:6f8:974::1 counter - -# Next protocol -add rule ip6 filter output ip6 nexthdr tcp - -# TCP ports -add rule ip6 filter output tcp dport 22 counter diff --git a/tests/feat-adjancent-load-merging b/tests/feat-adjancent-load-merging deleted file mode 100644 index 11771746..00000000 --- a/tests/feat-adjancent-load-merging +++ /dev/null @@ -1,13 +0,0 @@ -#! nft -f - -# adjacent payload expressions: 4 bytes in order -add rule filter output tcp sport 1024 tcp dport 22 counter - -# adjacent payload expressions: 8 bytes in order -add rule filter output ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter - -# adjacent payload expressions: 8 bytes in order -add rule filter output tcp sequence 0 tcp sport 1024 tcp dport 22 - -# adjacent payload expressions: 8 bytes in reverse order -add rule filter output tcp sport 1024 tcp dport 22 tcp sequence 0 diff --git a/tests/files/chain-rename.1 b/tests/files/chain-rename.1 new file mode 100644 index 00000000..870416ca --- /dev/null +++ b/tests/files/chain-rename.1 @@ -0,0 +1,7 @@ +#! nft -f + +# Create table and empty chains for rename test +add table filter + +add chain filter chain1 +add chain filter chain2 diff --git a/tests/files/chain-rename.2 b/tests/files/chain-rename.2 new file mode 100644 index 00000000..1250dab0 --- /dev/null +++ b/tests/files/chain-rename.2 @@ -0,0 +1,4 @@ +#! nft -f + +# must fail: already exists +rename chain filter chain1 chain2 diff --git a/tests/files/chain-rename.3 b/tests/files/chain-rename.3 new file mode 100644 index 00000000..796c1a13 --- /dev/null +++ b/tests/files/chain-rename.3 @@ -0,0 +1,5 @@ +#! nft -f + +# must succeed +rename chain filter chain1 chain3 +delete chain filter chain3 diff --git a/tests/files/dictionary b/tests/files/dictionary new file mode 100644 index 00000000..b4e6c521 --- /dev/null +++ b/tests/files/dictionary @@ -0,0 +1,52 @@ +#! nft -f +# +add table ip filter +add chain ip filter output { type filter hook output priority 0 ; } + +add chain ip filter chain1 +add rule ip filter chain1 counter + +add chain ip filter chain2 +add rule ip filter chain2 counter + +# must succeed: expr { expr, ... } +add rule ip filter OUTPUT tcp dport { \ + 22, \ + 23, \ +} + +# must fail: expr { type1, type2, ... } +add rule ip filter OUTPUT tcp dport { \ + 22, \ + 192.168.0.1, \ +} + +# must succeed: expr { expr : verdict, ... } +add rule ip filter OUTPUT tcp dport vmap { \ + 22 : jump chain1, \ + 23 : jump chain2, \ +} + +# must fail: expr { expr : verdict, expr : expr, ... } +add rule ip filter OUTPUT tcp dport vmap { \ + 22 : jump chain1, \ + 23 : 0x100, \ +} + +# must fail: expr { expr : expr, ...} +add rule ip filter OUTPUT tcp dport vmap { \ + 22 : 0x100, \ + 23 : 0x200, \ +} + +# must succeed: expr MAP { expr : expr, ... } expr +add rule ip filter OUTPUT meta mark set tcp dport map { \ + 22 : 1, \ + 23 : 2, \ +} + +# must fail: expr MAP { expr : type1, expr : type2, .. } expr +add rule ip filter OUTPUT meta mark set tcp dport map { \ + 22 : 1, \ + 23 : 192.168.0.1, \ +} diff --git a/tests/files/error.1 b/tests/files/error.1 new file mode 100644 index 00000000..bc3bf16a --- /dev/null +++ b/tests/files/error.1 @@ -0,0 +1,9 @@ +#! nft -f + +# mixed syntactical and non-syntactical errors +filter { +filter input +filter input tcp +filter input tcp dport +filter input tcp dport tcp +filter input tcp dport tcp dport diff --git a/tests/files/error.2 b/tests/files/error.2 new file mode 100644 index 00000000..744a63d5 --- /dev/null +++ b/tests/files/error.2 @@ -0,0 +1,18 @@ +#! nft -f + +# mixed syntactical and non-syntactical errors in blocks +table filter { + # missing identifier + chain + + # missing chain block + chain output + + chain output { + tcp + tcp dport + tcp dport tcp + tcp dport tcp dport + tcp dport ssh + } +} diff --git a/tests/files/expr-concat b/tests/files/expr-concat new file mode 100644 index 00000000..bb284cce --- /dev/null +++ b/tests/files/expr-concat @@ -0,0 +1,19 @@ +#! nft -f + +# Concat element mismatch +add rule ip filter output ip daddr . tcp sport . tcp dport { \ + 192.168.0.1 . 22, \ + 192.168.0.1 . 80, \ +} + +# Concat type mismatch +add rule ip filter output ip daddr . tcp dport { \ + 192.168.0.1 . 192.168.0.2, \ + 192.168.0.1 . 192.168.0.3, \ +} + +# Concat expression +add rule ip filter output ip daddr . tcp dport { \ + 192.168.0.1 . 22, \ + 192.168.0.1 . 80, \ +} diff --git a/tests/files/expr-ct b/tests/files/expr-ct new file mode 100644 index 00000000..1dfc7ac6 --- /dev/null +++ b/tests/files/expr-ct @@ -0,0 +1,26 @@ +#! nft -f + +add table ip filter +add chain ip filter output { type filter hook output priority 0 ; } + +# ct: state +add rule ip filter output ct state new,established counter + +# ct: direction original/reply +add rule ip filter output ct direction original counter +add rule ip filter output ct direction reply counter + +# ct: status +add rule ip filter output ct status expected counter + +# ct: mark +add rule ip filter output ct mark 0 counter + +# ct: secmark +add rule ip filter output ct secmark 0 counter + +# ct: expiration +add rule ip filter output ct expiration 30 counter + +# ct: helper ftp +add rule ip filter output ct helper "ftp" counter diff --git a/tests/files/expr-meta b/tests/files/expr-meta new file mode 100644 index 00000000..360caa7d --- /dev/null +++ b/tests/files/expr-meta @@ -0,0 +1,40 @@ +#! nft -f + +add table ip filter +add chain ip filter output { type filter hook output priority 0 ; } + +# meta: skb len +add rule ip filter output meta length 1000 counter + +# meta: skb protocol +add rule ip filter output meta protocol 0x0800 counter + +# meta: skb mark +add rule ip filter output meta mark 0 counter + +# meta: skb iif +add rule ip filter output meta iif lo counter + +# meta: skb iifname +add rule ip filter output meta iifname "eth0" counter + +# meta: skb oif +add rule ip filter output meta oif lo counter + +# meta: skb oifname +add rule ip filter output meta oifname "eth0" counter + +# meta: skb sk uid +add rule ip filter output meta skuid 1000 counter + +# meta: skb sk gid +add rule ip filter output meta skgid 1000 counter + +# meta: nftrace +add rule ip filter output meta nftrace 1 counter + +# meta: rtclassid (see /etc/iproute2/rt_realms) +add rule ip filter output meta rtclassid cosmos counter + +# meta: secmark +add rule ip filter output meta secmark 0 counter diff --git a/tests/files/family-bridge b/tests/files/family-bridge new file mode 100644 index 00000000..c87c8320 --- /dev/null +++ b/tests/files/family-bridge @@ -0,0 +1,13 @@ +#! nft -f + +add table bridge filter +add chain bridge filter output { type filter hook output priority 0 ; } + +# LL protocol +add rule bridge filter output eth type 0x0800 counter + +# IP address +add rule bridge filter output eth type 0x0800 ip daddr 20.0.0.2 counter + +# IPv6 address +add rule bridge filter output eth type 0x86DD ip6 daddr 2001:6f8:974:3::2 counter diff --git a/tests/files/family-ipv4 b/tests/files/family-ipv4 new file mode 100644 index 00000000..0700e16d --- /dev/null +++ b/tests/files/family-ipv4 @@ -0,0 +1,14 @@ +#! nft -f + +flush chain ip filter output +delete chain ip filter output +delete table filter + +add table ip filter +add chain ip filter output { type filter hook input priority 0; } + +# IP address +add rule ip filter output ip daddr 192.168.0.1 counter + +# TCP ports +add rule ip filter output tcp dport 22 counter diff --git a/tests/files/family-ipv6 b/tests/files/family-ipv6 new file mode 100644 index 00000000..cfc740c1 --- /dev/null +++ b/tests/files/family-ipv6 @@ -0,0 +1,13 @@ +#! nft -f + +add table ip6 filter +add chain ip6 filter output { type filter hook output priority 0 ; } + +# IP address +add rule ip6 filter output ip6 daddr 2001:6f8:974::1 counter + +# Next protocol +add rule ip6 filter output ip6 nexthdr tcp + +# TCP ports +add rule ip6 filter output tcp dport 22 counter diff --git a/tests/files/feat-adjancent-load-merging b/tests/files/feat-adjancent-load-merging new file mode 100644 index 00000000..11771746 --- /dev/null +++ b/tests/files/feat-adjancent-load-merging @@ -0,0 +1,13 @@ +#! nft -f + +# adjacent payload expressions: 4 bytes in order +add rule filter output tcp sport 1024 tcp dport 22 counter + +# adjacent payload expressions: 8 bytes in order +add rule filter output ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter + +# adjacent payload expressions: 8 bytes in order +add rule filter output tcp sequence 0 tcp sport 1024 tcp dport 22 + +# adjacent payload expressions: 8 bytes in reverse order +add rule filter output tcp sport 1024 tcp dport 22 tcp sequence 0 diff --git a/tests/files/loop-detect.1 b/tests/files/loop-detect.1 new file mode 100644 index 00000000..e55864c8 --- /dev/null +++ b/tests/files/loop-detect.1 @@ -0,0 +1,8 @@ +#! nft -f + +# Create table and empty chains for loop detection tests +add table filter + +add chain filter chain1 +add chain filter chain2 +add chain filter chain3 diff --git a/tests/files/loop-detect.2 b/tests/files/loop-detect.2 new file mode 100644 index 00000000..88a95e0b --- /dev/null +++ b/tests/files/loop-detect.2 @@ -0,0 +1,7 @@ +#! nft -f + +# Circular regular jumps: chain1 -> chain2 -> chain3 -> chain1 +flush table filter +add filter chain1 jump chain2 +add filter chain2 jump chain3 +add filter chain3 jump chain1 diff --git a/tests/files/loop-detect.3 b/tests/files/loop-detect.3 new file mode 100644 index 00000000..80f7fc5a --- /dev/null +++ b/tests/files/loop-detect.3 @@ -0,0 +1,7 @@ +#! nft -f + +# Circular jump when creating an anonymous verdict map: chain1 -> chain2 -> chain3 -> chain1 +flush table filter +add filter chain1 jump chain2 +add filter chain2 jump chain3 +add filter chain3 ip daddr vmap { 10.0.0.1 : continue, 192.168.0.1 : jump chain1 } diff --git a/tests/files/loop-detect.4 b/tests/files/loop-detect.4 new file mode 100644 index 00000000..acd9a342 --- /dev/null +++ b/tests/files/loop-detect.4 @@ -0,0 +1,7 @@ +#! nft -f + +# Circular jump with an intermediate anonymous verdict map: chain1 -> chain2 -> chain3 -> chain1 +flush table filter +add filter chain1 jump chain2 +add filter chain2 ip daddr vmap { 10.0.0.1 : continue, 192.168.0.1 : jump chain3 } +add filter chain3 jump chain1 diff --git a/tests/files/obj-chain b/tests/files/obj-chain new file mode 100644 index 00000000..2bce0268 --- /dev/null +++ b/tests/files/obj-chain @@ -0,0 +1,22 @@ +#! nft -f + +add table filter + +# chains: add and delete chain +add chain filter testchain +delete chain filter testchain + +# chains: add and delete base chain +add chain filter input { type filter hook input priority 0 ; } +delete chain filter input + +# chains: can not delete chain while referenced +add chain filter testchain +add chain filter testchain2 + +add rule filter testchain handle 1 jump testchain2 +delete chain filter testchain2 +delete rule filter testchain handle 1 + +delete chain filter testchain2 +delete chain filter testchain diff --git a/tests/files/obj-table b/tests/files/obj-table new file mode 100644 index 00000000..8b264cf5 --- /dev/null +++ b/tests/files/obj-table @@ -0,0 +1,9 @@ +#! nft -f + +# table: add and delete table +add table filter +table delete filter + +# table: deleting table with chain must fail +add chain filter output +table delete filter diff --git a/tests/files/payload-ll b/tests/files/payload-ll new file mode 100644 index 00000000..7f5660b1 --- /dev/null +++ b/tests/files/payload-ll @@ -0,0 +1,15 @@ +#! nft -f + +add table ip filter +add chain ip filter input { type filter hook input priority 0; } + +# mac source +add rule ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter + +# mac dest +add rule ip filter input @ll,0,48 00:1b:21:02:6f:ad counter + +# mac source and mac dest +add rule ip filter input @ll,0,48 00:1b:21:02:6f:ad \ + @ll,48,48 00:15:e9:f0:10:f8 \ + counter diff --git a/tests/files/prefix b/tests/files/prefix new file mode 100644 index 00000000..bada8503 --- /dev/null +++ b/tests/files/prefix @@ -0,0 +1,5 @@ +add rule filter OUTPUT meta mark 123/0x000000ff +add rule filter OUTPUT ip daddr 192.168.0.0/24 +add rule filter OUTPUT ip daddr 192.168.0.0/255.255.255.0 +add rule filter OUTPUT ip saddr . ip daddr 192.168.0.0/24 . 192.168.0.0/24 +add rule filter OUTPUT ip daddr { 192.168.0.0/24, 192.168.1.0/24} diff --git a/tests/files/set b/tests/files/set new file mode 100644 index 00000000..3c040b0a --- /dev/null +++ b/tests/files/set @@ -0,0 +1,14 @@ +#! nft -f + +add table filter +add chain filter output { type filter hook output priority 0 ; } + +# set: IP addresses +add rule filter output ip daddr { \ + 192.168.0.1, \ + 192.168.0.2, \ + 192.168.0.3, \ +} + +# set: tcp ports +add rule filter output tcp dport { 22, 23 } counter diff --git a/tests/files/stmt-log b/tests/files/stmt-log new file mode 100644 index 00000000..2ae7aae6 --- /dev/null +++ b/tests/files/stmt-log @@ -0,0 +1,6 @@ +#! nft -f + +add table ip filter +add chain ip filter output { type filter hook output priority 0; } + +add rule ip filter output log saddr "prefix" group 0 counter diff --git a/tests/files/symbolic-define.1 b/tests/files/symbolic-define.1 new file mode 100644 index 00000000..712ef715 --- /dev/null +++ b/tests/files/symbolic-define.1 @@ -0,0 +1,7 @@ +#! nft -f + +# error: variable use before definition +define var2 = $var1 +define var1 = eth0 + +filter input iif $var2 diff --git a/tests/files/symbolic-define.2 b/tests/files/symbolic-define.2 new file mode 100644 index 00000000..cd3c23c3 --- /dev/null +++ b/tests/files/symbolic-define.2 @@ -0,0 +1,7 @@ +#! nft -f + +# error: redefinition of an existing variable +define var1 = eth0 +define var1 = eth0 + +filter input iif $var1 diff --git a/tests/files/symbolic-define.3 b/tests/files/symbolic-define.3 new file mode 100644 index 00000000..ba224df7 --- /dev/null +++ b/tests/files/symbolic-define.3 @@ -0,0 +1,6 @@ +#! nft -f + +# error: recursive definition of a variable +define var1 = $var1 + +filter input iif $var1 diff --git a/tests/files/verdict-maps b/tests/files/verdict-maps new file mode 100644 index 00000000..c1630ce3 --- /dev/null +++ b/tests/files/verdict-maps @@ -0,0 +1,20 @@ +#! nft -f +# + +add table ip filter +add chain ip filter input { type filter hook input priority 0; } + +add chain ip filter chain1 +add filter chain1 counter + +add chain ip filter chain2 +add filter chain2 counter + +add chain ip filter chain3 +add filter chain3 counter + +add filter input ip saddr vmap { \ + 10.0.0.0/24 : jump chain1, \ + 10.0.0.0/8 : jump chain2, \ + 8.8.8.8 : jump chain3 \ +} diff --git a/tests/loop-detect.1 b/tests/loop-detect.1 deleted file mode 100644 index e55864c8..00000000 --- a/tests/loop-detect.1 +++ /dev/null @@ -1,8 +0,0 @@ -#! nft -f - -# Create table and empty chains for loop detection tests -add table filter - -add chain filter chain1 -add chain filter chain2 -add chain filter chain3 diff --git a/tests/loop-detect.2 b/tests/loop-detect.2 deleted file mode 100644 index 88a95e0b..00000000 --- a/tests/loop-detect.2 +++ /dev/null @@ -1,7 +0,0 @@ -#! nft -f - -# Circular regular jumps: chain1 -> chain2 -> chain3 -> chain1 -flush table filter -add filter chain1 jump chain2 -add filter chain2 jump chain3 -add filter chain3 jump chain1 diff --git a/tests/loop-detect.3 b/tests/loop-detect.3 deleted file mode 100644 index 80f7fc5a..00000000 --- a/tests/loop-detect.3 +++ /dev/null @@ -1,7 +0,0 @@ -#! nft -f - -# Circular jump when creating an anonymous verdict map: chain1 -> chain2 -> chain3 -> chain1 -flush table filter -add filter chain1 jump chain2 -add filter chain2 jump chain3 -add filter chain3 ip daddr vmap { 10.0.0.1 : continue, 192.168.0.1 : jump chain1 } diff --git a/tests/loop-detect.4 b/tests/loop-detect.4 deleted file mode 100644 index acd9a342..00000000 --- a/tests/loop-detect.4 +++ /dev/null @@ -1,7 +0,0 @@ -#! nft -f - -# Circular jump with an intermediate anonymous verdict map: chain1 -> chain2 -> chain3 -> chain1 -flush table filter -add filter chain1 jump chain2 -add filter chain2 ip daddr vmap { 10.0.0.1 : continue, 192.168.0.1 : jump chain3 } -add filter chain3 jump chain1 diff --git a/tests/obj-chain b/tests/obj-chain deleted file mode 100644 index 2bce0268..00000000 --- a/tests/obj-chain +++ /dev/null @@ -1,22 +0,0 @@ -#! nft -f - -add table filter - -# chains: add and delete chain -add chain filter testchain -delete chain filter testchain - -# chains: add and delete base chain -add chain filter input { type filter hook input priority 0 ; } -delete chain filter input - -# chains: can not delete chain while referenced -add chain filter testchain -add chain filter testchain2 - -add rule filter testchain handle 1 jump testchain2 -delete chain filter testchain2 -delete rule filter testchain handle 1 - -delete chain filter testchain2 -delete chain filter testchain diff --git a/tests/obj-table b/tests/obj-table deleted file mode 100644 index 8b264cf5..00000000 --- a/tests/obj-table +++ /dev/null @@ -1,9 +0,0 @@ -#! nft -f - -# table: add and delete table -add table filter -table delete filter - -# table: deleting table with chain must fail -add chain filter output -table delete filter diff --git a/tests/payload-ll b/tests/payload-ll deleted file mode 100644 index 7f5660b1..00000000 --- a/tests/payload-ll +++ /dev/null @@ -1,15 +0,0 @@ -#! nft -f - -add table ip filter -add chain ip filter input { type filter hook input priority 0; } - -# mac source -add rule ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter - -# mac dest -add rule ip filter input @ll,0,48 00:1b:21:02:6f:ad counter - -# mac source and mac dest -add rule ip filter input @ll,0,48 00:1b:21:02:6f:ad \ - @ll,48,48 00:15:e9:f0:10:f8 \ - counter diff --git a/tests/prefix b/tests/prefix deleted file mode 100644 index bada8503..00000000 --- a/tests/prefix +++ /dev/null @@ -1,5 +0,0 @@ -add rule filter OUTPUT meta mark 123/0x000000ff -add rule filter OUTPUT ip daddr 192.168.0.0/24 -add rule filter OUTPUT ip daddr 192.168.0.0/255.255.255.0 -add rule filter OUTPUT ip saddr . ip daddr 192.168.0.0/24 . 192.168.0.0/24 -add rule filter OUTPUT ip daddr { 192.168.0.0/24, 192.168.1.0/24} diff --git a/tests/py/README b/tests/py/README new file mode 100644 index 00000000..82d73a27 --- /dev/null +++ b/tests/py/README @@ -0,0 +1,141 @@ +Author: Ana Rey +Date: 18/Sept/2014 + +Here, the automated regression testing for nftables and some test +files. + +This script checks that the rule input and output of nft matches. +More details here below. + +A) What is this testing? + +This script tests two different paths: + +* The rule input from the command-line. This checks the different steps + from the command line to the kernel. This includes the parsing, + evaluation and netlink generation steps. + +* The output listing that is obtained from the kernel. This checks the + different steps from the kernel to the command line: The netlink + message parsing, postprocess and textify steps to display the rule + listing. + +As a final step, this script compares that the rule that is added can +be listed by nft. + +B) What options are available? + +The script offers the following options: + +* Execute test files: + +./nft-test.py # Run all test files +./nft-test.py path/file.t # Run this test file + +If there is a problem, it shows the differences between the rule that +is added and the rule that is listed by nft. + +In case you hit an error, the script doesn't keep testing for more +families. Unless you specify the --force-family option. + +* Execute broken tests: + +./nft-test.sh -e + +This runs tests for rules that need a fix: This mode runs the lines that +that start with a "-" symbol. + +* Debugging: + +./nft-test.sh -d + +This shows all the commands that the script executes, so you can watch +its internal behaviour. + +* Keep testing all families on error. + +./nft-test.sh -f + +Don't stop testing for more families in case of error. + +C) What is the structure of the test file? + +A test file contains a set of rules that are added in the system. + +Here, an example of a test file: + + *ip;test-ipv4 # line 1 + *ip6;test-ipv6 # line 2 + *inet;test-inet # line 3 + + :input;type filter hook input priority 0 # line 4 + + ah hdrlength != 11-23;ok;ah hdrlength < 11 ah hdrlength > 23 # line 5 + - tcp dport != {22-25} # line 6 + + !set1 ipv4_addr;ok # line 7 + ?set1 192.168.3.8 192.168.3.9;ok # line 8 + # This is a commented-line. # line 9 + +Line 1 defines a table. The name of the table is 'test-ip' and the +family is ip. Lines 2 and 3 defines more tables for different families +so the rules in this test file are also tested there. + +Line 4 defines the chain. The name of this chain is "input". The type is +"filter", the hook is "input" and the priority is 0. + +Line 5 defines the rule, the ";" character is used as separator of several +parts: + +* Part 1: "ah hdrlength != 11-23" is the rule to check. +* Part 2: "ok" is the result expected with the execute of this rule. +* Part 3: "ah hdrlength < 11 ah hdrlength > 23". This is the expected + output. You can leave this empty if the output is the same as the + input. + +Line 6 is a marked line. This means that this rule is tested if +'-e' is passed as argument to nft-test.py. + +Line 7 adds a new set. The name of this set is "set1" and the type +of this set is "ipv4_add". + +Line 8 adds two elements into the 'set1' set: "192.168.3.8" and +"192.168.3.9". A whitespace separates the elements of the set. + +Line 9 uses the "#" symbol that means that this line is commented out. + +D) The test folders + +The test files are divided in several directories: ip, ip6, inet, arp, +bridge and any. + + * "ip" folder contains the test files that are executed in ip and inet + table. + + * "ip6" folder contains the test files that are executed in ip6 and inet + table. + + * "inet" folder contains the test files that are executed in the ip, ip6 + and inet table. + + * "arp" folder contains the test files that are executed in the arp + table. + + * "bridge" folder: Here are the test files are executed in bridge + tables. + + * "any" folder: Here are the test files are executed in ip, ip6, inet, + arp and bridge tables. + +E) Meaning of messages: + +* A warning message means the rule input and output of nft mismatches. +* An error message means the nft-tool shows an error when we add it or + the listing is broken after the rule is added. + +F) Acknowledgements + +Thanks to the Outreach Program for Women (OPW) for sponsoring this test +infrastructure and my mentor Pablo Neira. + +-EOF- diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t new file mode 100644 index 00000000..059402e2 --- /dev/null +++ b/tests/py/any/ct.t @@ -0,0 +1,109 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet + +:output;type filter hook output priority 0 + +ct state new,established, related, untracked;ok;ct state established,related,new,untracked +ct state != related;ok +ct state {new,established, related, untracked};ok +- ct state != {new,established, related, untracked};ok +ct state invalid drop;ok +ct state established accept;ok +ct state 8;ok;ct state new +ct state xxx;fail + +ct direction original;ok +ct direction != original;ok +ct direction reply;ok +ct direction != reply;ok +ct direction {reply, original};ok +- ct direction != {reply, original};ok +ct direction xxx;fail + +ct status expected;ok +ct status != expected;ok +ct status seen-reply;ok +ct status != seen-reply;ok +ct status {expected, seen-reply, assured, confirmed, dying};ok +ct status xxx;fail + +# SYMBOL("snat", IPS_SRC_NAT) +# SYMBOL("dnat", IPS_DST_NAT) +- ct status snat;ok +- ct status dnat;ok + +ct mark 0;ok;ct mark 0x00000000 +ct mark or 0x23 == 0x11;ok;ct mark | 0x00000023 == 0x00000011 +ct mark or 0x3 != 0x1;ok;ct mark | 0x00000003 != 0x00000001 +ct mark and 0x23 == 0x11;ok;ct mark & 0x00000023 == 0x00000011 +ct mark and 0x3 != 0x1;ok;ct mark & 0x00000003 != 0x00000001 +ct mark xor 0x23 == 0x11;ok;ct mark 0x00000032 +ct mark xor 0x3 != 0x1;ok;ct mark != 0x00000002 + +ct mark 0x00000032;ok +ct mark != 0x00000032;ok +ct mark 0x00000032-0x00000045;ok +ct mark != 0x00000032-0x00000045;ok +ct mark {0x32, 0x2222, 0x42de3};ok;ct mark { 0x00042de3, 0x00002222, 0x00000032} +- ct mark != {0x32, 0x2222, 0x42de3};ok + +# ct mark != {0x32, 0x2222, 0x42de3};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +ct mark set 0x11 xor 0x1331;ok;ct mark set 0x00001320 +ct mark set 0x11333 and 0x11;ok;ct mark set 0x00000011 +ct mark set 0x12 or 0x11;ok;ct mark set 0x00000013 +ct mark set 0x11;ok;ct mark set 0x00000011 + +ct expiration 30;ok;ct expiration 30s +ct expiration 22;ok;ct expiration 22s +ct expiration != 233;ok;ct expiration != 3m53s +ct expiration 33-45;ok;ct expiration 33s-45s +ct expiration != 33-45;ok;ct expiration != 33s-45s +ct expiration {33, 55, 67, 88};ok;ct expiration { 1m7s, 33s, 55s, 1m28s} +- ct expiration != {33, 55, 67, 88};ok;ct expiration { 1m7s, 33s, 55s, 1m28s} +ct expiration {33-55};ok;ct expiration { 33s-55s} +# BUG: ct expiration {33-55} +# Broken output: ct expiration { "4271d23h25m52s"-"8738d3h11m59s" } +- ct expiration != {33-55};ok + +ct helper "ftp";ok +ct helper "12345678901234567";fail + +# BUG: ct l3proto "Layer 3 protocol of the connection" +# nft add rule ip test input ct l3proto arp +# :1:35-37: Error: Can t parse symbolic invalid expressions + + +# If table is ip6 or inet or bridge family,, It is failed. I can not test it +# ct saddr 1.2.3.4;ok + +# BUG: ct saddr 192.168.3.4 +# :1:1-43: Error: Could not process rule: Invalid argument +# add rule ip test input ct saddr 192.168.3.4 +# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +- ct saddr 192.168.3.4;ok +- ct daddr 192.168.3.4;ok + +# BUG: ct protocol tcp +# :1:1-37: Error: Could not process rule: Invalid argument +# input ct protocol bgp :1:36-38: Error: Could not resolve protocol name +# ct protocol tcp;ok +- ct protocol tcp;ok + +- ct proto-src udp;ok +- ct proto-dst udp;ok +# BUG: ct proto-src udp and ct proto-dst udp +# :1:37-39: Error: datatype mismatch, expected invalid, expression has type Internet protocol +# add rule ip test input ct proto-src udp +# ~~~~~~~~~~~~ ^^^ +# :1:37-39: Error: datatype mismatch, expected invalid, expression has type Internet protocol +# add rule ip test input ct proto-dst udp +# ~~~~~~~~~~~~ ^^^ + +ct state . ct mark { new . 0x12345678};ok +ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634};ok +ct direction . ct mark { original . 0x12345678};ok +ct state . ct mark vmap { new . 0x12345678 : drop};ok diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload new file mode 100644 index 00000000..2bebaccd --- /dev/null +++ b/tests/py/any/ct.t.payload @@ -0,0 +1,275 @@ +# ct state new,established, related, untracked +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000004e ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct state != related +ip test-ip4 output + [ ct load state => reg 1 ] + [ cmp neq reg 1 0x00000004 ] + +# ct state {new,established, related, untracked} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000008 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000040 : 0 [end] +ip test-ip4 output + [ ct load state => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct state invalid drop +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ immediate reg 0 drop ] + +# ct state established accept +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ immediate reg 0 accept ] + +# ct state 8 +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000008 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct direction original +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# ct direction != original +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# ct direction reply +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# ct direction != reply +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# ct direction {reply, original} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000000 : 0 [end] +ip test-ip4 output + [ ct load direction => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct status expected +ip test-ip4 output + [ ct load status => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct status != expected +ip test-ip4 output + [ ct load status => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# ct status seen-reply +ip test-ip4 output + [ ct load status => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct status != seen-reply +ip test-ip4 output + [ ct load status => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# ct status {expected, seen-reply, assured, confirmed, dying} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000200 : 0 [end] +ip test-ip4 output + [ ct load status => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct mark 0 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# ct mark or 0x23 == 0x11 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xffffffdc ) ^ 0x00000023 ] + [ cmp eq reg 1 0x00000011 ] + +# ct mark or 0x3 != 0x1 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ cmp neq reg 1 0x00000001 ] + +# ct mark and 0x23 == 0x11 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000023 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000011 ] + +# ct mark and 0x3 != 0x1 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000001 ] + +# ct mark xor 0x23 == 0x11 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ct mark xor 0x3 != 0x1 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# ct mark 0x00000032 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ct mark != 0x00000032 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# ct mark 0x00000032-0x00000045 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x32000000 ] + [ cmp lte reg 1 0x45000000 ] + +# ct mark != 0x00000032-0x00000045 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x32000000 ] + [ cmp gt reg 1 0x45000000 ] + +# ct mark {0x32, 0x2222, 0x42de3} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000032 : 0 [end] element 00002222 : 0 [end] element 00042de3 : 0 [end] +ip test-ip4 output + [ ct load mark => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct mark set 0x11 xor 0x1331 +ip test-ip4 output + [ immediate reg 1 0x00001320 ] + [ ct set mark with reg 1 ] + +# ct mark set 0x11333 and 0x11 +ip test-ip4 output + [ immediate reg 1 0x00000011 ] + [ ct set mark with reg 1 ] + +# ct mark set 0x12 or 0x11 +ip test-ip4 output + [ immediate reg 1 0x00000013 ] + [ ct set mark with reg 1 ] + +# ct mark set 0x11 +ip test-ip4 output + [ immediate reg 1 0x00000011 ] + [ ct set mark with reg 1 ] + +# ct expiration 30 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ cmp eq reg 1 0x0000001e ] + +# ct expiration 22 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# ct expiration != 233 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# ct expiration 33-45 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# ct expiration != 33-45 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# ct expiration {33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct expiration {33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + +# ct helper "ftp" +ip test-ip4 output + [ ct load helper => reg 1 ] + [ cmp eq reg 1 0x00707466 0x00000000 0x00000000 0x00000000 ] + +# ct state . ct mark { new . 0x12345678} +set%d test 3 +set%d test 0 + element 00000008 12345678 : 0 [end] +ip test-ip4 output + [ ct load state => reg 1 ] + [ ct load mark => reg 9 ] + [ lookup reg 1 set set%d ] + +# ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000008 12345678 : 0 [end] element 00000008 34127856 : 0 [end] element 00000002 12785634 : 0 [end] +ip test-ip4 output + [ ct load state => reg 1 ] + [ ct load mark => reg 9 ] + [ lookup reg 1 set set%d ] + +# ct direction . ct mark { original . 0x12345678} +set%d test 3 +set%d test 0 + element 00000000 12345678 : 0 [end] +ip test-ip4 output + [ ct load direction => reg 1 ] + [ ct load mark => reg 9 ] + [ lookup reg 1 set set%d ] + +# ct state . ct mark vmap { new . 0x12345678 : drop} +map%d test-ip4 b +map%d test-ip4 0 + element 00000008 12345678 : 0 [end] +ip test-ip4 output + [ ct load state => reg 1 ] + [ ct load mark => reg 9 ] + [ lookup reg 1 set map%d dreg 0 ] + diff --git a/tests/py/any/frag.t b/tests/py/any/frag.t new file mode 100644 index 00000000..d61a3d4f --- /dev/null +++ b/tests/py/any/frag.t @@ -0,0 +1,64 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +*arp;test-arp +*bridge;test-bridge +:output;type filter hook output priority 0 + +frag nexthdr tcp;ok;frag nexthdr 6 +frag nexthdr != icmp;ok;frag nexthdr != 1 +frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok;frag nexthdr { 51, 136, 132, 6, 108, 50, 17, 33} +- frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok +frag nexthdr esp;ok;frag nexthdr 50 +frag nexthdr ah;ok;frag nexthdr 51 + +frag reserved 22;ok +frag reserved != 233;ok +frag reserved 33-45;ok +frag reserved != 33-45;ok +frag reserved { 33, 55, 67, 88};ok +- frag reserved != { 33, 55, 67, 88};ok +frag reserved { 33-55};ok +- frag reserved != { 33-55};ok + +# BUG: frag frag-off 22 and frag frag-off { 33-55} +# This breaks table listing: "netlink: Error: Relational expression size mismatch" + +- frag frag-off 22;ok +- frag frag-off != 233;ok +- frag frag-off 33-45;ok +- frag frag-off != 33-45;ok +- frag frag-off { 33, 55, 67, 88};ok +- frag frag-off != { 33, 55, 67, 88};ok +- frag frag-off { 33-55};ok +- frag frag-off != { 33-55};ok + +# BUG frag reserved2 33 and frag reserved2 1 +# $ sudo nft add rule ip test input frag reserved2 33 +# :1:39-40: Error: Value 33 exceeds valid range 0-3 +# add rule ip test input frag reserved2 33 +# ^^ +# sudo nft add rule ip test input frag reserved2 1 +# :1:1-39: Error: Could not process rule: Invalid argument +# add rule ip test input frag reserved2 1 +# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +# BUG more-fragments 1 and frag more-fragments 4 +# frag more-fragments 1 +# :1:1-44: Error: Could not process rule: Invalid argument +# add rule ip test input frag more-fragments 1 +# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +# $ sudo nft add rule ip test input frag more-fragments 4 +# :1:44-44: Error: Value 4 exceeds valid range 0-1 +# add rule ip test input frag more-fragments 4 +# ^ + +frag id 1;ok +frag id 22;ok +frag id != 33;ok +frag id 33-45;ok +frag id != 33-45;ok +frag id { 33, 55, 67, 88};ok +- frag id != { 33, 55, 67, 88};ok +frag id { 33-55};ok +- frag id != { 33-55};ok diff --git a/tests/py/any/frag.t.payload b/tests/py/any/frag.t.payload new file mode 100644 index 00000000..a91ab3fa --- /dev/null +++ b/tests/py/any/frag.t.payload @@ -0,0 +1,109 @@ +# frag nexthdr tcp +ip test-ip4 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + +# frag nexthdr != icmp +ip test-ip4 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +ip test-ip4 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag nexthdr esp +ip test-ip4 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# frag nexthdr ah +ip test-ip4 output + [ exthdr load 1b @ 44 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + +# frag reserved 22 +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# frag reserved != 233 +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# frag reserved 33-45 +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# frag reserved != 33-45 +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# frag reserved { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag reserved { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 output + [ exthdr load 1b @ 44 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag id 1 +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp eq reg 1 0x01000000 ] + +# frag id 22 +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# frag id != 33 +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp neq reg 1 0x21000000 ] + +# frag id 33-45 +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# frag id != 33-45 +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# frag id { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# frag id { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 output + [ exthdr load 4b @ 44 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/any/limit.t b/tests/py/any/limit.t new file mode 100644 index 00000000..96ffe609 --- /dev/null +++ b/tests/py/any/limit.t @@ -0,0 +1,25 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +*arp;test-arp +*bridge;test-bridge +:output;type filter hook output priority 0 + +limit rate 400/minute;ok +limit rate 20/second;ok +limit rate 400/hour;ok +limit rate 40/day;ok +limit rate 400/week;ok +limit rate 1023/second burst 10 packets;ok + +limit rate 1 kbytes/second;ok +limit rate 2 kbytes/second;ok +limit rate 1025 kbytes/second;ok +limit rate 1023 mbytes/second;ok +limit rate 10230 mbytes/second;ok +limit rate 1023000 mbytes/second;ok + +limit rate 1025 bytes/second burst 512 bytes;ok +limit rate 1025 kbytes/second burst 1023 kbytes;ok +limit rate 1025 mbytes/second burst 1025 kbytes;ok +limit rate 1025000 mbytes/second burst 1023 mbytes;ok diff --git a/tests/py/any/limit.t.payload b/tests/py/any/limit.t.payload new file mode 100644 index 00000000..a3c87d84 --- /dev/null +++ b/tests/py/any/limit.t.payload @@ -0,0 +1,64 @@ +# limit rate 400/minute +ip test-ip4 output + [ limit rate 400/minute burst 0 type packets ] + +# limit rate 20/second +ip test-ip4 output + [ limit rate 20/second burst 0 type packets ] + +# limit rate 400/hour +ip test-ip4 output + [ limit rate 400/hour burst 0 type packets ] + +# limit rate 400/week +ip test-ip4 output + [ limit rate 400/week burst 0 type packets ] + +# limit rate 40/day +ip test-ip4 output + [ limit rate 40/day burst 0 type packets ] + +# limit rate 1023/second burst 10 packets +ip test-ip4 output + [ limit rate 1023/second burst 10 type packets ] + +# limit rate 1 kbytes/second +ip test-ip4 output + [ limit rate 1024/second burst 0 type bytes ] + +# limit rate 2 kbytes/second +ip test-ip4 output + [ limit rate 2048/second burst 0 type bytes ] + +# limit rate 1025 kbytes/second +ip test-ip4 output + [ limit rate 1049600/second burst 0 type bytes ] + +# limit rate 1023 mbytes/second +ip test-ip4 output + [ limit rate 1072693248/second burst 0 type bytes ] + +# limit rate 10230 mbytes/second +ip test-ip4 output + [ limit rate 10726932480/second burst 0 type bytes ] + +# limit rate 1023000 mbytes/second +ip test-ip4 output + [ limit rate 1072693248000/second burst 0 type bytes ] + +# limit rate 1025 bytes/second burst 512 bytes +ip test-ip4 output + [ limit rate 1025/second burst 512 type bytes ] + +# limit rate 1025 kbytes/second burst 1023 kbytes +ip test-ip4 output + [ limit rate 1049600/second burst 1047552 type bytes ] + +# limit rate 1025 mbytes/second burst 1025 kbytes +ip test-ip4 output + [ limit rate 1074790400/second burst 1049600 type bytes ] + +# limit rate 1025000 mbytes/second burst 1023 mbytes +ip test-ip4 output + [ limit rate 1074790400000/second burst 1072693248 type bytes ] + diff --git a/tests/py/any/log.t b/tests/py/any/log.t new file mode 100644 index 00000000..0eed5807 --- /dev/null +++ b/tests/py/any/log.t @@ -0,0 +1,26 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +*arp;test-arp +*bridge;test-bridge +:output;type filter hook output priority 0 + +log;ok +log level emerg;ok +log level alert;ok +log level crit;ok +log level err;ok +log level warn;ok;log +log level notice;ok +log level info;ok +log level debug;ok + +log level emerg group 2;fail +log level alert group 2 prefix "log test2";fail + +log prefix aaaaa-aaaaaa group 2 snaplen 33;ok;log prefix "aaaaa-aaaaaa" group 2 snaplen 33 +# TODO: Add an exception: 'queue-threshold' attribute needs 'group' attribute +# The correct rule is log group 2 queue-threshold 2 +log group 2 queue-threshold 2;ok +log group 2 snaplen 33;ok +log group 2 prefix \"nft-test: \";ok;log prefix "nft-test: " group 2 diff --git a/tests/py/any/log.t.payload b/tests/py/any/log.t.payload new file mode 100644 index 00000000..689668b6 --- /dev/null +++ b/tests/py/any/log.t.payload @@ -0,0 +1,52 @@ +# log +ip test-ip4 output + [ log prefix (null) ] + +# log level emerg +ip test-ip4 output + [ log prefix (null) level 0 flags 0] + +# log level alert +ip test-ip4 output + [ log prefix (null) level 1 flags 0] + +# log level crit +ip test-ip4 output + [ log prefix (null) level 2 flags 0] + +# log level err +ip test-ip4 output + [ log prefix (null) level 3 flags 0] + +# log level warn +ip test-ip4 output + [ log prefix (null) level 4 flags 0] + +# log level notice +ip test-ip4 output + [ log prefix (null) level 5 flags 0] + +# log level info +ip test-ip4 output + [ log prefix (null) level 6 flags 0] + +# log level debug +ip test-ip4 output + [ log prefix (null) level 7 flags 0] + +# log prefix aaaaa-aaaaaa group 2 snaplen 33 +ip test-ip4 output + [ log prefix aaaaa-aaaaaa group 2 snaplen 33 qthreshold 0] + +# log group 2 queue-threshold 2 +ip test-ip4 output + [ log prefix (null) group 2 snaplen 0 qthreshold 2] + +# log group 2 snaplen 33 +ip test-ip4 output + [ log prefix (null) group 2 snaplen 33 qthreshold 0] + +# log group 2 prefix \"nft-test: \" +ip test-ip4 output + [ log prefix nft-test: group 2 snaplen 0 qthreshold 0] + diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t new file mode 100644 index 00000000..c03e7f4e --- /dev/null +++ b/tests/py/any/meta.t @@ -0,0 +1,197 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +*arp;test-arp +*bridge;test-bridge + +:input;type filter hook input priority 0 + +meta length 1000;ok +meta length 22;ok +meta length != 233;ok +meta length 33-45;ok +meta length != 33-45;ok +meta length { 33, 55, 67, 88};ok +- meta length != { 33, 55, 67, 88};ok +meta length { 33-55};ok +- meta length != { 33-55};ok + +meta protocol { ip, arp, ip6, vlan };ok;meta protocol { ip6, ip, vlan, arp} +- meta protocol != {ip, arp, ip6, vlan};ok +meta protocol ip;ok +meta protocol != ip;ok + +meta nfproto ipv4;ok +meta nfproto ipv6;ok +meta nfproto {ipv4, ipv6};ok + +meta l4proto 22;ok +meta l4proto != 233;ok +meta l4proto 33-45;ok +meta l4proto != 33-45;ok +meta l4proto { 33, 55, 67, 88};ok;meta l4proto { 33, 55, 67, 88} +- meta l4proto != { 33, 55, 67, 88};ok +meta l4proto { 33-55};ok +- meta l4proto != { 33-55};ok + +- meta priority :aabb;ok +- meta priority bcad:dadc;ok +- meta priority aabb:;ok +- meta priority != :aabb;ok +- meta priority != bcad:dadc;ok +- meta priority != aabb:;ok +- meta priority bcad:dada-bcad:dadc;ok +- meta priority != bcad:dada-bcad:dadc;ok +- meta priority {bcad:dada, bcad:dadc, aaaa:bbbb};ok +- meta priority != {bcad:dada, bcad:dadc, aaaa:bbbb};ok + +meta mark 0x4;ok;mark 0x00000004 +meta mark 0x32;ok;mark 0x00000032 +meta mark and 0x03 == 0x01;ok;mark & 0x00000003 == 0x00000001 +meta mark and 0x03 != 0x01;ok;mark & 0x00000003 != 0x00000001 +meta mark 0x10;ok;mark 0x00000010 +meta mark != 0x10;ok;mark != 0x00000010 + +meta mark or 0x03 == 0x01;ok;mark | 0x00000003 == 0x00000001 +meta mark or 0x03 != 0x01;ok;mark | 0x00000003 != 0x00000001 +meta mark xor 0x03 == 0x01;ok;mark 0x00000002 +meta mark xor 0x03 != 0x01;ok;mark != 0x00000002 + +meta iif eth0 accept;ok;iif eth0 accept +meta iif eth0 accept;ok;iif eth0 accept +meta iif != eth0 accept;ok;iif != eth0 accept +meta iif != eth0 accept;ok;iif != eth0 accept + +meta iifname "eth0";ok;iifname "eth0" +meta iifname != "eth0";ok;iifname != "eth0" +meta iifname {"eth0", "lo"};ok +- meta iifname != {"eth0", "lo"};ok +meta iifname "eth*";ok;iifname "eth*" +meta iifname "eth\*";ok;iifname "eth\*" + +meta iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok +- meta iiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok +meta iiftype != ether;ok;iiftype != ether +meta iiftype ether;ok;iiftype ether +meta iiftype != ppp;ok;iiftype != ppp +meta iiftype ppp;ok;iiftype ppp + +meta oif lo accept;ok;oif lo accept +meta oif != lo accept;ok;oif != lo accept +meta oif {eth0, lo} accept;ok +- meta oif != {eth0, lo} accept;ok + +meta oifname "eth0";ok;oifname "eth0" +meta oifname != "eth0";ok;oifname != "eth0" +meta oifname { "eth0", "lo"};ok +- meta iifname != {"eth0", "lo"};ok +meta oifname "eth*";ok;oifname "eth*" +meta oifname "eth\*";ok;oifname "eth\*" + +meta oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok +- meta oiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok +meta oiftype != ether;ok;oiftype != ether +meta oiftype ether;ok;oiftype ether + +meta skuid {bin, root, daemon} accept;ok;skuid { 0, 1, 2} accept +- meta skuid != {bin, root, daemon} accept;ok +meta skuid root;ok;skuid 0 +meta skuid != root;ok;skuid != 0 +meta skuid lt 3000 accept;ok;skuid < 3000 accept +meta skuid gt 3000 accept;ok;skuid > 3000 accept +meta skuid eq 3000 accept;ok;skuid 3000 accept +meta skuid 3001-3005 accept;ok;skuid 3001-3005 accept +meta skuid != 2001-2005 accept;ok;skuid != 2001-2005 accept +meta skuid { 2001-2005} accept;ok;skuid { 2001-2005} accept +- meta skuid != { 2001-2005} accept;ok + +meta skgid {bin, root, daemon} accept;ok;skgid { 0, 1, 2} accept +- meta skgid != {bin, root, daemon} accept;ok +meta skgid root;ok;skgid 0 +meta skgid != root;ok;skgid != 0 +meta skgid lt 3000 accept;ok;skgid < 3000 accept +meta skgid gt 3000 accept;ok;skgid > 3000 accept +meta skgid eq 3000 accept;ok;skgid 3000 accept +meta skgid 2001-2005 accept;ok;skgid 2001-2005 accept +meta skgid != 2001-2005 accept;ok;skgid != 2001-2005 accept +meta skgid { 2001-2005} accept;ok;skgid { 2001-2005} accept +- meta skgid != { 2001-2005} accept;ok;skgid != { 2001-2005} accept + +# BUG: meta nftrace 2 and meta nftrace 1 +# $ sudo nft add rule ip test input meta nftrace 2 +# :1:37-37: Error: Value 2 exceeds valid range 0-1 +# add rule ip test input meta nftrace 2 +# ^ +# $ sudo nft add rule ip test input meta nftrace 1 +# :1:1-37: Error: Could not process rule: Operation not supported +# add rule ip test input meta nftrace 1 +# -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +meta mark set 0xffffffc8 xor 0x16;ok;mark set 0xffffffde +meta mark set 0x16 and 0x16;ok;mark set 0x00000016 +meta mark set 0xffffffe9 or 0x16;ok;mark set 0xffffffff +meta mark set 0xffffffde and 0x16;ok;mark set 0x00000016 +meta mark set 0xf045ffde or 0x10;ok;mark set 0xf045ffde +meta mark set 0xffffffde or 0x16;ok;mark set 0xffffffde +meta mark set 0x32 or 0xfffff;ok;mark set 0x000fffff +meta mark set 0xfffe xor 0x16;ok;mark set 0x0000ffe8 + +meta iif lo;ok;iif lo +meta oif lo;ok;oif lo +meta oifname "eth2" accept;ok;oifname "eth2" accept +meta skuid 3000;ok;skuid 3000 +meta skgid 3000;ok;skgid 3000 +# BUG: meta nftrace 1;ok +# :1:1-37: Error: Could not process rule: Operation not supported +- meta nftrace 1;ok +meta rtclassid cosmos;ok;rtclassid cosmos + +meta pkttype broadcast;ok;pkttype broadcast +meta pkttype unicast;ok;pkttype unicast +meta pkttype multicast;ok;pkttype multicast +meta pkttype != broadcast;ok;pkttype != broadcast +meta pkttype != unicast;ok;pkttype != unicast +meta pkttype != multicast;ok;pkttype != multicast +meta pkttype broadcastttt;fail +meta pkttype { broadcast, multicast} accept;ok + +meta cpu 1;ok;cpu 1 +meta cpu != 1;ok;cpu != 1 +meta cpu 1-3;ok;cpu 1-3 +meta cpu != 1-2;ok;cpu != 1-2 +meta cpu { 2,3};ok;cpu { 2,3} +-meta cpu != { 2,3};ok; cpu != { 2,3} + +meta iifgroup 0;ok;iifgroup default +meta iifgroup != 0;ok;iifgroup != default +meta iifgroup default;ok;iifgroup default +meta iifgroup != default;ok;iifgroup != default +meta iifgroup {default};ok;iifgroup {default} +- meta iifgroup != {default};ok +meta iifgroup { 11,33};ok +meta iifgroup {11-33};ok +- meta iifgroup != {11,33};ok +- meta iifgroup != {11-33};ok +meta oifgroup 0;ok;oifgroup default +meta oifgroup != 0;ok;oifgroup != default +meta oifgroup default;ok;oifgroup default +meta oifgroup != default;ok;oifgroup != default +meta oifgroup {default};ok;oifgroup {default} +- meta oifgroup != {default};ok +meta oifgroup { 11,33};ok +meta oifgroup {11-33};ok +- meta oifgroup != {11,33};ok +- meta oifgroup != {11-33};ok + +meta cgroup 1048577;ok;cgroup 1048577 +meta cgroup != 1048577;ok;cgroup != 1048577 +meta cgroup { 1048577, 1048578 };ok;cgroup { 1048577, 1048578} +# meta cgroup != { 1048577, 1048578};ok;cgroup != { 1048577, 1048578} +meta cgroup 1048577-1048578;ok;cgroup 1048577-1048578 +meta cgroup != 1048577-1048578;ok;cgroup != 1048577-1048578 +meta cgroup {1048577-1048578};ok;cgroup { 1048577-1048578} +# meta cgroup != { 1048577-1048578};ok;cgroup != { 1048577-1048578} + +meta iif . meta oif { lo . eth0 };ok +meta iif . meta oif . meta mark { lo . eth0 . 0x0000000a };ok +meta iif . meta oif vmap { lo . eth0 : drop };ok diff --git a/tests/py/any/meta.t.payload b/tests/py/any/meta.t.payload new file mode 100644 index 00000000..9f7a6d99 --- /dev/null +++ b/tests/py/any/meta.t.payload @@ -0,0 +1,756 @@ +# meta length 1000 +ip test-ip4 input + [ meta load len => reg 1 ] + [ cmp eq reg 1 0x000003e8 ] + +# meta length 22 +ip test-ip4 input + [ meta load len => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# meta length != 233 +ip test-ip4 input + [ meta load len => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# meta length 33-45 +ip test-ip4 input + [ meta load len => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# meta length != 33-45 +ip test-ip4 input + [ meta load len => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# meta length { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip test-ip4 input + [ meta load len => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta length { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ meta load len => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + +# meta protocol { ip, arp, ip6, vlan } +set%d test-ip4 3 +set%d test-ip4 0 + element 00000008 : 0 [end] element 00000608 : 0 [end] element 0000dd86 : 0 [end] element 00000081 : 0 [end] +ip test-ip4 input + [ meta load protocol => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta protocol ip +ip test-ip4 input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + +# meta protocol != ip +ip test-ip4 input + [ meta load protocol => reg 1 ] + [ cmp neq reg 1 0x00000008 ] + +# meta nfproto ipv4 +ip test-ip4 input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + +# meta nfproto ipv6 +ip test-ip4 input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + +# meta nfproto {ipv4, ipv6} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000002 : 0 [end] element 0000000a : 0 [end] +ip test-ip4 input + [ meta load nfproto => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta l4proto 22 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# meta l4proto != 233 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# meta l4proto 33-45 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 2, 1) ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# meta l4proto != 33-45 +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 2, 1) ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# meta l4proto { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta l4proto { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 2, 1) ] + [ lookup reg 1 set set%d ] + +# meta mark 0x4 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + +# meta mark 0x32 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# meta mark and 0x03 == 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000001 ] + +# meta mark and 0x03 != 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000001 ] + +# meta mark 0x10 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x00000010 ] + +# meta mark != 0x10 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp neq reg 1 0x00000010 ] + +# meta mark or 0x03 == 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ cmp eq reg 1 0x00000001 ] + +# meta mark or 0x03 != 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ cmp neq reg 1 0x00000001 ] + +# meta mark xor 0x03 == 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + +# meta mark xor 0x03 != 0x01 +ip test-ip4 input + [ meta load mark => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# meta iif eth0 accept +ip test-ip4 input + [ meta load iif => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# meta iif eth0 accept +ip test-ip4 input + [ meta load iif => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# meta iif != eth0 accept +ip test-ip4 input + [ meta load iif => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# meta iif != eth0 accept +ip test-ip4 input + [ meta load iif => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# meta iifname "eth0" +ip test-ip4 input + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + +# meta iifname != "eth0" +ip test-ip4 input + [ meta load iifname => reg 1 ] + [ cmp neq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + +# meta iifname {"eth0", "lo"} +set%d test-ip4 3 +set%d test-ip4 0 + element 30687465 00000000 00000000 00000000 : 0 [end] element 00006f6c 00000000 00000000 00000000 : 0 [end] +ip test-ip4 input + [ meta load iifname => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta iifname "eth*" +ip test-ip4 input + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x00687465 ] + +# meta iifname "eth\*" +ip test-ip4 input + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x2a687465 0x00000000 0x00000000 0x00000000 ] + +# meta iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000301 : 0 [end] element 00000304 : 0 [end] element 00000308 : 0 [end] element 0000030a : 0 [end] +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta iiftype != ether +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# meta iiftype ether +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta iiftype != ppp +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp neq reg 1 0x00000200 ] + +# meta iiftype ppp +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000200 ] + +# meta oif lo accept +ip test-ip4 input + [ meta load oif => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + +# meta oif != lo accept +ip test-ip4 input + [ meta load oif => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + +# meta oif {eth0, lo} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000002 : 0 [end] element 00000001 : 0 [end] +ip test-ip4 input + [ meta load oif => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta oifname "eth0" +ip test-ip4 input + [ meta load oifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + +# meta oifname != "eth0" +ip test-ip4 input + [ meta load oifname => reg 1 ] + [ cmp neq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + +# meta oifname { "eth0", "lo"} +set%d test-ip4 3 +set%d test-ip4 0 + element 30687465 00000000 00000000 00000000 : 0 [end] element 00006f6c 00000000 00000000 00000000 : 0 [end] +ip test-ip4 input + [ meta load oifname => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta oifname "eth*" +ip test-ip4 input + [ meta load oifname => reg 1 ] + [ cmp eq reg 1 0x00687465 ] + +# meta oifname "eth\*" +ip test-ip4 input + [ meta load oifname => reg 1 ] + [ cmp eq reg 1 0x2a687465 0x00000000 0x00000000 0x00000000 ] + +# meta oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000301 : 0 [end] element 00000304 : 0 [end] element 00000308 : 0 [end] element 0000030a : 0 [end] +ip test-ip4 input + [ meta load oiftype => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta oiftype != ether +ip test-ip4 input + [ meta load oiftype => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# meta oiftype ether +ip test-ip4 input + [ meta load oiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta skuid {bin, root, daemon} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000000 : 0 [end] element 00000002 : 0 [end] +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta skuid root +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta skuid != root +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta skuid lt 3000 accept +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0xb80b0000 ] + [ immediate reg 0 accept ] + +# meta skuid gt 3000 accept +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gt reg 1 0xb80b0000 ] + [ immediate reg 0 accept ] + +# meta skuid eq 3000 accept +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ cmp eq reg 1 0x00000bb8 ] + [ immediate reg 0 accept ] + +# meta skuid 3001-3005 accept +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0xb90b0000 ] + [ cmp lte reg 1 0xbd0b0000 ] + [ immediate reg 0 accept ] + +# meta skuid != 2001-2005 accept +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0xd1070000 ] + [ cmp gt reg 1 0xd5070000 ] + [ immediate reg 0 accept ] + +# meta skuid { 2001-2005} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta skgid {bin, root, daemon} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000000 : 0 [end] element 00000002 : 0 [end] +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta skgid root +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta skgid != root +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta skgid lt 3000 accept +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0xb80b0000 ] + [ immediate reg 0 accept ] + +# meta skgid gt 3000 accept +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gt reg 1 0xb80b0000 ] + [ immediate reg 0 accept ] + +# meta skgid eq 3000 accept +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ cmp eq reg 1 0x00000bb8 ] + [ immediate reg 0 accept ] + +# meta skgid 2001-2005 accept +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0xd1070000 ] + [ cmp lte reg 1 0xd5070000 ] + [ immediate reg 0 accept ] + +# meta skgid != 2001-2005 accept +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0xd1070000 ] + [ cmp gt reg 1 0xd5070000 ] + [ immediate reg 0 accept ] + +# meta skgid { 2001-2005} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta mark set 0xffffffc8 xor 0x16 +ip test-ip4 input + [ immediate reg 1 0xffffffde ] + [ meta set mark with reg 1 ] + +# meta mark set 0x16 and 0x16 +ip test-ip4 input + [ immediate reg 1 0x00000016 ] + [ meta set mark with reg 1 ] + +# meta mark set 0xffffffe9 or 0x16 +ip test-ip4 input + [ immediate reg 1 0xffffffff ] + [ meta set mark with reg 1 ] + +# meta mark set 0xffffffde and 0x16 +ip test-ip4 input + [ immediate reg 1 0x00000016 ] + [ meta set mark with reg 1 ] + +# meta mark set 0xf045ffde or 0x10 +ip test-ip4 input + [ immediate reg 1 0xf045ffde ] + [ meta set mark with reg 1 ] + +# meta mark set 0xffffffde or 0x16 +ip test-ip4 input + [ immediate reg 1 0xffffffde ] + [ meta set mark with reg 1 ] + +# meta mark set 0x32 or 0xfffff +ip test-ip4 input + [ immediate reg 1 0x000fffff ] + [ meta set mark with reg 1 ] + +# meta mark set 0xfffe xor 0x16 +ip test-ip4 input + [ immediate reg 1 0x0000ffe8 ] + [ meta set mark with reg 1 ] + +# meta iif lo +ip test-ip4 input + [ meta load iif => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta oif lo +ip test-ip4 input + [ meta load oif => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta oifname "eth2" accept +ip test-ip4 input + [ meta load oifname => reg 1 ] + [ cmp eq reg 1 0x32687465 0x00000000 0x00000000 0x00000000 ] + [ immediate reg 0 accept ] + +# meta skuid 3000 +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ cmp eq reg 1 0x00000bb8 ] + +# meta skgid 3000 +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ cmp eq reg 1 0x00000bb8 ] + +# meta rtclassid cosmos +ip test-ip4 input + [ meta load rtclassid => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta pkttype broadcast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta pkttype unicast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta pkttype multicast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + +# meta pkttype != broadcast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# meta pkttype != unicast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta pkttype != multicast +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# meta pkttype { broadcast, multicast} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] +ip test-ip4 input + [ meta load pkttype => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# meta cpu 1 +ip test-ip4 input + [ meta load cpu => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# meta cpu != 1 +ip test-ip4 input + [ meta load cpu => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# meta cpu 1-3 +ip test-ip4 input + [ meta load cpu => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x01000000 ] + [ cmp lte reg 1 0x03000000 ] + +# meta cpu != 1-2 +ip test-ip4 input + [ meta load cpu => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x01000000 ] + [ cmp gt reg 1 0x02000000 ] + +# meta cpu { 2,3} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000002 : 0 [end] element 00000003 : 0 [end] +ip test-ip4 input + [ meta load cpu => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta iifgroup 0 +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta iifgroup != 0 +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta iifgroup default +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta iifgroup != default +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta iifgroup {default} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000000 : 0 [end] +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta iifgroup { 11,33} +set%d test-ip4 3 +set%d test-ip4 0 + element 0000000b : 0 [end] element 00000021 : 0 [end] +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta iifgroup {11-33} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 0b000000 : 0 [end] element 22000000 : 1 [end] +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + +# meta oifgroup 0 +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta oifgroup != 0 +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta oifgroup default +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# meta oifgroup != default +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# meta oifgroup {default} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000000 : 0 [end] +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta oifgroup { 11,33} +set%d test-ip4 3 +set%d test-ip4 0 + element 0000000b : 0 [end] element 00000021 : 0 [end] +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta oifgroup {11-33} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 0b000000 : 0 [end] element 22000000 : 1 [end] +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + +# meta cgroup 1048577 +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ cmp eq reg 1 0x00100001 ] + +# meta cgroup != 1048577 +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ cmp neq reg 1 0x00100001 ] + +# meta cgroup { 1048577, 1048578 } +set%d test-ip4 3 +set%d test-ip4 0 + element 00100001 : 0 [end] element 00100002 : 0 [end] +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ lookup reg 1 set set%d ] + +# meta cgroup 1048577-1048578 +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x01001000 ] + [ cmp lte reg 1 0x02001000 ] + +# meta cgroup != 1048577-1048578 +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x01001000 ] + [ cmp gt reg 1 0x02001000 ] + +# meta cgroup {1048577-1048578} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 01001000 : 0 [end] element 03001000 : 1 [end] +ip test-ip4 input + [ meta load cgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + + +# meta iif . meta oif { lo . eth0 } +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 00000002 : 0 [end] +ip test-ip4 output + [ meta load iif => reg 1 ] + [ meta load oif => reg 9 ] + [ lookup reg 1 set set%d ] + +# meta iif . meta oif . meta mark { lo . eth0 . 0x0000000a } +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 00000002 0000000a : 0 [end] +ip test-ip4 output + [ meta load iif => reg 1 ] + [ meta load oif => reg 9 ] + [ meta load mark => reg 10 ] + [ lookup reg 1 set set%d ] + +# meta iif . meta oif vmap { lo . eth0 : drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00000001 00000002 : 0 [end] +ip test-ip4 output + [ meta load iif => reg 1 ] + [ meta load oif => reg 9 ] + [ lookup reg 1 set map%d dreg 0 ] + diff --git a/tests/py/any/queue.t b/tests/py/any/queue.t new file mode 100644 index 00000000..600c1121 --- /dev/null +++ b/tests/py/any/queue.t @@ -0,0 +1,15 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +*arp;test-arp +*bridge;test-bridge + +:output;type filter hook output priority 0 + +queue;ok;queue num 0 +queue num 2;ok +queue num 2-3;ok +- queue num {3, 4, 6};ok +queue num 4-5 fanout bypass;ok;queue num 4-5 bypass,fanout +queue num 4-5 fanout;ok +queue num 4-5 bypass;ok diff --git a/tests/py/any/queue.t.payload b/tests/py/any/queue.t.payload new file mode 100644 index 00000000..43a6650c --- /dev/null +++ b/tests/py/any/queue.t.payload @@ -0,0 +1,24 @@ +# queue +ip test-ip4 output + [ queue num 0] + +# queue num 2 +ip test-ip4 output + [ queue num 2] + +# queue num 2-3 +ip test-ip4 output + [ queue num 2-3] + +# queue num 4-5 fanout bypass +ip test-ip4 output + [ queue num 4-5 bypass fanout] + +# queue num 4-5 fanout +ip test-ip4 output + [ queue num 4-5 fanout] + +# queue num 4-5 bypass +ip test-ip4 output + [ queue num 4-5 bypass] + diff --git a/tests/py/arp/arp.t b/tests/py/arp/arp.t new file mode 100644 index 00000000..c4e07d57 --- /dev/null +++ b/tests/py/arp/arp.t @@ -0,0 +1,53 @@ +*arp;test-arp +# filter chains available are: input, output, forward +:input;type filter hook input priority 0 + +arp htype 1;ok +arp htype != 1;ok +arp htype 22;ok +arp htype != 233;ok +arp htype 33-45;ok +arp htype != 33-45;ok +arp htype { 33, 55, 67, 88};ok +- arp htype != { 33, 55, 67, 88};ok +arp htype { 33-55};ok +- arp htype != { 33-55};ok + +arp ptype 0x0800;ok;arp ptype ip + +arp hlen 22;ok +arp hlen != 233;ok +arp hlen 33-45;ok +arp hlen != 33-45;ok +arp hlen { 33, 55, 67, 88};ok +- arp hlen != { 33, 55, 67, 88};ok +arp hlen { 33-55};ok +- arp hlen != { 33-55};ok + +arp plen 22;ok +arp plen != 233;ok +arp plen 33-45;ok +arp plen != 33-45;ok +arp plen { 33, 55, 67, 88};ok +- arp plen != { 33, 55, 67, 88};ok +arp plen { 33-55};ok +- arp plen != {33-55};ok + +arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request};ok +- arp operation != {nak, inreply, inrequest, rreply, rrequest, reply, request};ok +arp operation request;ok +arp operation reply;ok +arp operation rrequest;ok +arp operation rreply;ok +arp operation inrequest;ok +arp operation inreply;ok +arp operation nak;ok +arp operation reply;ok +arp operation != request;ok +arp operation != reply;ok +arp operation != rrequest;ok +arp operation != rreply;ok +arp operation != inrequest;ok +arp operation != inreply;ok +arp operation != nak;ok +arp operation != reply;ok diff --git a/tests/py/arp/arp.t.payload b/tests/py/arp/arp.t.payload new file mode 100644 index 00000000..bfa37cdd --- /dev/null +++ b/tests/py/arp/arp.t.payload @@ -0,0 +1,217 @@ +# arp htype 1 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000100 ] + +# arp htype != 1 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000100 ] + +# arp htype 22 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# arp htype != 233 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# arp htype 33-45 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# arp htype != 33-45 +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# arp htype { 33, 55, 67, 88} +set%d test-arp 3 +set%d test-arp 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp htype { 33-55} +set%d test-arp 7 +set%d test-arp 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +arp test-arp input + [ payload load 2b @ network header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp ptype 0x0800 +arp test-arp input + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + +# arp hlen 22 +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# arp hlen != 233 +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# arp hlen 33-45 +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# arp hlen != 33-45 +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# arp hlen { 33, 55, 67, 88} +set%d test-arp 3 +set%d test-arp 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp hlen { 33-55} +set%d test-arp 7 +set%d test-arp 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +arp test-arp input + [ payload load 1b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp plen 22 +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# arp plen != 233 +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# arp plen 33-45 +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# arp plen != 33-45 +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# arp plen { 33, 55, 67, 88} +set%d test-arp 3 +set%d test-arp 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp plen { 33-55} +set%d test-arp 7 +set%d test-arp 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +arp test-arp input + [ payload load 1b @ network header + 5 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request} +set%d test-arp 3 +set%d test-arp 0 + element 00000a00 : 0 [end] element 00000900 : 0 [end] element 00000800 : 0 [end] element 00000400 : 0 [end] element 00000300 : 0 [end] element 00000200 : 0 [end] element 00000100 : 0 [end] +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# arp operation request +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000100 ] + +# arp operation reply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000200 ] + +# arp operation rrequest +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000300 ] + +# arp operation rreply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000400 ] + +# arp operation inrequest +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000800 ] + +# arp operation inreply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000900 ] + +# arp operation nak +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a00 ] + +# arp operation reply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000200 ] + +# arp operation != request +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000100 ] + +# arp operation != reply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000200 ] + +# arp operation != rrequest +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000300 ] + +# arp operation != rreply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000400 ] + +# arp operation != inrequest +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000800 ] + +# arp operation != inreply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000900 ] + +# arp operation != nak +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000a00 ] + +# arp operation != reply +arp test-arp input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000200 ] + diff --git a/tests/py/arp/chains.t b/tests/py/arp/chains.t new file mode 100644 index 00000000..cf08c1af --- /dev/null +++ b/tests/py/arp/chains.t @@ -0,0 +1,6 @@ +*arp;test-arp + +# filter chains available are: input, output, forward +:input;type filter hook input priority 0 +:forward;type filter hook forward priority 0 +:output;type filter hook output priority 0 diff --git a/tests/py/arp/chains.t.payload b/tests/py/arp/chains.t.payload new file mode 100644 index 00000000..e69de29b diff --git a/tests/py/bridge/chains.t b/tests/py/bridge/chains.t new file mode 100644 index 00000000..8070de4f --- /dev/null +++ b/tests/py/bridge/chains.t @@ -0,0 +1,8 @@ +*bridge;test-bridge + +# filter chains available are: prerouting, input, output, forward, postrouting +:filter-pre;type filter hook input priority 0 +:filter-output;type filter hook output priority 0 +:filter-forward;type filter hook forward priority 0 +:filter-input;type filter hook input priority 0 +:filter-post;type filter hook input priority 0 diff --git a/tests/py/bridge/chains.t.payload b/tests/py/bridge/chains.t.payload new file mode 100644 index 00000000..e69de29b diff --git a/tests/py/bridge/ether.t b/tests/py/bridge/ether.t new file mode 100644 index 00000000..6257dfcd --- /dev/null +++ b/tests/py/bridge/ether.t @@ -0,0 +1,8 @@ +*bridge;test-bridge + +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 +tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok +ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok diff --git a/tests/py/bridge/ether.t.payload b/tests/py/bridge/ether.t.payload new file mode 100644 index 00000000..8fdb0a95 --- /dev/null +++ b/tests/py/bridge/ether.t.payload @@ -0,0 +1,44 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + +# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +bridge test-bridge input + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ immediate reg 0 accept ] + diff --git a/tests/py/bridge/reject.t b/tests/py/bridge/reject.t new file mode 100644 index 00000000..43e54611 --- /dev/null +++ b/tests/py/bridge/reject.t @@ -0,0 +1,38 @@ +*bridge;test-bridge +:input;type filter hook input priority 0 + +# The output is specific for bridge family +reject with icmp type host-unreachable;ok;ether type ip reject with icmp type host-unreachable +reject with icmp type net-unreachable;ok;ether type ip reject with icmp type net-unreachable +reject with icmp type prot-unreachable;ok;ether type ip reject with icmp type prot-unreachable +reject with icmp type port-unreachable;ok;ether type ip reject +reject with icmp type net-prohibited;ok;ether type ip reject with icmp type net-prohibited +reject with icmp type host-prohibited;ok;ether type ip reject with icmp type host-prohibited +reject with icmp type admin-prohibited;ok;ether type ip reject with icmp type admin-prohibited + +reject with icmpv6 type no-route;ok;ether type ip6 reject with icmpv6 type no-route +reject with icmpv6 type admin-prohibited;ok;ether type ip6 reject with icmpv6 type admin-prohibited +reject with icmpv6 type addr-unreachable;ok;ether type ip6 reject with icmpv6 type addr-unreachable +reject with icmpv6 type port-unreachable;ok;ether type ip6 reject + +ip protocol tcp reject with tcp reset;ok;ip protocol 6 reject with tcp reset + +reject;ok +ether type ip reject;ok +ether type ip6 reject;ok + +reject with icmpx type host-unreachable;ok +reject with icmpx type no-route;ok +reject with icmpx type admin-prohibited;ok +reject with icmpx type port-unreachable;ok;reject + +ether type ipv6 reject with icmp type host-unreachable;fail +ether type ip6 reject with icmp type host-unreachable;fail +ether type ip reject with icmpv6 type no-route;fail +ether type vlan reject;fail +ether type arp reject;fail +ether type vlan reject;fail +ether type arp reject;fail +ether type vlan reject with tcp reset;fail +ether type arp reject with tcp reset;fail +ip protocol udp reject with tcp reset;fail diff --git a/tests/py/bridge/reject.t.payload b/tests/py/bridge/reject.t.payload new file mode 100644 index 00000000..f5a0e6a8 --- /dev/null +++ b/tests/py/bridge/reject.t.payload @@ -0,0 +1,106 @@ +# reject with icmp type host-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 1 ] + +# reject with icmp type net-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 10 ] + +# reject with icmp type admin-prohibited +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 13 ] + +# reject with icmpv6 type no-route +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 4 ] + +# ip protocol tcp reject with tcp reset +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + +# reject +bridge test-bridge input + [ reject type 2 code 1 ] + +# ether type ip reject +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 3 ] + +# ether type ip6 reject +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 4 ] + +# reject with icmpx type host-unreachable +bridge test-bridge input + [ reject type 2 code 2 ] + +# reject with icmpx type no-route +bridge test-bridge input + [ reject type 2 code 0 ] + +# reject with icmpx type admin-prohibited +bridge test-bridge input + [ reject type 2 code 3 ] + +# reject with icmpx type port-unreachable +bridge test-bridge input + [ reject type 2 code 1 ] + diff --git a/tests/py/bridge/vlan.t b/tests/py/bridge/vlan.t new file mode 100644 index 00000000..f86561a2 --- /dev/null +++ b/tests/py/bridge/vlan.t @@ -0,0 +1,34 @@ +*bridge;test-bridge +:input;type filter hook input priority 0 + +vlan id 4094;ok +vlan id 0;ok +# bad vlan id +vlan id 4096;fail +vlan id 4094 vlan cfi 0;ok +vlan id 4094 vlan cfi != 1;ok +vlan id 4094 vlan cfi 1;ok +# bad cfi +vlan id 4094 vlan cfi 2;fail +vlan id 4094 vlan cfi 1 vlan pcp 8;fail +vlan id 4094 vlan cfi 1 vlan pcp 7;ok +vlan id 4094 vlan cfi 1 vlan pcp 3;ok + +ether type vlan vlan id 4094;ok;vlan id 4094 +ether type vlan vlan id 0;ok;vlan id 0 +ether type vlan vlan id 4094 vlan cfi 0;ok;vlan id 4094 vlan cfi 0 +ether type vlan vlan id 4094 vlan cfi 1;ok;vlan id 4094 vlan cfi 1 +ether type vlan vlan id 4094 vlan cfi 2;fail + +vlan id 4094 tcp dport 22;ok +vlan id 1 ip saddr 10.0.0.1;ok +vlan id 1 ip saddr 10.0.0.0/23;ok +vlan id 1 ip saddr 10.0.0.0/23 udp dport 53;ok +ether type vlan vlan id 1 ip saddr 10.0.0.0/23 udp dport 53;ok;vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 + +vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3;ok +vlan id { 1, 2, 4, 100, 4096 };fail + +# illegal dependencies +ether type ip vlan id 1;fail +ether type ip vlan id 1 ip saddr 10.0.0.1;fail diff --git a/tests/py/bridge/vlan.t.payload b/tests/py/bridge/vlan.t.payload new file mode 100644 index 00000000..02242d22 --- /dev/null +++ b/tests/py/bridge/vlan.t.payload @@ -0,0 +1,201 @@ +# vlan id 4094 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + +# vlan id 0 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# vlan id 4094 vlan cfi 0 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# vlan id 4094 vlan cfi != 1 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000010 ] + +# vlan id 4094 vlan cfi 1 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000010 ] + +# ether type vlan vlan id 4094 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + +# ether type vlan vlan id 0 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# ether type vlan vlan id 4094 vlan cfi 0 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# ether type vlan vlan id 4094 vlan cfi 1 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000010 ] + +# vlan id 4094 tcp dport 22 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# vlan id 1 ip saddr 10.0.0.1 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x0100000a ] + +# vlan id 1 ip saddr 10.0.0.0/23 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000000a ] + +# vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + +# ether type vlan vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000100 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + +# vlan id 4094 vlan cfi 1 vlan pcp 7 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000010 ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x000000e0 ] + +# vlan id 4094 vlan cfi 1 vlan pcp 3 +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000fe0f ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000010 ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000060 ] + +# vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3 +set%d test-bridge 3 +set%d test-bridge 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000400 : 0 [end] element 00006400 : 0 [end] element 0000ff0f : 0 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] + [ lookup reg 1 set set%d ] + [ payload load 1b @ link header + 14 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] + [ cmp gte reg 1 0x00000001 ] + [ cmp lte reg 1 0x00000003 ] + diff --git a/tests/py/inet/ah.t b/tests/py/inet/ah.t new file mode 100644 index 00000000..666659d3 --- /dev/null +++ b/tests/py/inet/ah.t @@ -0,0 +1,58 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +# nexthdr Bug to list table. + +- ah nexthdr esp;ok +- ah nexthdr ah;ok +- ah nexthdr comp;ok +- ah nexthdr udp;ok +- ah nexthdr udplite;ok +- ah nexthdr tcp;ok +- ah nexthdr dccp;ok +- ah nexthdr sctp;ok + +- ah nexthdr { esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok;ah nexthdr { 6, 132, 50, 17, 136, 33, 51, 108} +- ah nexthdr != { esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok + +ah hdrlength 11-23;ok +ah hdrlength != 11-23;ok +ah hdrlength { 11-23};ok +- ah hdrlength != { 11-23};ok +ah hdrlength {11, 23, 44 };ok +- ah hdrlength != {11-23 };ok + +ah reserved 22;ok +ah reserved != 233;ok +ah reserved 33-45;ok +ah reserved != 33-45;ok +ah reserved {23, 100};ok +- ah reserved != {33, 55, 67, 88};ok +ah reserved { 33-55};ok +- ah reserved != { 33-55};ok + +ah spi 111;ok +ah spi != 111;ok +ah spi 111-222;ok +ah spi != 111-222;ok +ah spi {111, 122};ok +- ah spi != {111, 122};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +ah spi { 111-122};ok +- ah spi != { 111-122};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +# sequence +ah sequence 123;ok +ah sequence != 123;ok +ah sequence {23, 25, 33};ok +- ah sequence != {23, 25, 33};ok +ah sequence { 23-33};ok +- ah sequence != { 33-44};ok +ah sequence 23-33;ok +ah sequence != 23-33;ok diff --git a/tests/py/inet/ah.t.payload.inet b/tests/py/inet/ah.t.payload.inet new file mode 100644 index 00000000..d8755980 --- /dev/null +++ b/tests/py/inet/ah.t.payload.inet @@ -0,0 +1,186 @@ +# ah hdrlength 11-23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x0000000b ] + [ cmp lte reg 1 0x00000017 ] + +# ah hdrlength != 11-23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x0000000b ] + [ cmp gt reg 1 0x00000017 ] + +# ah hdrlength { 11-23} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah hdrlength {11, 23, 44 } +set%d test-inet 3 +set%d test-inet 0 + element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ah reserved != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ah reserved 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ah reserved != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ah reserved {23, 100} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00006400 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi 111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x6f000000 ] + +# ah spi != 111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x6f000000 ] + +# ah spi 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# ah spi != 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# ah spi {111, 122} +set%d test-inet 3 +set%d test-inet 0 + element 6f000000 : 0 [end] element 7a000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi { 111-122} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 123 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x7b000000 ] + +# ah sequence != 123 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x7b000000 ] + +# ah sequence {23, 25, 33} +set%d test-inet 3 +set%d test-inet 0 + element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence { 23-33} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 23-33 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x17000000 ] + [ cmp lte reg 1 0x21000000 ] + +# ah sequence != 23-33 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x17000000 ] + [ cmp gt reg 1 0x21000000 ] + diff --git a/tests/py/inet/ah.t.payload.ip b/tests/py/inet/ah.t.payload.ip new file mode 100644 index 00000000..6a58bb1f --- /dev/null +++ b/tests/py/inet/ah.t.payload.ip @@ -0,0 +1,186 @@ +# ah hdrlength 11-23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x0000000b ] + [ cmp lte reg 1 0x00000017 ] + +# ah hdrlength != 11-23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x0000000b ] + [ cmp gt reg 1 0x00000017 ] + +# ah hdrlength { 11-23} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah hdrlength {11, 23, 44 } +set%d test-ip4 3 +set%d test-ip4 0 + element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ah reserved != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ah reserved 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ah reserved != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ah reserved {23, 100} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00006400 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi 111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x6f000000 ] + +# ah spi != 111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x6f000000 ] + +# ah spi 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# ah spi != 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# ah spi {111, 122} +set%d test-ip4 3 +set%d test-ip4 0 + element 6f000000 : 0 [end] element 7a000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi { 111-122} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 123 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x7b000000 ] + +# ah sequence != 123 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x7b000000 ] + +# ah sequence {23, 25, 33} +set%d test-ip4 3 +set%d test-ip4 0 + element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence { 23-33} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 23-33 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x17000000 ] + [ cmp lte reg 1 0x21000000 ] + +# ah sequence != 23-33 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x17000000 ] + [ cmp gt reg 1 0x21000000 ] + diff --git a/tests/py/inet/ah.t.payload.ip6 b/tests/py/inet/ah.t.payload.ip6 new file mode 100644 index 00000000..ce89754b --- /dev/null +++ b/tests/py/inet/ah.t.payload.ip6 @@ -0,0 +1,186 @@ +# ah hdrlength 11-23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x0000000b ] + [ cmp lte reg 1 0x00000017 ] + +# ah hdrlength != 11-23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x0000000b ] + [ cmp gt reg 1 0x00000017 ] + +# ah hdrlength { 11-23} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah hdrlength {11, 23, 44 } +set%d test-ip6 3 +set%d test-ip6 0 + element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ah reserved != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ah reserved 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ah reserved != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ah reserved {23, 100} +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00006400 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah reserved { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi 111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x6f000000 ] + +# ah spi != 111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x6f000000 ] + +# ah spi 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# ah spi != 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# ah spi {111, 122} +set%d test-ip6 3 +set%d test-ip6 0 + element 6f000000 : 0 [end] element 7a000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah spi { 111-122} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 123 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x7b000000 ] + +# ah sequence != 123 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x7b000000 ] + +# ah sequence {23, 25, 33} +set%d test-ip6 3 +set%d test-ip6 0 + element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence { 23-33} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ah sequence 23-33 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x17000000 ] + [ cmp lte reg 1 0x21000000 ] + +# ah sequence != 23-33 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000033 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x17000000 ] + [ cmp gt reg 1 0x21000000 ] + diff --git a/tests/py/inet/comp.t b/tests/py/inet/comp.t new file mode 100644 index 00000000..f4753bbc --- /dev/null +++ b/tests/py/inet/comp.t @@ -0,0 +1,31 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet + +:input;type filter hook input priority 0 + +# BUG: nft: payload.c:88: payload_expr_pctx_update: Assertion `left->payload.base + 1 <= (__PROTO_BASE_MAX - 1)' failed. +- comp nexthdr esp;ok;comp nexthdr 50 +comp nexthdr != esp;ok;comp nexthdr != 50 + +- comp nexthdr {esp, ah, comp, udp, udplite, tcp, tcp, dccp, sctp};ok +# comp flags ## 8-bit field. Reserved for future use. MUST be set to zero. + +# Bug comp flags: to list. List the decimal value. +comp flags 0x0;ok +comp flags != 0x23;ok +comp flags 0x33-0x45;ok +comp flags != 0x33-0x45;ok +comp flags {0x33, 0x55, 0x67, 0x88};ok +- comp flags != {0x33, 0x55, 0x67, 0x88};ok +comp flags { 0x33-0x55};ok +- comp flags != { 0x33-0x55};ok + +comp cpi 22;ok +comp cpi != 233;ok +comp cpi 33-45;ok +comp cpi != 33-45;ok +comp cpi {33, 55, 67, 88};ok +- comp cpi != {33, 55, 67, 88};ok +comp cpi { 33-55};ok +- comp cpi != { 33-55};ok diff --git a/tests/py/inet/comp.t.payload.inet b/tests/py/inet/comp.t.payload.inet new file mode 100644 index 00000000..c00bcc71 --- /dev/null +++ b/tests/py/inet/comp.t.payload.inet @@ -0,0 +1,107 @@ +# comp nexthdr != esp +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# comp flags 0x0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# comp flags != 0x23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x00000023 ] + +# comp flags 0x33-0x45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000033 ] + [ cmp lte reg 1 0x00000045 ] + +# comp flags != 0x33-0x45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000033 ] + [ cmp gt reg 1 0x00000045 ] + +# comp flags {0x33, 0x55, 0x67, 0x88} +set%d test-inet 3 +set%d test-inet 0 + element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp flags { 0x33-0x55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# comp cpi != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# comp cpi 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# comp cpi != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# comp cpi {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/comp.t.payload.ip b/tests/py/inet/comp.t.payload.ip new file mode 100644 index 00000000..e226c9a5 --- /dev/null +++ b/tests/py/inet/comp.t.payload.ip @@ -0,0 +1,107 @@ +# comp nexthdr != esp +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# comp flags 0x0 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# comp flags != 0x23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x00000023 ] + +# comp flags 0x33-0x45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000033 ] + [ cmp lte reg 1 0x00000045 ] + +# comp flags != 0x33-0x45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000033 ] + [ cmp gt reg 1 0x00000045 ] + +# comp flags {0x33, 0x55, 0x67, 0x88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp flags { 0x33-0x55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# comp cpi != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# comp cpi 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# comp cpi != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# comp cpi {33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/comp.t.payload.ip6 b/tests/py/inet/comp.t.payload.ip6 new file mode 100644 index 00000000..135e5a2e --- /dev/null +++ b/tests/py/inet/comp.t.payload.ip6 @@ -0,0 +1,107 @@ +# comp nexthdr != esp +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# comp flags 0x0 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# comp flags != 0x23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x00000023 ] + +# comp flags 0x33-0x45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000033 ] + [ cmp lte reg 1 0x00000045 ] + +# comp flags != 0x33-0x45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000033 ] + [ cmp gt reg 1 0x00000045 ] + +# comp flags {0x33, 0x55, 0x67, 0x88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp flags { 0x33-0x55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# comp cpi != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# comp cpi 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# comp cpi != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# comp cpi {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# comp cpi { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000006c ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/dccp.t b/tests/py/inet/dccp.t new file mode 100644 index 00000000..e323992e --- /dev/null +++ b/tests/py/inet/dccp.t @@ -0,0 +1,33 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +dccp sport 21-35;ok +dccp sport != 21-35;ok +dccp sport {23, 24, 25};ok +- dccp sport != { 27, 34};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +dccp sport { 20-50 };ok +dccp sport ftp-data - re-mail-ck;ok;dccp sport 20-50 +dccp sport 20-50;ok +dccp sport { 20-50};ok +- dccp sport != {27-34};ok +# dccp sport != {27-34};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +# dccp dport 21-35;ok +# dccp dport != 21-35;ok +dccp dport {23, 24, 25};ok +# dccp dport != {27, 34};ok +dccp dport { 20-50};ok +# dccp dport != {27-34};ok + +# BUG dccp type +# dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok +# dccp type != {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok +# dccp type request;ok +# dccp type != request;ok diff --git a/tests/py/inet/dccp.t.payload.inet b/tests/py/inet/dccp.t.payload.inet new file mode 100644 index 00000000..ecd8863f --- /dev/null +++ b/tests/py/inet/dccp.t.payload.inet @@ -0,0 +1,82 @@ +# dccp sport 21-35 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001500 ] + [ cmp lte reg 1 0x00002300 ] + +# dccp sport != 21-35 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001500 ] + [ cmp gt reg 1 0x00002300 ] + +# dccp sport {23, 24, 25} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport { 20-50 } +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport ftp-data - re-mail-ck +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport 20-50 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/dccp.t.payload.ip b/tests/py/inet/dccp.t.payload.ip new file mode 100644 index 00000000..9e1cc2ec --- /dev/null +++ b/tests/py/inet/dccp.t.payload.ip @@ -0,0 +1,82 @@ +# dccp sport 21-35 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001500 ] + [ cmp lte reg 1 0x00002300 ] + +# dccp sport != 21-35 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001500 ] + [ cmp gt reg 1 0x00002300 ] + +# dccp sport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport { 20-50 } +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport ftp-data - re-mail-ck +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport 20-50 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/dccp.t.payload.ip6 b/tests/py/inet/dccp.t.payload.ip6 new file mode 100644 index 00000000..c0e1d70a --- /dev/null +++ b/tests/py/inet/dccp.t.payload.ip6 @@ -0,0 +1,82 @@ +# dccp sport 21-35 +ip test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001500 ] + [ cmp lte reg 1 0x00002300 ] + +# dccp sport != 21-35 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001500 ] + [ cmp gt reg 1 0x00002300 ] + +# dccp sport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport { 20-50 } +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp sport ftp-data - re-mail-ck +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport 20-50 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001400 ] + [ cmp lte reg 1 0x00003200 ] + +# dccp sport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport {23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dccp dport { 20-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000021 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/esp.t b/tests/py/inet/esp.t new file mode 100644 index 00000000..3a8502d9 --- /dev/null +++ b/tests/py/inet/esp.t @@ -0,0 +1,23 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +esp spi 100;ok +esp spi != 100;ok +esp spi 111-222;ok +esp spi != 111-222;ok +esp spi { 100, 102};ok +- esp spi != { 100, 102};ok +esp spi { 100-102};ok +- esp spi {100-102};ok + +esp sequence 22;ok +esp sequence 22-24;ok +esp sequence != 22-24;ok +esp sequence { 22, 24};ok +- esp sequence != { 22, 24};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +esp sequence { 22-25};ok +- esp sequence != { 22-25};ok diff --git a/tests/py/inet/esp.t.payload.inet b/tests/py/inet/esp.t.payload.inet new file mode 100644 index 00000000..4ba9ea8e --- /dev/null +++ b/tests/py/inet/esp.t.payload.inet @@ -0,0 +1,93 @@ +# esp spi 100 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x64000000 ] + +# esp spi != 100 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x64000000 ] + +# esp spi 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# esp spi != 111-222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# esp spi { 100, 102} +set%d test-inet 3 +set%d test-inet 0 + element 64000000 : 0 [end] element 66000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp spi { 100-102} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# esp sequence 22-24 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x16000000 ] + [ cmp lte reg 1 0x18000000 ] + +# esp sequence != 22-24 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x16000000 ] + [ cmp gt reg 1 0x18000000 ] + +# esp sequence { 22, 24} +set%d test-inet 3 +set%d test-inet 0 + element 16000000 : 0 [end] element 18000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence { 22-25} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/esp.t.payload.ip b/tests/py/inet/esp.t.payload.ip new file mode 100644 index 00000000..5a66b042 --- /dev/null +++ b/tests/py/inet/esp.t.payload.ip @@ -0,0 +1,93 @@ +# esp spi 100 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x64000000 ] + +# esp spi != 100 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x64000000 ] + +# esp spi 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# esp spi != 111-222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# esp spi { 100, 102} +set%d test-ip4 3 +set%d test-ip4 0 + element 64000000 : 0 [end] element 66000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp spi { 100-102} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# esp sequence 22-24 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x16000000 ] + [ cmp lte reg 1 0x18000000 ] + +# esp sequence != 22-24 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x16000000 ] + [ cmp gt reg 1 0x18000000 ] + +# esp sequence { 22, 24} +set%d test-ip4 3 +set%d test-ip4 0 + element 16000000 : 0 [end] element 18000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence { 22-25} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/esp.t.payload.ip6 b/tests/py/inet/esp.t.payload.ip6 new file mode 100644 index 00000000..7c784262 --- /dev/null +++ b/tests/py/inet/esp.t.payload.ip6 @@ -0,0 +1,93 @@ +# esp spi 100 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x64000000 ] + +# esp spi != 100 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x64000000 ] + +# esp spi 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x6f000000 ] + [ cmp lte reg 1 0xde000000 ] + +# esp spi != 111-222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x6f000000 ] + [ cmp gt reg 1 0xde000000 ] + +# esp spi { 100, 102} +set%d test-ip6 3 +set%d test-ip6 0 + element 64000000 : 0 [end] element 66000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp spi { 100-102} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# esp sequence 22-24 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x16000000 ] + [ cmp lte reg 1 0x18000000 ] + +# esp sequence != 22-24 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x16000000 ] + [ cmp gt reg 1 0x18000000 ] + +# esp sequence { 22, 24} +set%d test-ip6 3 +set%d test-ip6 0 + element 16000000 : 0 [end] element 18000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# esp sequence { 22-25} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/ether-ip.t b/tests/py/inet/ether-ip.t new file mode 100644 index 00000000..3726db45 --- /dev/null +++ b/tests/py/inet/ether-ip.t @@ -0,0 +1,5 @@ +*inet;test-inet +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok diff --git a/tests/py/inet/ether-ip.t.payload b/tests/py/inet/ether-ip.t.payload new file mode 100644 index 00000000..62e37a59 --- /dev/null +++ b/tests/py/inet/ether-ip.t.payload @@ -0,0 +1,28 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 8b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00080411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] diff --git a/tests/py/inet/ether.t b/tests/py/inet/ether.t new file mode 100644 index 00000000..9d0f9729 --- /dev/null +++ b/tests/py/inet/ether.t @@ -0,0 +1,13 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +*bridge;test-bridge + +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 accept +tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept;ok + +ether saddr 00:0f:54:0c:11:04 accept;ok +ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4;ok diff --git a/tests/py/inet/ether.t.payload b/tests/py/inet/ether.t.payload new file mode 100644 index 00000000..86f30c37 --- /dev/null +++ b/tests/py/inet/ether.t.payload @@ -0,0 +1,55 @@ +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 accept +inet test-inet input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 +inet test-inet input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + diff --git a/tests/py/inet/ether.t.payload.bridge b/tests/py/inet/ether.t.payload.bridge new file mode 100644 index 00000000..4a6bccbe --- /dev/null +++ b/tests/py/inet/ether.t.payload.bridge @@ -0,0 +1,49 @@ +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +bridge test-bridge input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 accept +bridge test-bridge input + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 +bridge test-bridge input + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + diff --git a/tests/py/inet/ether.t.payload.ip b/tests/py/inet/ether.t.payload.ip new file mode 100644 index 00000000..2d33f0ce --- /dev/null +++ b/tests/py/inet/ether.t.payload.ip @@ -0,0 +1,55 @@ +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 accept +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + diff --git a/tests/py/inet/ether.t.payload.ip6 b/tests/py/inet/ether.t.payload.ip6 new file mode 100644 index 00000000..9065952d --- /dev/null +++ b/tests/py/inet/ether.t.payload.ip6 @@ -0,0 +1,55 @@ +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 accept +ip6 test-ip6 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 +ip6 test-ip6 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + diff --git a/tests/py/inet/ip.t b/tests/py/inet/ip.t new file mode 100644 index 00000000..a56c5c97 --- /dev/null +++ b/tests/py/inet/ip.t @@ -0,0 +1,7 @@ +*ip;test-ip4 +*inet;test-inet +*bridge;test-bridge + +:input;type filter hook input priority 0 + +ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe };ok diff --git a/tests/py/inet/ip.t.payload.bridge b/tests/py/inet/ip.t.payload.bridge new file mode 100644 index 00000000..606e3b34 --- /dev/null +++ b/tests/py/inet/ip.t.payload.bridge @@ -0,0 +1,11 @@ +# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } +set%d test-bridge 3 +set%d test-bridge 0 + element 01010101 02020202 fecafeca 0000feca : 0 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 6b @ link header + 6 => reg 10 ] + [ lookup reg 1 set set%d ] diff --git a/tests/py/inet/ip.t.payload.inet b/tests/py/inet/ip.t.payload.inet new file mode 100644 index 00000000..c8e9b054 --- /dev/null +++ b/tests/py/inet/ip.t.payload.inet @@ -0,0 +1,13 @@ +# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } +set%d test-inet 3 +set%d test-inet 0 + element 01010101 02020202 fecafeca 0000feca : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 6b @ link header + 6 => reg 10 ] + [ lookup reg 1 set set%d ] diff --git a/tests/py/inet/ip.t.payload.ip b/tests/py/inet/ip.t.payload.ip new file mode 100644 index 00000000..66f14681 --- /dev/null +++ b/tests/py/inet/ip.t.payload.ip @@ -0,0 +1,11 @@ +# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } +set%d test-ip4 3 +set%d test-ip4 0 + element 01010101 02020202 fecafeca 0000feca : 0 [end] +ip test-ip4 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 6b @ link header + 6 => reg 10 ] + [ lookup reg 1 set set%d ] diff --git a/tests/py/inet/reject.t b/tests/py/inet/reject.t new file mode 100644 index 00000000..52e7b28b --- /dev/null +++ b/tests/py/inet/reject.t @@ -0,0 +1,35 @@ +*inet;test-inet +:input;type filter hook input priority 0 + +# The output is specific for inet family +reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable +reject with icmp type net-unreachable;ok;meta nfproto ipv4 reject with icmp type net-unreachable +reject with icmp type prot-unreachable;ok;meta nfproto ipv4 reject with icmp type prot-unreachable +reject with icmp type port-unreachable;ok;meta nfproto ipv4 reject +reject with icmp type net-prohibited;ok;meta nfproto ipv4 reject with icmp type net-prohibited +reject with icmp type host-prohibited;ok;meta nfproto ipv4 reject with icmp type host-prohibited +reject with icmp type admin-prohibited;ok;meta nfproto ipv4 reject with icmp type admin-prohibited + +reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route +reject with icmpv6 type admin-prohibited;ok;meta nfproto ipv6 reject with icmpv6 type admin-prohibited +reject with icmpv6 type addr-unreachable;ok;meta nfproto ipv6 reject with icmpv6 type addr-unreachable +reject with icmpv6 type port-unreachable;ok;meta nfproto ipv6 reject + +reject with tcp reset;ok;meta l4proto 6 reject with tcp reset + +reject;ok +meta nfproto ipv4 reject;ok +meta nfproto ipv6 reject;ok + +reject with icmpx type host-unreachable;ok +reject with icmpx type no-route;ok +reject with icmpx type admin-prohibited;ok +reject with icmpx type port-unreachable;ok;reject + +meta nfproto ipv4 reject with icmp type host-unreachable;ok +meta nfproto ipv6 reject with icmpv6 type no-route;ok + +meta nfproto ipv6 reject with icmp type host-unreachable;fail +meta nfproto ipv4 ip protocol icmp reject with icmpv6 type no-route;fail +meta nfproto ipv6 ip protocol icmp reject with icmp type host-unreachable;fail +meta l4proto udp reject with tcp reset;fail diff --git a/tests/py/inet/reject.t.payload.inet b/tests/py/inet/reject.t.payload.inet new file mode 100644 index 00000000..5770330d --- /dev/null +++ b/tests/py/inet/reject.t.payload.inet @@ -0,0 +1,220 @@ +# reject with icmp type host-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 1 ] + +# reject with icmp type net-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 10 ] + +# reject with icmp type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 13 ] + +# reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with tcp reset +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + +# reject +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# meta nfproto ipv6 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with icmpx type host-unreachable +inet test-inet input + [ reject type 2 code 2 ] + +# reject with icmpx type no-route +inet test-inet input + [ reject type 2 code 0 ] + +# reject with icmpx type admin-prohibited +inet test-inet input + [ reject type 2 code 3 ] + +# reject with icmpx type port-unreachable +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject with icmp type host-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 1 ] + +# meta nfproto ipv6 reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 10 ] + +# reject with icmp type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 13 ] + +# reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with tcp reset +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + +# reject +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 3 ] + +# meta nfproto ipv6 reject +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 4 ] + +# reject with icmpx type host-unreachable +inet test-inet input + [ reject type 2 code 2 ] + +# reject with icmpx type no-route +inet test-inet input + [ reject type 2 code 0 ] + +# reject with icmpx type admin-prohibited +inet test-inet input + [ reject type 2 code 3 ] + +# reject with icmpx type port-unreachable +inet test-inet input + [ reject type 2 code 1 ] + +# meta nfproto ipv4 reject with icmp type host-unreachable +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ reject type 0 code 1 ] + +# meta nfproto ipv6 reject with icmpv6 type no-route +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ reject type 0 code 0 ] + diff --git a/tests/py/inet/sctp.t b/tests/py/inet/sctp.t new file mode 100644 index 00000000..537a9b17 --- /dev/null +++ b/tests/py/inet/sctp.t @@ -0,0 +1,42 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +sctp sport 23;ok +sctp sport != 23;ok +sctp sport 23-44;ok +sctp sport != 23-44;ok +sctp sport { 23, 24, 25};ok +- sctp sport != { 23, 24, 25};ok +sctp sport { 23-44};ok +- sctp sport != { 23-44};ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +sctp dport 23;ok +sctp dport != 23;ok +sctp dport 23-44;ok +sctp dport != 23-44;ok +sctp dport { 23, 24, 25};ok +- sctp dport != { 23, 24, 25};ok +sctp dport { 23-44};ok +- sctp dport != { 23-44};ok + +sctp checksum 1111;ok +sctp checksum != 11;ok +sctp checksum 21-333;ok +sctp checksum != 32-111;ok +sctp checksum { 22, 33, 44};ok +- sctp checksum != { 22, 33, 44};ok +sctp checksum { 22-44};ok +- sctp checksum != { 22-44};ok + +sctp vtag 22;ok +sctp vtag != 233;ok +sctp vtag 33-45;ok +sctp vtag != 33-45;ok +sctp vtag {33, 55, 67, 88};ok +- sctp vtag != {33, 55, 67, 88};ok +sctp vtag { 33-55};ok +- sctp vtag != { 33-55};ok diff --git a/tests/py/inet/sctp.t.payload.inet b/tests/py/inet/sctp.t.payload.inet new file mode 100644 index 00000000..dd6e2759 --- /dev/null +++ b/tests/py/inet/sctp.t.payload.inet @@ -0,0 +1,200 @@ +# sctp sport 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp sport != 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp sport 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp sport != 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp sport { 23, 24, 25} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp sport { 23-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp dport != 23 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp dport 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp dport != 23-44 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp dport { 23, 24, 25} +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport { 23-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum 1111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x57040000 ] + +# sctp checksum != 11 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x0b000000 ] + +# sctp checksum 21-333 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x15000000 ] + [ cmp lte reg 1 0x4d010000 ] + +# sctp checksum != 32-111 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x20000000 ] + [ cmp gt reg 1 0x6f000000 ] + +# sctp checksum { 22, 33, 44} +set%d test-inet 3 +set%d test-inet 0 + element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum { 22-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# sctp vtag != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# sctp vtag 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# sctp vtag != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# sctp vtag {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/sctp.t.payload.ip b/tests/py/inet/sctp.t.payload.ip new file mode 100644 index 00000000..053d319e --- /dev/null +++ b/tests/py/inet/sctp.t.payload.ip @@ -0,0 +1,200 @@ +# sctp sport 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp sport != 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp sport 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp sport != 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp sport { 23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp sport { 23-44} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp dport != 23 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp dport 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp dport != 23-44 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp dport { 23, 24, 25} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport { 23-44} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum 1111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x57040000 ] + +# sctp checksum != 11 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x0b000000 ] + +# sctp checksum 21-333 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x15000000 ] + [ cmp lte reg 1 0x4d010000 ] + +# sctp checksum != 32-111 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x20000000 ] + [ cmp gt reg 1 0x6f000000 ] + +# sctp checksum { 22, 33, 44} +set%d test-ip4 3 +set%d test-ip4 0 + element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum { 22-44} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# sctp vtag != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# sctp vtag 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# sctp vtag != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# sctp vtag {33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/sctp.t.payload.ip6 b/tests/py/inet/sctp.t.payload.ip6 new file mode 100644 index 00000000..eae6fa94 --- /dev/null +++ b/tests/py/inet/sctp.t.payload.ip6 @@ -0,0 +1,200 @@ +# sctp sport 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp sport != 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp sport 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp sport != 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp sport { 23, 24, 25} +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp sport { 23-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001700 ] + +# sctp dport != 23 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00001700 ] + +# sctp dport 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00001700 ] + [ cmp lte reg 1 0x00002c00 ] + +# sctp dport != 23-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002c00 ] + +# sctp dport { 23, 24, 25} +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp dport { 23-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum 1111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x57040000 ] + +# sctp checksum != 11 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0x0b000000 ] + +# sctp checksum 21-333 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x15000000 ] + [ cmp lte reg 1 0x4d010000 ] + +# sctp checksum != 32-111 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x20000000 ] + [ cmp gt reg 1 0x6f000000 ] + +# sctp checksum { 22, 33, 44} +set%d test-ip6 3 +set%d test-ip6 0 + element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp checksum { 22-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# sctp vtag != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# sctp vtag 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# sctp vtag != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# sctp vtag {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# sctp vtag { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t new file mode 100644 index 00000000..53a16898 --- /dev/null +++ b/tests/py/inet/tcp.t @@ -0,0 +1,105 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +tcp dport 22;ok +tcp dport != 233;ok +tcp dport 33-45;ok +tcp dport != 33-45;ok +tcp dport { 33, 55, 67, 88};ok +- tcp dport != { 33, 55, 67, 88};ok +tcp dport { 33-55};ok +- tcp dport != { 33-55};ok +tcp dport {telnet, http, https} accept;ok;tcp dport { 443, 23, 80} accept +tcp dport vmap { 22 : accept, 23 : drop };ok +tcp dport vmap { 25:accept, 28:drop };ok +tcp dport { 22, 53, 80, 110 };ok +- tcp dport != { 22, 53, 80, 110 };ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +tcp sport 22;ok +tcp sport != 233;ok +tcp sport 33-45;ok +tcp sport != 33-45;ok +tcp sport { 33, 55, 67, 88};ok +- tcp sport != { 33, 55, 67, 88};ok +tcp sport { 33-55};ok +- tcp sport != { 33-55};ok +tcp sport vmap { 25:accept, 28:drop };ok + +tcp sport 8080 drop;ok +tcp sport 1024 tcp dport 22;ok +tcp sport 1024 tcp dport 22 tcp sequence 0;ok + +tcp sequence 0 tcp sport 1024 tcp dport 22;ok;tcp sport 1024 tcp dport 22 tcp sequence 0 +tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22;ok + +tcp sequence 22;ok +tcp sequence != 233;ok +tcp sequence 33-45;ok +tcp sequence != 33-45;ok +tcp sequence { 33, 55, 67, 88};ok +- tcp sequence != { 33, 55, 67, 88};ok +tcp sequence { 33-55};ok +- tcp sequence != { 33-55};ok + +tcp ackseq 42949672 drop;ok +tcp ackseq 22;ok +tcp ackseq != 233;ok +tcp ackseq 33-45;ok +tcp ackseq != 33-45;ok +tcp ackseq { 33, 55, 67, 88};ok +- tcp ackseq != { 33, 55, 67, 88};ok +tcp ackseq { 33-55};ok +- tcp ackseq != { 33-55};ok + +- tcp doff 22;ok +- tcp doff != 233;ok +- tcp doff 33-45;ok +- tcp doff != 33-45;ok +- tcp doff { 33, 55, 67, 88};ok +- tcp doff != { 33, 55, 67, 88};ok +- tcp doff { 33-55};ok +- tcp doff != { 33-55};ok + +# BUG reserved +# BUG: It is accepted but it is not shown then. tcp reserver + +tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop;ok +- tcp flags != { fin, urg, ecn, cwr} drop;ok +tcp flags cwr;ok +tcp flags != cwr;ok + +tcp window 22222;ok +tcp window 22;ok +tcp window != 233;ok +tcp window 33-45;ok +tcp window != 33-45;ok +tcp window { 33, 55, 67, 88};ok +- tcp window != { 33, 55, 67, 88};ok +tcp window { 33-55};ok +- tcp window != { 33-55};ok + +tcp checksum 23456 log drop;ok +tcp checksum 22;ok +tcp checksum != 233;ok +tcp checksum 33-45;ok +tcp checksum != 33-45;ok +tcp checksum { 33, 55, 67, 88};ok +- tcp checksum != { 33, 55, 67, 88};ok +tcp checksum { 33-55};ok +- tcp checksum != { 33-55};ok + +tcp urgptr 1234 accept;ok +tcp urgptr 22;ok +tcp urgptr != 233;ok +tcp urgptr 33-45;ok +tcp urgptr != 33-45;ok +tcp urgptr { 33, 55, 67, 88};ok +- tcp urgptr != { 33, 55, 67, 88};ok +tcp urgptr { 33-55};ok +- tcp urgptr != { 33-55};ok + +tcp doff 8;ok diff --git a/tests/py/inet/tcp.t.payload.inet b/tests/py/inet/tcp.t.payload.inet new file mode 100644 index 00000000..21b21abc --- /dev/null +++ b/tests/py/inet/tcp.t.payload.inet @@ -0,0 +1,508 @@ +# tcp dport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp dport != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp dport 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp dport != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp dport { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport {telnet, http, https} accept +set%d test-inet 3 +set%d test-inet 0 + element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# tcp dport vmap { 22 : accept, 23 : drop } +map%d test-inet b +map%d test-inet 0 + element 00001600 : 0 [end] element 00001700 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport vmap { 25:accept, 28:drop } +map%d test-inet b +map%d test-inet 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport { 22, 53, 80, 110 } +set%d test-inet 3 +set%d test-inet 0 + element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp sport 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp sport != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp sport { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport vmap { 25:accept, 28:drop } +map%d test-inet b +map%d test-inet 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp sport 8080 drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000901f ] + [ immediate reg 0 drop ] + +# tcp sport 1024 tcp dport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 ] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +set%d test-inet 3 +set%d test-inet 0 + element 00000004 : 0 [end] element 0000fe03 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ payload load 6b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 0x00000000 ] + +# tcp sequence 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp sequence != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp sequence 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp sequence != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp sequence { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sequence { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq 42949672 drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x285c8f02 ] + [ immediate reg 0 drop ] + +# tcp ackseq 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp ackseq != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp ackseq 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp ackseq != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp ackseq { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +set%d test-inet 3 +set%d test-inet 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# tcp flags cwr +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags != cwr +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ cmp neq reg 1 0x00000080 ] + +# tcp window 22222 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x0000ce56 ] + +# tcp window 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp window != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp window 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp window != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp window { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp window { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum 23456 log drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x0000a05b ] + [ log prefix (null) ] + [ immediate reg 0 drop ] + +# tcp checksum 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp checksum != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp checksum 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp checksum != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp checksum { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr 1234 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 0 accept ] + +# tcp urgptr 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp urgptr != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp urgptr 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp urgptr != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp urgptr { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp doff 8 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000080 ] + diff --git a/tests/py/inet/tcp.t.payload.ip b/tests/py/inet/tcp.t.payload.ip new file mode 100644 index 00000000..34c97143 --- /dev/null +++ b/tests/py/inet/tcp.t.payload.ip @@ -0,0 +1,508 @@ +# tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp dport != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp dport 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp dport != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp dport { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport {telnet, http, https} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# tcp dport vmap { 22 : accept, 23 : drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001600 : 0 [end] element 00001700 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport vmap { 25:accept, 28:drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport { 22, 53, 80, 110 } +set%d test-ip4 3 +set%d test-ip4 0 + element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp sport 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp sport != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp sport { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport vmap { 25:accept, 28:drop } +map%d test-ip4 b +map%d test-ip4 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp sport 8080 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000901f ] + [ immediate reg 0 drop ] + +# tcp sport 1024 tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 ] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +set%d test-ip4 3 +set%d test-ip4 0 + element 00000004 : 0 [end] element 0000fe03 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ payload load 6b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 0x00000000 ] + +# tcp sequence 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp sequence != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp sequence 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp sequence != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp sequence { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sequence { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq 42949672 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x285c8f02 ] + [ immediate reg 0 drop ] + +# tcp ackseq 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp ackseq != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp ackseq 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp ackseq != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp ackseq { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# tcp flags cwr +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags != cwr +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ cmp neq reg 1 0x00000080 ] + +# tcp window 22222 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x0000ce56 ] + +# tcp window 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp window != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp window 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp window != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp window { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp window { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum 23456 log drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x0000a05b ] + [ log prefix (null) ] + [ immediate reg 0 drop ] + +# tcp checksum 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp checksum != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp checksum 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp checksum != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr 1234 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 0 accept ] + +# tcp urgptr 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp urgptr != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp urgptr 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp urgptr != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp urgptr { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp doff 8 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000080 ] + diff --git a/tests/py/inet/tcp.t.payload.ip6 b/tests/py/inet/tcp.t.payload.ip6 new file mode 100644 index 00000000..44decab4 --- /dev/null +++ b/tests/py/inet/tcp.t.payload.ip6 @@ -0,0 +1,508 @@ +# tcp dport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp dport != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp dport 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp dport != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp dport { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp dport {telnet, http, https} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# tcp dport vmap { 22 : accept, 23 : drop } +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0 [end] element 00001700 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport vmap { 25:accept, 28:drop } +map%d test-ip6 b +map%d test-ip6 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp dport { 22, 53, 80, 110 } +set%d test-ip6 3 +set%d test-ip6 0 + element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp sport != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp sport 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp sport != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp sport { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sport vmap { 25:accept, 28:drop } +map%d test-ip6 b +map%d test-ip6 0 + element 00001900 : 0 [end] element 00001c00 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# tcp sport 8080 drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000901f ] + [ immediate reg 0 drop ] + +# tcp sport 1024 tcp dport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 ] + +# tcp sport 1024 tcp dport 22 tcp sequence 0 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport 1024 tcp dport 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 8b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x16000004 0x00000000 ] + +# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 +set%d test-ip6 3 +set%d test-ip6 0 + element 00000004 : 0 [end] element 0000fe03 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ payload load 6b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 0x00000000 ] + +# tcp sequence 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp sequence != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp sequence 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp sequence != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp sequence { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp sequence { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq 42949672 drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x285c8f02 ] + [ immediate reg 0 drop ] + +# tcp ackseq 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# tcp ackseq != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# tcp ackseq 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# tcp ackseq != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# tcp ackseq { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp ackseq { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 4b @ transport header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop +set%d test-ip6 3 +set%d test-ip6 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# tcp flags cwr +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# tcp flags != cwr +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ cmp neq reg 1 0x00000080 ] + +# tcp window 22222 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x0000ce56 ] + +# tcp window 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp window != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp window 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp window != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp window { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp window { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 14 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum 23456 log drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x0000a05b ] + [ log prefix (null) ] + [ immediate reg 0 drop ] + +# tcp checksum 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp checksum != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp checksum 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp checksum != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp checksum { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp checksum { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr 1234 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 0 accept ] + +# tcp urgptr 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# tcp urgptr != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# tcp urgptr 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# tcp urgptr != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# tcp urgptr { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp urgptr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 18 => reg 1 ] + [ lookup reg 1 set set%d ] + +# tcp doff 8 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000080 ] + diff --git a/tests/py/inet/udp.t b/tests/py/inet/udp.t new file mode 100644 index 00000000..58f4002d --- /dev/null +++ b/tests/py/inet/udp.t @@ -0,0 +1,49 @@ +*ip;test-ip4 +*ip;test-ip6 +*ip;test-inet +:input;type filter hook input priority 0 + +udp sport 80 accept;ok +udp sport != 60 accept;ok +udp sport 50-70 accept;ok +udp sport != 50-60 accept;ok +udp sport { 49, 50} drop;ok +- udp sport != { 50, 60} accept;ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +udp sport { 12-40};ok +- udp sport != { 13-24};ok + +udp dport 80 accept;ok +udp dport != 60 accept;ok +udp dport 70-75 accept;ok +udp dport != 50-60 accept;ok +udp dport { 49, 50} drop;ok +- udp dport != { 50, 60} accept;ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +udp dport { 70-75} accept;ok +- udp dport != { 50-60} accept;ok + +udp length 6666;ok +udp length != 6666;ok +udp length 50-65 accept;ok +udp length != 50-65 accept;ok +udp length { 50, 65} accept;ok +- udp length != { 50, 65} accept;ok +udp length { 35-50};ok +- udp length != { 35-50};ok + +udp checksum 6666 drop;ok +- udp checksum != { 444, 555} accept;ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +udp checksum 22;ok +udp checksum != 233;ok +udp checksum 33-45;ok +udp checksum != 33-45;ok +udp checksum { 33, 55, 67, 88};ok +- udp checksum != { 33, 55, 67, 88};ok +udp checksum { 33-55};ok +- udp checksum != { 33-55};ok diff --git a/tests/py/inet/udp.t.payload.ip b/tests/py/inet/udp.t.payload.ip new file mode 100644 index 00000000..b3ec24b2 --- /dev/null +++ b/tests/py/inet/udp.t.payload.ip @@ -0,0 +1,222 @@ +# udp sport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udp sport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp sport 50-70 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udp sport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udp sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udp dport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udp dport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp dport 70-75 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udp dport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udp dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udp dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udp length 6666 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + +# udp length != 6666 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x00000a1a ] + +# udp length 50-65 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004100 ] + [ immediate reg 0 accept ] + +# udp length != 50-65 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00004100 ] + [ immediate reg 0 accept ] + +# udp length { 50, 65} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00003200 : 0 [end] element 00004100 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udp length { 35-50} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002300 : 0 [end] element 00003300 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udp checksum 6666 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udp checksum 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udp checksum != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udp checksum 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udp checksum != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udp checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udp checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/udplite.t b/tests/py/inet/udplite.t new file mode 100644 index 00000000..9420ab45 --- /dev/null +++ b/tests/py/inet/udplite.t @@ -0,0 +1,42 @@ +*ip;test-ip4 +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +udplite sport 80 accept;ok +udplite sport != 60 accept;ok +udplite sport 50-70 accept;ok +udplite sport != 50-60 accept;ok +udplite sport { 49, 50} drop;ok +- udplite sport != { 50, 60} accept;ok +udplite sport { 12-40};ok +- udplite sport != { 13-24};ok + +udplite dport 80 accept;ok +udplite dport != 60 accept;ok +udplite dport 70-75 accept;ok +udplite dport != 50-60 accept;ok +udplite dport { 49, 50} drop;ok +- udplite dport != { 50, 60} accept;ok +udplite dport { 70-75} accept;ok +- udplite dport != { 50-60} accept;ok + +- udplite csumcov 6666;ok +- udplite csumcov != 6666;ok +- udplite csumcov 50-65 accept;ok +- udplite csumcov != 50-65 accept;ok +- udplite csumcov { 50, 65} accept;ok +- udplite csumcov != { 50, 65} accept;ok +- udplite csumcov { 35-50};ok +- udplite csumcov != { 35-50};ok + +udplite checksum 6666 drop;ok +- udplite checksum != { 444, 555} accept;ok +udplite checksum 22;ok +udplite checksum != 233;ok +udplite checksum 33-45;ok +udplite checksum != 33-45;ok +udplite checksum { 33, 55, 67, 88};ok +- udplite checksum != { 33, 55, 67, 88};ok +udplite checksum { 33-55};ok +- udplite checksum != { 33-55};ok diff --git a/tests/py/inet/udplite.t.payload.inet b/tests/py/inet/udplite.t.payload.inet new file mode 100644 index 00000000..4c57239f --- /dev/null +++ b/tests/py/inet/udplite.t.payload.inet @@ -0,0 +1,169 @@ +# udplite sport 80 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite sport != 60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport 50-70 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udplite sport != 50-60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite dport 80 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite dport != 60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport 70-75 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udplite dport != 50-60 accept +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udplite checksum 6666 drop +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udplite checksum 22 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udplite checksum != 233 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udplite checksum 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udplite checksum != 33-45 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udplite checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/udplite.t.payload.ip b/tests/py/inet/udplite.t.payload.ip new file mode 100644 index 00000000..e870c701 --- /dev/null +++ b/tests/py/inet/udplite.t.payload.ip @@ -0,0 +1,169 @@ +# udplite sport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite sport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport 50-70 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udplite sport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite dport 80 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite dport != 60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport 70-75 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udplite dport != 50-60 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udplite checksum 6666 drop +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udplite checksum 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udplite checksum != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udplite checksum 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udplite checksum != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udplite checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/inet/udplite.t.payload.ip6 b/tests/py/inet/udplite.t.payload.ip6 new file mode 100644 index 00000000..2d318854 --- /dev/null +++ b/tests/py/inet/udplite.t.payload.ip6 @@ -0,0 +1,169 @@ +# udplite sport 80 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite sport != 60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport 50-70 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp gte reg 1 0x00003200 ] + [ cmp lte reg 1 0x00004600 ] + [ immediate reg 0 accept ] + +# udplite sport != 50-60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite sport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite sport { 12-40} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite dport 80 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00005000 ] + [ immediate reg 0 accept ] + +# udplite dport != 60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport 70-75 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004600 ] + [ cmp lte reg 1 0x00004b00 ] + [ immediate reg 0 accept ] + +# udplite dport != 50-60 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00003200 ] + [ cmp gt reg 1 0x00003c00 ] + [ immediate reg 0 accept ] + +# udplite dport { 49, 50} drop +set%d test-ip4 3 +set%d test-ip4 0 + element 00003100 : 0 [end] element 00003200 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 drop ] + +# udplite dport { 70-75} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# udplite checksum 6666 drop +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000a1a ] + [ immediate reg 0 drop ] + +# udplite checksum 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# udplite checksum != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# udplite checksum 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# udplite checksum != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# udplite checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# udplite checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip/chains.t b/tests/py/ip/chains.t new file mode 100644 index 00000000..8edf62b5 --- /dev/null +++ b/tests/py/ip/chains.t @@ -0,0 +1,15 @@ +*ip;test-ip4 + +# filter chains available are: input, output, forward, prerouting, postrouting +:filter-input;type filter hook input priority 0 +:filter-pre;type filter hook prerouting priority 0 +:filter-forw;type filter hook forward priority 0 +:filter-out;type filter hook output priority 0 +:filter-post;type filter hook postrouting priority 0 +# nat chains available are: input, output, prerouting, postrouting +:nat-input-t;type nat hook input priority 0 +:nat-pre-t;type nat hook prerouting priority 0 +:nat-out-t;type nat hook output priority 0 +:nat-post-t;type nat hook postrouting priority 0 +# route chain available are: output +:route-out-t;type route hook output priority 0 diff --git a/tests/py/ip/dnat.t b/tests/py/ip/dnat.t new file mode 100644 index 00000000..cdb78116 --- /dev/null +++ b/tests/py/ip/dnat.t @@ -0,0 +1,15 @@ +*ip;test-ip4 +:prerouting;type nat hook prerouting priority 0 + +iifname "eth0" tcp dport 80-90 dnat 192.168.3.2;ok +iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2;ok +iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2;ok +- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok +- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2;ok + +dnat ct mark map { 0x00000014 : 1.2.3.4};ok +dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok diff --git a/tests/py/ip/dnat.t.payload.ip b/tests/py/ip/dnat.t.payload.ip new file mode 100644 index 00000000..026e8719 --- /dev/null +++ b/tests/py/ip/dnat.t.payload.ip @@ -0,0 +1,69 @@ +# iifname "eth0" tcp dport 80-90 dnat 192.168.3.2 +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2 +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00005000 ] + [ cmp gt reg 1 0x00005a00 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2 +set%d test-ip4 3 +set%d test-ip4 0 + element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 1 0x0203a8c0 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2 +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002200 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + +# dnat ct mark map { 0x00000014 : 1.2.3.4} +map%d test-ip4 b +map%d test-ip4 0 + element 00000014 : 04030201 0 [end] +ip test-ip4 prerouting + [ ct load mark => reg 1 ] + [ lookup reg 1 set map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + +# dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} +map%d test-ip4 b +map%d test-ip4 0 + element 00000014 01010101 : 04030201 0 [end] +ip test-ip4 output + [ ct load mark => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set map%d dreg 1 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + diff --git a/tests/py/ip/dup.t b/tests/py/ip/dup.t new file mode 100644 index 00000000..9320d546 --- /dev/null +++ b/tests/py/ip/dup.t @@ -0,0 +1,6 @@ +*ip;test-ip4 +:input;type filter hook input priority 0 + +dup to 192.168.2.1;ok +dup to 192.168.2.1 device eth0;ok +dup to ip saddr map { 192.168.2.120 : 192.168.2.1 } device eth0;ok diff --git a/tests/py/ip/dup.t.payload b/tests/py/ip/dup.t.payload new file mode 100644 index 00000000..7928d5d5 --- /dev/null +++ b/tests/py/ip/dup.t.payload @@ -0,0 +1,21 @@ +# dup to 192.168.2.1 +ip test-ip4 test + [ immediate reg 1 0x0102a8c0 ] + [ dup sreg_addr 1 ] + +# dup to 192.168.2.1 device eth0 +ip test-ip4 test + [ immediate reg 1 0x0102a8c0 ] + [ immediate reg 2 0x00000002 ] + [ dup sreg_addr 1 sreg_dev 2 ] + +# dup to ip saddr map { 192.168.2.120 : 192.168.2.1 } device eth0 +map%d test-ip4 b +map%d test-ip4 0 + element 7802a8c0 : 0102a8c0 0 [end] +ip test-ip4 test + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set map%d dreg 1 ] + [ immediate reg 2 0x00000002 ] + [ dup sreg_addr 1 sreg_dev 2 ] + diff --git a/tests/py/ip/ether.t b/tests/py/ip/ether.t new file mode 100644 index 00000000..4d30f51c --- /dev/null +++ b/tests/py/ip/ether.t @@ -0,0 +1,8 @@ +*ip;test-ip + +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 accept +tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok +tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok +ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok diff --git a/tests/py/ip/ether.t.payload b/tests/py/ip/ether.t.payload new file mode 100644 index 00000000..0d234dab --- /dev/null +++ b/tests/py/ip/ether.t.payload @@ -0,0 +1,50 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +ip test-ip input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 +ip test-ip input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +ip test-ip input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + +# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +ip test-ip input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ immediate reg 0 accept ] + diff --git a/tests/py/ip/icmp.t b/tests/py/ip/icmp.t new file mode 100644 index 00000000..bd00f5ca --- /dev/null +++ b/tests/py/ip/icmp.t @@ -0,0 +1,93 @@ +*ip;test-ip4 +# BUG: There is a bug with icmp protocol and inet family. +# *inet;test-inet +:input;type filter hook input priority 0 + +icmp type echo-reply accept;ok +icmp type destination-unreachable accept;ok +icmp type source-quench accept;ok +icmp type redirect accept;ok +icmp type echo-request accept;ok +icmp type time-exceeded accept;ok +icmp type parameter-problem accept;ok +icmp type timestamp-request accept;ok +icmp type timestamp-reply accept;ok +icmp type info-request accept;ok +icmp type info-reply accept;ok +icmp type address-mask-request accept;ok +icmp type address-mask-reply accept;ok +icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept;ok +- icmp type != {echo-reply, destination-unreachable, source-quench};ok +# BUG: icmp type != {echo-reply, destination-unreachable, source-quench} +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +icmp code 111 accept;ok +icmp code != 111 accept;ok +icmp code 33-55;ok +icmp code != 33-55;ok +icmp code { 33-55};ok +- icmp code != { 33-55};ok +icmp code { 2, 4, 54, 33, 56};ok +- icmp code != { 2, 4, 54, 33, 56};ok +# $ sudo nft add rule ip test input icmp code != {2, 4, 54, 33, 56} +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +icmp checksum 12343 accept;ok +icmp checksum != 12343 accept;ok +icmp checksum 11-343 accept;ok +icmp checksum != 11-343 accept;ok +icmp checksum { 11-343} accept;ok +- icmp checksum != { 11-343} accept;ok +icmp checksum { 1111, 222, 343} accept;ok +- icmp checksum != { 1111, 222, 343} accept;ok +# BUG: invalid expression type set +# icmp checksum != { 1111, 222, 343} accept;ok +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +icmp id 1245 log;ok +icmp id 22;ok +icmp id != 233;ok +icmp id 33-45;ok +icmp id != 33-45;ok +icmp id { 33-55};ok +- icmp id != { 33-55};ok +icmp id { 22, 34, 333};ok +- icmp id != { 22, 34, 333};ok +# BUG: invalid expression type set +# icmp id != { 22, 34, 333} +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +icmp sequence 22;ok +icmp sequence != 233;ok +icmp sequence 33-45;ok +icmp sequence != 33-45;ok +icmp sequence { 33, 55, 67, 88};ok +- icmp sequence != { 33, 55, 67, 88};ok +icmp sequence { 33-55};ok +- icmp sequence != { 33-55};ok + +icmp mtu 33;ok +icmp mtu 22-33;ok +icmp mtu { 22-33};ok +- icmp mtu != { 22-33};ok +icmp mtu 22;ok +icmp mtu != 233;ok +icmp mtu 33-45;ok +icmp mtu != 33-45;ok +icmp mtu { 33, 55, 67, 88};ok +- icmp mtu != { 33, 55, 67, 88};ok +icmp mtu { 33-55};ok +- icmp mtu != { 33-55};ok + +icmp gateway 22;ok +icmp gateway != 233;ok +icmp gateway 33-45;ok +icmp gateway != 33-45;ok +icmp gateway { 33, 55, 67, 88};ok +- icmp gateway != { 33, 55, 67, 88};ok +icmp gateway { 33-55};ok +- icmp gateway != { 33-55};ok +icmp gateway != 34;ok +- icmp gateway != { 333, 334};ok diff --git a/tests/py/ip/icmp.t.payload.ip b/tests/py/ip/icmp.t.payload.ip new file mode 100644 index 00000000..a6071a65 --- /dev/null +++ b/tests/py/ip/icmp.t.payload.ip @@ -0,0 +1,463 @@ +# icmp type echo-reply accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + [ immediate reg 0 accept ] + +# icmp type destination-unreachable accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] + [ immediate reg 0 accept ] + +# icmp type source-quench accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + [ immediate reg 0 accept ] + +# icmp type redirect accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000005 ] + [ immediate reg 0 accept ] + +# icmp type echo-request accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ immediate reg 0 accept ] + +# icmp type time-exceeded accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000000b ] + [ immediate reg 0 accept ] + +# icmp type parameter-problem accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000000c ] + [ immediate reg 0 accept ] + +# icmp type timestamp-request accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000000d ] + [ immediate reg 0 accept ] + +# icmp type timestamp-reply accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000000e ] + [ immediate reg 0 accept ] + +# icmp type info-request accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000000f ] + [ immediate reg 0 accept ] + +# icmp type info-reply accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000010 ] + [ immediate reg 0 accept ] + +# icmp type address-mask-request accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 0 accept ] + +# icmp type address-mask-reply accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000012 ] + [ immediate reg 0 accept ] + +# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000000 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000008 : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] element 0000000d : 0 [end] element 0000000e : 0 [end] element 0000000f : 0 [end] element 00000010 : 0 [end] element 00000011 : 0 [end] element 00000012 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmp code 111 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x0000006f ] + [ immediate reg 0 accept ] + +# icmp code != 111 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp neq reg 1 0x0000006f ] + [ immediate reg 0 accept ] + +# icmp code 33-55 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x00000037 ] + +# icmp code != 33-55 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x00000037 ] + +# icmp code { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp code { 2, 4, 54, 33, 56} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000036 : 0 [end] element 00000021 : 0 [end] element 00000038 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp checksum 12343 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003730 ] + [ immediate reg 0 accept ] + +# icmp checksum != 12343 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x00003730 ] + [ immediate reg 0 accept ] + +# icmp checksum 11-343 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00000b00 ] + [ cmp lte reg 1 0x00005701 ] + [ immediate reg 0 accept ] + +# icmp checksum != 11-343 accept +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00000b00 ] + [ cmp gt reg 1 0x00005701 ] + [ immediate reg 0 accept ] + +# icmp checksum { 11-343} accept +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmp checksum { 1111, 222, 343} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmp id 1245 log +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x0000dd04 ] + [ log prefix (null) ] + +# icmp id 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# icmp id != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# icmp id 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmp id != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmp id { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp id { 22, 34, 333} +set%d test-ip4 3 +set%d test-ip4 0 + element 00001600 : 0 [end] element 00002200 : 0 [end] element 00004d01 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp sequence 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# icmp sequence != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# icmp sequence 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmp sequence != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmp sequence { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp sequence { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp mtu 33 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00002100 ] + +# icmp mtu 22-33 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00001600 ] + [ cmp lte reg 1 0x00002100 ] + +# icmp mtu { 22-33} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp mtu 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# icmp mtu != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# icmp mtu 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmp mtu != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmp mtu { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp mtu { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp gateway 22 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# icmp gateway != 233 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# icmp gateway 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# icmp gateway != 33-45 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# icmp gateway { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp gateway { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmp gateway != 34 +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0x22000000 ] + diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t new file mode 100644 index 00000000..0339c2ac --- /dev/null +++ b/tests/py/ip/ip.t @@ -0,0 +1,117 @@ +*ip;test-ip4 +*inet;test-inet +:input;type filter hook input priority 0 + +- ip version 2;ok + +# bug ip hdrlength +- ip hdrlength 10;ok +- ip hdrlength != 5;ok +- ip hdrlength 5-8;ok +- ip hdrlength != 3-13;ok +- ip hdrlength {3, 5, 6, 8};ok +- ip hdrlength != {3, 5, 7, 8};ok +- ip hdrlength { 3-5};ok +- ip hdrlength != { 3-59};ok +# ip hdrlength 12 +# :1:1-38: Error: Could not process rule: Invalid argument +# add rule ip test input ip hdrlength 12 +# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +# :1:37-38: Error: Value 22 exceeds valid range 0-15 +# add rule ip test input ip hdrlength 22 + +- ip dscp CS1;ok +- ip dscp != CS1;ok +- ip dscp 0x38;ok +- ip dscp != 0x20;ok +- ip dscp {CS1, CS2, CS3, CS4, CS5, CS6, CS7, BE, AF11, AF12, AF13, AF21, AF22, AF23, AF31, AF32, AF33, AF41, AF42, AF43, EF};ok +- ip dscp {0x08, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x00, 0x0a, 0x0c, 0x0e, 0x12, 0x14, 0x16, 0x1a, 0x1c, 0x1e, 0x22, 0x24, 0x26, 0x2e};ok +- ip dscp != {CS0, CS3};ok + +ip length 232;ok +ip length != 233;ok +ip length 333-435;ok +ip length != 333-453;ok +ip length { 333, 553, 673, 838};ok +- ip length != { 333, 535, 637, 883};ok +ip length { 333-535};ok +- ip length != { 333-553};ok + +ip id 22;ok +ip id != 233;ok +ip id 33-45;ok +ip id != 33-45;ok +ip id { 33, 55, 67, 88};ok +- ip id != { 33, 55, 67, 88};ok +ip id { 33-55};ok +- ip id != { 33-55};ok + +ip frag-off 222 accept;ok +ip frag-off != 233;ok +ip frag-off 33-45;ok +ip frag-off != 33-45;ok +ip frag-off { 33, 55, 67, 88};ok +- ip frag-off != { 33, 55, 67, 88};ok +ip frag-off { 33-55};ok +- ip frag-off != { 33-55};ok + +ip ttl 0 drop;ok +ip ttl 233 log;ok +ip ttl 33-55;ok +ip ttl != 45-50;ok +ip ttl {43, 53, 45 };ok +- ip ttl != {46, 56, 93 };ok +# BUG: ip ttl != {46, 56, 93 };ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +ip ttl { 33-55};ok +- ip ttl != { 33-55};ok + +ip protocol tcp log;ok;ip protocol 6 log +ip protocol != tcp log;ok;ip protocol != 6 log +ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept +- ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok + +ip checksum 13172 drop;ok +ip checksum 22;ok +ip checksum != 233;ok +ip checksum 33-45;ok +ip checksum != 33-45;ok +ip checksum { 33, 55, 67, 88};ok +- ip checksum != { 33, 55, 67, 88};ok +ip checksum { 33-55};ok +- ip checksum != { 33-55};ok + +ip saddr 192.168.2.0/24;ok +ip saddr != 192.168.2.0/24;ok +ip saddr 192.168.3.1 ip daddr 192.168.3.100;ok +ip saddr != 1.1.1.1 log prefix giuseppe;ok;ip saddr != 1.1.1.1 log prefix "giuseppe" +ip saddr 1.1.1.1 log prefix example group 1;ok;ip saddr 1.1.1.1 log prefix "example" group 1 +ip daddr 192.168.0.1-192.168.0.250;ok +ip daddr 10.0.0.0-10.255.255.255;ok +ip daddr 172.16.0.0-172.31.255.255;ok +ip daddr 192.168.3.1-192.168.4.250;ok +ip daddr != 192.168.0.1-192.168.0.250;ok +ip daddr { 192.168.0.1-192.168.0.250};ok +- ip daddr != { 192.168.0.1-192.168.0.250};ok +ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok +- ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok + +ip daddr 192.168.1.2-192.168.1.55;ok +ip daddr != 192.168.1.2-192.168.1.55;ok +ip saddr 192.168.1.3-192.168.33.55;ok +ip saddr != 192.168.1.3-192.168.33.55;ok + +ip daddr 192.168.0.1;ok +ip daddr 192.168.0.1 drop;ok +ip daddr 192.168.0.2 log;ok + +ip saddr \& 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1 +ip saddr \& 0.0.0.255 \< 0.0.0.127;ok;ip saddr & 0.0.0.255 < 0.0.0.127 + +ip saddr \& 0xffff0000 == 0xffff0000;ok;ip saddr 255.255.0.0/16 + +ip version 4 ip hdrlength 5;ok +ip hdrlength 0;ok +ip hdrlength 15;ok +ip hdrlength 16;fail diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload new file mode 100644 index 00000000..da2dc218 --- /dev/null +++ b/tests/py/ip/ip.t.payload @@ -0,0 +1,386 @@ +# ip length 232 +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000e800 ] + +# ip length != 233 +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip length 333-435 +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004d01 ] + [ cmp lte reg 1 0x0000b301 ] + +# ip length != 333-453 +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp lt reg 1 0x00004d01 ] + [ cmp gt reg 1 0x0000c501 ] + +# ip length { 333, 553, 673, 838} +set%d test-ip4 3 +set%d test-ip4 0 + element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip length { 333-535} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip id 22 +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip id != 233 +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip id 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip id != 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip id { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip id { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip frag-off 222 accept +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000de00 ] + [ immediate reg 0 accept ] + +# ip frag-off != 233 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip frag-off 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip frag-off != 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip frag-off { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip frag-off { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip ttl 0 drop +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + [ immediate reg 0 drop ] + +# ip ttl 233 log +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x000000e9 ] + [ log prefix (null) ] + +# ip ttl 33-55 +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x00000037 ] + +# ip ttl != 45-50 +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp lt reg 1 0x0000002d ] + [ cmp gt reg 1 0x00000032 ] + +# ip ttl {43, 53, 45 } +set%d test-ip4 3 +set%d test-ip4 0 + element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip ttl { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip protocol tcp log +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ log prefix (null) ] + +# ip protocol != tcp log +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp neq reg 1 0x00000006 ] + [ log prefix (null) ] + +# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# ip checksum 13172 drop +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp eq reg 1 0x00007433 ] + [ immediate reg 0 drop ] + +# ip checksum 22 +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip checksum != 233 +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip checksum 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip checksum != 33-45 +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip checksum { 33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip checksum { 33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip saddr 192.168.2.0/24 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0002a8c0 ] + +# ip saddr != 192.168.2.0/24 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ cmp neq reg 1 0x0002a8c0 ] + +# ip saddr 192.168.3.1 ip daddr 192.168.3.100 +ip test-ip4 input + [ payload load 8b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ] + +# ip saddr != 1.1.1.1 log prefix giuseppe +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp neq reg 1 0x01010101 ] + [ log prefix giuseppe ] + +# ip saddr 1.1.1.1 log prefix example group 1 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x01010101 ] + [ log prefix example group 1 snaplen 0 qthreshold 0] + +# ip daddr 192.168.0.1-192.168.0.250 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0100a8c0 ] + [ cmp lte reg 1 0xfa00a8c0 ] + +# ip daddr 10.0.0.0-10.255.255.255 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0000000a ] + [ cmp lte reg 1 0xffffff0a ] + +# ip daddr 172.16.0.0-172.31.255.255 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x000010ac ] + [ cmp lte reg 1 0xffff1fac ] + +# ip daddr 192.168.3.1-192.168.4.250 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0103a8c0 ] + [ cmp lte reg 1 0xfa04a8c0 ] + +# ip daddr != 192.168.0.1-192.168.0.250 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp lt reg 1 0x0100a8c0 ] + [ cmp gt reg 1 0xfa00a8c0 ] + +# ip daddr { 192.168.0.1-192.168.0.250} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept +set%d test-ip4 3 +set%d test-ip4 0 + element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# ip daddr 192.168.1.2-192.168.1.55 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0201a8c0 ] + [ cmp lte reg 1 0x3701a8c0 ] + +# ip daddr != 192.168.1.2-192.168.1.55 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp lt reg 1 0x0201a8c0 ] + [ cmp gt reg 1 0x3701a8c0 ] + +# ip saddr 192.168.1.3-192.168.33.55 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp gte reg 1 0x0301a8c0 ] + [ cmp lte reg 1 0x3721a8c0 ] + +# ip saddr != 192.168.1.3-192.168.33.55 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp lt reg 1 0x0301a8c0 ] + [ cmp gt reg 1 0x3721a8c0 ] + +# ip daddr 192.168.0.1 +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + +# ip daddr 192.168.0.1 drop +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + [ immediate reg 0 drop ] + +# ip daddr 192.168.0.2 log +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0200a8c0 ] + [ log prefix (null) ] + +# ip saddr \& 0xff == 1 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x01000000 ] + +# ip saddr \& 0.0.0.255 \< 0.0.0.127 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ cmp lt reg 1 0x7f000000 ] + +# ip saddr \& 0xffff0000 == 0xffff0000 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000ffff ] + +# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} +set%d test-ip 3 +set%d test-ip 0 + element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] +ip test-ip input + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 1b @ network header + 9 => reg 10 ] + [ lookup reg 1 set set%d ] + +# ip version 4 ip hdrlength 5 +ip test-ip4 input + [ payload load 1b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000040 ] + [ payload load 1b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000005 ] + +# ip hdrlength 0 +ip test-ip4 input + [ payload load 1b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# ip hdrlength 15 +ip test-ip4 input + [ payload load 1b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000000f ] + diff --git a/tests/py/ip/ip.t.payload.inet b/tests/py/ip/ip.t.payload.inet new file mode 100644 index 00000000..35f73ff7 --- /dev/null +++ b/tests/py/ip/ip.t.payload.inet @@ -0,0 +1,506 @@ +# ip length 232 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000e800 ] + +# ip length != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip length 333-435 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp gte reg 1 0x00004d01 ] + [ cmp lte reg 1 0x0000b301 ] + +# ip length != 333-453 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ cmp lt reg 1 0x00004d01 ] + [ cmp gt reg 1 0x0000c501 ] + +# ip length { 333, 553, 673, 838} +set%d test-inet 3 +set%d test-inet 0 + element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip length { 333-535} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip id 22 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip id != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip id 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip id != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip id { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip id { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip frag-off 222 accept +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000de00 ] + [ immediate reg 0 accept ] + +# ip frag-off != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip frag-off 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip frag-off != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip frag-off { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip frag-off { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip ttl 0 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + [ immediate reg 0 drop ] + +# ip ttl 233 log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x000000e9 ] + [ log prefix (null) ] + +# ip ttl 33-55 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x00000037 ] + +# ip ttl != 45-50 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ cmp lt reg 1 0x0000002d ] + [ cmp gt reg 1 0x00000032 ] + +# ip ttl {43, 53, 45 } +set%d test-inet 3 +set%d test-inet 0 + element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip ttl { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip protocol tcp log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ log prefix (null) ] + +# ip protocol != tcp log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp neq reg 1 0x00000006 ] + [ log prefix (null) ] + +# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +set%d test-inet 3 +set%d test-inet 0 + element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# ip checksum 13172 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp eq reg 1 0x00007433 ] + [ immediate reg 0 drop ] + +# ip checksum 22 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip checksum != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip checksum 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip checksum != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip checksum { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip checksum { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip saddr 192.168.2.0/24 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0002a8c0 ] + +# ip saddr != 192.168.2.0/24 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] + [ cmp neq reg 1 0x0002a8c0 ] + +# ip saddr 192.168.3.1 ip daddr 192.168.3.100 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 8b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ] + +# ip saddr != 1.1.1.1 log prefix giuseppe +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp neq reg 1 0x01010101 ] + [ log prefix giuseppe ] + +# ip saddr 1.1.1.1 log prefix example group 1 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp eq reg 1 0x01010101 ] + [ log prefix example group 1 snaplen 0 qthreshold 0] + +# ip daddr 192.168.0.1-192.168.0.250 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0100a8c0 ] + [ cmp lte reg 1 0xfa00a8c0 ] + +# ip daddr 10.0.0.0-10.255.255.255 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0000000a ] + [ cmp lte reg 1 0xffffff0a ] + +# ip daddr 172.16.0.0-172.31.255.255 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x000010ac ] + [ cmp lte reg 1 0xffff1fac ] + +# ip daddr 192.168.3.1-192.168.4.250 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0103a8c0 ] + [ cmp lte reg 1 0xfa04a8c0 ] + +# ip daddr != 192.168.0.1-192.168.0.250 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp lt reg 1 0x0100a8c0 ] + [ cmp gt reg 1 0xfa00a8c0 ] + +# ip daddr { 192.168.0.1-192.168.0.250} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept +set%d test-inet 3 +set%d test-inet 0 + element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# ip daddr 192.168.1.2-192.168.1.55 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0201a8c0 ] + [ cmp lte reg 1 0x3701a8c0 ] + +# ip daddr != 192.168.1.2-192.168.1.55 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp lt reg 1 0x0201a8c0 ] + [ cmp gt reg 1 0x3701a8c0 ] + +# ip saddr 192.168.1.3-192.168.33.55 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp gte reg 1 0x0301a8c0 ] + [ cmp lte reg 1 0x3721a8c0 ] + +# ip saddr != 192.168.1.3-192.168.33.55 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ cmp lt reg 1 0x0301a8c0 ] + [ cmp gt reg 1 0x3721a8c0 ] + +# ip daddr 192.168.0.1 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + +# ip daddr 192.168.0.1 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0100a8c0 ] + [ immediate reg 0 drop ] + +# ip daddr 192.168.0.2 log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x0200a8c0 ] + [ log prefix (null) ] + +# ip saddr \& 0xff == 1 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x01000000 ] + +# ip saddr \& 0.0.0.255 \< 0.0.0.127 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] + [ cmp lt reg 1 0x7f000000 ] + +# ip saddr \& 0xffff0000 == 0xffff0000 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000ffff ] + +# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} +set%d test-ip 3 +set%d test-ip 0 + element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] +inet test-ip input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ payload load 1b @ network header + 9 => reg 10 ] + [ lookup reg 1 set set%d ] + +# ip version 4 ip hdrlength 5 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000040 ] + [ payload load 1b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000005 ] + +# ip hdrlength 0 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + +# ip hdrlength 15 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0000000f ] + diff --git a/tests/py/ip/masquerade.t b/tests/py/ip/masquerade.t new file mode 100644 index 00000000..35001f37 --- /dev/null +++ b/tests/py/ip/masquerade.t @@ -0,0 +1,25 @@ +*ip;test-ip4 +:postrouting;type nat hook postrouting priority 0 + +# nf_nat flags combination +udp dport 53 masquerade;ok +udp dport 53 masquerade random;ok +udp dport 53 masquerade random,persistent;ok +udp dport 53 masquerade random,persistent,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent +udp dport 53 masquerade random,fully-random;ok +udp dport 53 masquerade random,fully-random,persistent;ok +udp dport 53 masquerade persistent;ok +udp dport 53 masquerade persistent,random;ok;udp dport 53 masquerade random,persistent +udp dport 53 masquerade persistent,random,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent +udp dport 53 masquerade persistent,fully-random;ok;udp dport 53 masquerade fully-random,persistent +udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerade random,fully-random,persistent + +# masquerade is a terminal statement +tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail +tcp sport 22 masquerade accept;fail +ip saddr 10.1.1.1 masquerade drop;fail + +# masquerade with sets +tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade;ok +ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 masquerade;ok +iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade;ok diff --git a/tests/py/ip/masquerade.t.payload b/tests/py/ip/masquerade.t.payload new file mode 100644 index 00000000..9390f0cf --- /dev/null +++ b/tests/py/ip/masquerade.t.payload @@ -0,0 +1,127 @@ +# udp dport 53 masquerade +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq ] + +# udp dport 53 masquerade random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x4 ] + +# udp dport 53 masquerade random,persistent +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade random,persistent,fully-random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade random,fully-random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x14 ] + +# udp dport 53 masquerade random,fully-random,persistent +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x8 ] + +# udp dport 53 masquerade persistent,random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade persistent,random,fully-random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent,fully-random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x18 ] + +# udp dport 53 masquerade persistent,fully-random,random +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade +set%d test-ip4 3 +set%d test-ip4 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip test-ip4 postrouting + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ masq ] + +# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 masquerade +ip test-ip4 postrouting + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0000000a ] + [ cmp lte reg 1 0x0403020a ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ masq ] + +# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade +map%d test-ip4 b +map%d test-ip4 0 + element 00001600 : 0 [end] element 0000de00 : 0 [end] +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + [ masq ] + diff --git a/tests/py/ip/redirect.t b/tests/py/ip/redirect.t new file mode 100644 index 00000000..b7eecb74 --- /dev/null +++ b/tests/py/ip/redirect.t @@ -0,0 +1,45 @@ +*ip;test-ip4 +:output;type nat hook output priority 0 + +# without arguments +udp dport 53 redirect;ok + +# nf_nat flags combination +udp dport 53 redirect random;ok +udp dport 53 redirect random,persistent;ok +udp dport 53 redirect random,persistent,fully-random;ok;udp dport 53 redirect random,fully-random,persistent +udp dport 53 redirect random,fully-random;ok +udp dport 53 redirect random,fully-random,persistent;ok +udp dport 53 redirect persistent;ok +udp dport 53 redirect persistent,random;ok;udp dport 53 redirect random,persistent +udp dport 53 redirect persistent,random,fully-random;ok;udp dport 53 redirect random,fully-random,persistent +udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-random,persistent +udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent + +# port specification +tcp dport 22 redirect to 22;ok +udp dport 1234 redirect to 4321;ok +ip daddr 172.16.0.1 udp dport 9998 redirect to 6515;ok +tcp dport 39128 redirect to 993;ok +redirect to 1234;fail +redirect to 12341111;fail + +# both port and nf_nat flags +tcp dport 9128 redirect to 993 random;ok +tcp dport 9128 redirect to 993 fully-random;ok +tcp dport 9128 redirect to 123 persistent;ok +tcp dport 9128 redirect to 123 random,persistent;ok + +# nf_nat flags is the last argument +udp dport 1234 redirect random to 123;fail +udp dport 21234 redirect persistent,fully-random to 431;fail + +# redirect is a terminal statement +tcp dport 22 redirect counter packets 0 bytes 0 accept;fail +tcp sport 22 redirect accept;fail +ip saddr 10.1.1.1 redirect drop;fail + +# redirect with sets +tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok +ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect;ok +iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok diff --git a/tests/py/ip/redirect.t.payload b/tests/py/ip/redirect.t.payload new file mode 100644 index 00000000..ac718043 --- /dev/null +++ b/tests/py/ip/redirect.t.payload @@ -0,0 +1,201 @@ +# udp dport 53 redirect +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir ] + +# udp dport 53 redirect random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x4 ] + +# udp dport 53 redirect random,persistent +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0xc ] + +# udp dport 53 redirect random,persistent,fully-random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 53 redirect random,fully-random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x14 ] + +# udp dport 53 redirect random,fully-random,persistent +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 53 redirect persistent +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x8 ] + +# udp dport 53 redirect persistent,random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0xc ] + +# udp dport 53 redirect persistent,random,fully-random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 53 redirect persistent,fully-random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x18 ] + +# udp dport 53 redirect persistent,fully-random,random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# tcp dport 22 redirect to 22 +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ immediate reg 1 0x00001600 ] + [ redir proto_min reg 1 ] + +# udp dport 1234 redirect to 4321 +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 1 0x0000e110 ] + [ redir proto_min reg 1 ] + +# ip daddr 172.16.0.1 udp dport 9998 redirect to 6515 +ip test-ip4 output + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x010010ac ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00000e27 ] + [ immediate reg 1 0x00007319 ] + [ redir proto_min reg 1 ] + +# tcp dport 39128 redirect to 993 +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000d898 ] + [ immediate reg 1 0x0000e103 ] + [ redir proto_min reg 1 ] + +# tcp dport 9128 redirect to 993 random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x0000e103 ] + [ redir proto_min reg 1 flags 0x4 ] + +# tcp dport 9128 redirect to 993 fully-random +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x0000e103 ] + [ redir proto_min reg 1 flags 0x10 ] + +# tcp dport 9128 redirect to 123 persistent +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x00007b00 ] + [ redir proto_min reg 1 flags 0x8 ] + +# tcp dport 9128 redirect to 123 random,persistent +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x00007b00 ] + [ redir proto_min reg 1 flags 0xc ] + +# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect +set%d test-ip4 3 +set%d test-ip4 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ redir ] + +# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect +ip test-ip4 output + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp gte reg 1 0x0000000a ] + [ cmp lte reg 1 0x0403020a ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ redir ] + +# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect +map%d test-ip4 b +map%d test-ip4 0 + element 00001600 : 0 [end] element 0000de00 : 0 [end] +ip test-ip4 output + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + [ redir ] + diff --git a/tests/py/ip/reject.t b/tests/py/ip/reject.t new file mode 100644 index 00000000..70a63a0b --- /dev/null +++ b/tests/py/ip/reject.t @@ -0,0 +1,14 @@ +*ip;test-ip4 +:output;type filter hook output priority 0 + +reject;ok +reject with icmp type host-unreachable;ok +reject with icmp type net-unreachable;ok +reject with icmp type prot-unreachable;ok +reject with icmp type port-unreachable;ok;reject +reject with icmp type net-prohibited;ok +reject with icmp type host-prohibited;ok +reject with icmp type admin-prohibited;ok + +reject with icmp type no-route;fail +reject with icmpv6 type no-route;fail diff --git a/tests/py/ip/reject.t.payload b/tests/py/ip/reject.t.payload new file mode 100644 index 00000000..d5e87665 --- /dev/null +++ b/tests/py/ip/reject.t.payload @@ -0,0 +1,32 @@ +# reject +ip test-ip4 output + [ reject type 0 code 3 ] + +# reject with icmp type host-unreachable +ip test-ip4 output + [ reject type 0 code 1 ] + +# reject with icmp type net-unreachable +ip test-ip4 output + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +ip test-ip4 output + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +ip test-ip4 output + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +ip test-ip4 output + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +ip test-ip4 output + [ reject type 0 code 10 ] + +# reject with icmp type admin-prohibited +ip test-ip4 output + [ reject type 0 code 13 ] + diff --git a/tests/py/ip/sets.t b/tests/py/ip/sets.t new file mode 100644 index 00000000..c199dbd2 --- /dev/null +++ b/tests/py/ip/sets.t @@ -0,0 +1,30 @@ +*ip;test-ip4 +*inet;test-inet +:input;type filter hook input priority 0 + +!set_ipv4_add ipv4_addr;ok +!set_inet inet_proto;ok +!set_inet_serv inet_service;ok +!set_time time;ok + +!set1 ipv4_addr;ok +?set1 192.168.3.4;ok + +?set1 192.168.3.4;fail +?set1 192.168.3.5 192.168.3.6;ok +?set1 192.168.3.5 192.168.3.6;fail +?set1 192.168.3.8 192.168.3.9;ok +?set1 192.168.3.10 192.168.3.11;ok +?set1 1234:1234:1234:1234:1234:1234:1234:1234;fail +?set2 192.168.3.4;fail + +!set2 ipv4_addr;ok +?set2 192.168.3.4;ok +?set2 192.168.3.5 192.168.3.6;ok +?set2 192.168.3.5 192.168.3.6;fail +?set2 192.168.3.8 192.168.3.9;ok +?set2 192.168.3.10 192.168.3.11;ok + +ip saddr @set1 drop;ok +ip saddr @set2 drop;ok +ip saddr @set33 drop;fail diff --git a/tests/py/ip/sets.t.payload.inet b/tests/py/ip/sets.t.payload.inet new file mode 100644 index 00000000..f8e97ccb --- /dev/null +++ b/tests/py/ip/sets.t.payload.inet @@ -0,0 +1,16 @@ +# ip saddr @set1 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set1 ] + [ immediate reg 0 drop ] + +# ip saddr @set2 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/py/ip/sets.t.payload.ip b/tests/py/ip/sets.t.payload.ip new file mode 100644 index 00000000..ece63d0e --- /dev/null +++ b/tests/py/ip/sets.t.payload.ip @@ -0,0 +1,12 @@ +# ip saddr @set1 drop +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set1 ] + [ immediate reg 0 drop ] + +# ip saddr @set2 drop +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/py/ip/snat.t b/tests/py/ip/snat.t new file mode 100644 index 00000000..1caf7c76 --- /dev/null +++ b/tests/py/ip/snat.t @@ -0,0 +1,12 @@ +*ip;test-ip4 +:postrouting;type nat hook postrouting priority 0 + +iifname "eth0" tcp dport 80-90 snat 192.168.3.2;ok +iifname "eth0" tcp dport != 80-90 snat 192.168.3.2;ok +iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2;ok +- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok +- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +iifname "eth0" tcp dport != 23-34 snat 192.168.3.2;ok diff --git a/tests/py/ip/snat.t.payload b/tests/py/ip/snat.t.payload new file mode 100644 index 00000000..32ba4fa8 --- /dev/null +++ b/tests/py/ip/snat.t.payload @@ -0,0 +1,50 @@ +# iifname "eth0" tcp dport 80-90 snat 192.168.3.2 +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport != 80-90 snat 192.168.3.2 +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00005000 ] + [ cmp gt reg 1 0x00005a00 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2 +set%d test-ip4 3 +set%d test-ip4 0 + element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 1 0x0203a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 0 ] + +# iifname "eth0" tcp dport != 23-34 snat 192.168.3.2 +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp lt reg 1 0x00001700 ] + [ cmp gt reg 1 0x00002200 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 0 ] + diff --git a/tests/py/ip6/chains.t b/tests/py/ip6/chains.t new file mode 100644 index 00000000..c1e41e47 --- /dev/null +++ b/tests/py/ip6/chains.t @@ -0,0 +1,17 @@ +*ip6;test-ip6 + +# filter chains available are: input, output, forward, forward, prerouting and postrouting. +:filter-input;type filter hook input priority 0 +:filter-prer;type filter hook prerouting priority 0 +:filter-forw-t;type filter hook forward priority 0 +:filter-out-t;type filter hook output priority 0 +:filter-post-t;type filter hook postrouting priority 0 + +# nat chains available are: input, output, forward, prerouting and postrouting. +:nat-input;type nat hook input priority 0 +:nat-prerouting;type nat hook prerouting priority 0 +:nat-output;type nat hook output priority 0 +:nat-postrou;type nat hook postrouting priority 0 + +# route chain available is output. +:route-out;type route hook output priority 0 diff --git a/tests/py/ip6/dnat.t b/tests/py/ip6/dnat.t new file mode 100644 index 00000000..83412258 --- /dev/null +++ b/tests/py/ip6/dnat.t @@ -0,0 +1,5 @@ +*ip6;test-ip6 +:prerouting;type nat hook prerouting priority 0 + +tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100;ok +tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok;tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::100 diff --git a/tests/py/ip6/dnat.t.payload.ip6 b/tests/py/ip6/dnat.t.payload.ip6 new file mode 100644 index 00000000..13c7a0e3 --- /dev/null +++ b/tests/py/ip6/dnat.t.payload.ip6 @@ -0,0 +1,25 @@ +# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100 +ip6 test-ip6 prerouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00005000 ] + [ immediate reg 4 0x00006400 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] + +# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100 +ip6 test-ip6 prerouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00006400 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] + diff --git a/tests/py/ip6/dst.t b/tests/py/ip6/dst.t new file mode 100644 index 00000000..3207af76 --- /dev/null +++ b/tests/py/ip6/dst.t @@ -0,0 +1,25 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +dst nexthdr 22;ok +dst nexthdr != 233;ok +dst nexthdr 33-45;ok +dst nexthdr != 33-45;ok +dst nexthdr { 33, 55, 67, 88};ok +- dst nexthdr != { 33, 55, 67, 88};ok +dst nexthdr { 33-55};ok +- dst nexthdr != { 33-55};ok +dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;dst nexthdr { 51, 50, 17, 136, 58, 6, 33, 132, 108} +- dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok +dst nexthdr icmp;ok;dst nexthdr 1 +dst nexthdr != icmp;ok;dst nexthdr != 1 + +dst hdrlength 22;ok +dst hdrlength != 233;ok +dst hdrlength 33-45;ok +dst hdrlength != 33-45;ok +dst hdrlength { 33, 55, 67, 88};ok +- dst hdrlength != { 33, 55, 67, 88};ok +dst hdrlength { 33-55};ok +- dst hdrlength != { 33-55};ok diff --git a/tests/py/ip6/dst.t.payload.inet b/tests/py/ip6/dst.t.payload.inet new file mode 100644 index 00000000..7a219f41 --- /dev/null +++ b/tests/py/ip6/dst.t.payload.inet @@ -0,0 +1,94 @@ +# dst nexthdr 22 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst nexthdr != 233 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst nexthdr 33-45 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst nexthdr != 33-45 +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst nexthdr { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-inet 3 +set%d test-inet 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr icmp +inet test-inet input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# dst nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# dst hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst hdrlength { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/dst.t.payload.ip6 b/tests/py/ip6/dst.t.payload.ip6 new file mode 100644 index 00000000..3c778f93 --- /dev/null +++ b/tests/py/ip6/dst.t.payload.ip6 @@ -0,0 +1,95 @@ +# dst nexthdr 22 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst nexthdr != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst nexthdr 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst nexthdr != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst nexthdr { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst nexthdr icmp +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# dst nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# dst hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# dst hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# dst hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# dst hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# dst hdrlength { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# dst hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 60 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + + diff --git a/tests/py/ip6/dup.t b/tests/py/ip6/dup.t new file mode 100644 index 00000000..34f302f2 --- /dev/null +++ b/tests/py/ip6/dup.t @@ -0,0 +1,6 @@ +*ip6;test-ip6 +:input;type filter hook input priority 0 + +dup to abcd::1;ok +dup to abcd::1 device eth0;ok +dup to ip6 saddr map { abcd::1 : cafe::cafe } device eth0;ok diff --git a/tests/py/ip6/dup.t.payload b/tests/py/ip6/dup.t.payload new file mode 100644 index 00000000..1df414cd --- /dev/null +++ b/tests/py/ip6/dup.t.payload @@ -0,0 +1,21 @@ +# dup to abcd::1 +ip6 test test + [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ] + [ dup sreg_addr 1 ] + +# dup to abcd::1 device eth0 +ip6 test test + [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ] + [ immediate reg 2 0x00000002 ] + [ dup sreg_addr 1 sreg_dev 2 ] + +# dup to ip6 saddr map { abcd::1 : cafe::cafe } device eth0 +map%d test-ip6 b +map%d test-ip6 0 + element 0000cdab 00000000 00000000 01000000 : 0000feca 00000000 00000000 feca0000 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 1 ] + [ immediate reg 2 0x00000002 ] + [ dup sreg_addr 1 sreg_dev 2 ] + diff --git a/tests/py/ip6/ether.t b/tests/py/ip6/ether.t new file mode 100644 index 00000000..98be273f --- /dev/null +++ b/tests/py/ip6/ether.t @@ -0,0 +1,8 @@ +*ip6;test-ip6 + +:input;type filter hook input priority 0 + +tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 accept +tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 +tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2;ok +ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept;ok diff --git a/tests/py/ip6/ether.t.payload b/tests/py/ip6/ether.t.payload new file mode 100644 index 00000000..c7342cc0 --- /dev/null +++ b/tests/py/ip6/ether.t.payload @@ -0,0 +1,49 @@ +# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + +# ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept +ip6 test-ip6 input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] + [ immediate reg 0 accept ] diff --git a/tests/py/ip6/hbh.t b/tests/py/ip6/hbh.t new file mode 100644 index 00000000..4e67c42a --- /dev/null +++ b/tests/py/ip6/hbh.t @@ -0,0 +1,25 @@ +*ip6;test-ip6 +*inet;test-inet +:filter-input;type filter hook input priority 0 + +hbh hdrlength 22;ok +hbh hdrlength != 233;ok +hbh hdrlength 33-45;ok +hbh hdrlength != 33-45;ok +hbh hdrlength {33, 55, 67, 88};ok +- hbh hdrlength != {33, 55, 67, 88};ok +hbh hdrlength { 33-55};ok +- hbh hdrlength != {33-55};ok + +hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;hbh nexthdr { 58, 136, 51, 50, 6, 17, 132, 33, 108} +- hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok +hbh nexthdr 22;ok +hbh nexthdr != 233;ok +hbh nexthdr 33-45;ok +hbh nexthdr != 33-45;ok +hbh nexthdr {33, 55, 67, 88};ok +- hbh nexthdr != {33, 55, 67, 88};ok +hbh nexthdr { 33-55};ok +- hbh nexthdr != {33-55};ok +hbh nexthdr ip;ok;hbh nexthdr 0 +hbh nexthdr != ip;ok;hbh nexthdr != 0 diff --git a/tests/py/ip6/hbh.t.payload.inet b/tests/py/ip6/hbh.t.payload.inet new file mode 100644 index 00000000..2b4c9c77 --- /dev/null +++ b/tests/py/ip6/hbh.t.payload.inet @@ -0,0 +1,94 @@ +# hbh hdrlength 22 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh hdrlength != 233 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh hdrlength 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh hdrlength != 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh hdrlength {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh hdrlength { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-inet 3 +set%d test-inet 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr 22 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh nexthdr != 233 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh nexthdr 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh nexthdr != 33-45 +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh nexthdr {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr ip +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# hbh nexthdr != ip +inet test-inet filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + diff --git a/tests/py/ip6/hbh.t.payload.ip6 b/tests/py/ip6/hbh.t.payload.ip6 new file mode 100644 index 00000000..a201ef56 --- /dev/null +++ b/tests/py/ip6/hbh.t.payload.ip6 @@ -0,0 +1,94 @@ +# hbh hdrlength 22 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh hdrlength != 233 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh hdrlength 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh hdrlength != 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh hdrlength {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr 22 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# hbh nexthdr != 233 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# hbh nexthdr 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# hbh nexthdr != 33-45 +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# hbh nexthdr {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# hbh nexthdr ip +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# hbh nexthdr != ip +ip6 test-ip6 filter-input + [ exthdr load 1b @ 0 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + diff --git a/tests/py/ip6/icmpv6.t b/tests/py/ip6/icmpv6.t new file mode 100644 index 00000000..fca903f6 --- /dev/null +++ b/tests/py/ip6/icmpv6.t @@ -0,0 +1,96 @@ +*ip6;test-ip6 +# BUG: There is a bug with icmpv6 and inet tables +# *inet;test-inet +:input;type filter hook input priority 0 + +icmpv6 type destination-unreachable accept;ok +icmpv6 type packet-too-big accept;ok +icmpv6 type time-exceeded accept;ok +icmpv6 type echo-request accept;ok +icmpv6 type echo-reply accept;ok +icmpv6 type mld-listener-query accept;ok +icmpv6 type mld-listener-report accept;ok +icmpv6 type mld-listener-reduction accept;ok +icmpv6 type nd-router-solicit accept;ok +icmpv6 type nd-router-advert accept;ok +icmpv6 type nd-neighbor-solicit accept;ok +icmpv6 type nd-neighbor-advert accept;ok +icmpv6 type nd-redirect accept;ok +icmpv6 type router-renumbering accept;ok +icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept;ok +icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept;ok +icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept;ok +- icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept;ok + +icmpv6 code 4;ok +icmpv6 code 3-66;ok +icmpv6 code {5, 6, 7} accept;ok +- icmpv6 code != {3, 66, 34};ok +icmpv6 code { 3-66};ok +- icmpv6 code != { 3-44};ok + +icmpv6 checksum 2222 log;ok +icmpv6 checksum != 2222 log;ok +icmpv6 checksum 222-226;ok +icmpv6 checksum != 2222 log;ok +icmpv6 checksum { 222, 226};ok +- icmpv6 checksum != { 222, 226};ok +icmpv6 checksum { 222-226};ok +- icmpv6 checksum != { 222-226};ok + +# BUG: icmpv6 parameter-problem, pptr, mtu, packet-too-big +# [ICMP6HDR_PPTR] = ICMP6HDR_FIELD("parameter-problem", icmp6_pptr), +# [ICMP6HDR_MTU] = ICMP6HDR_FIELD("packet-too-big", icmp6_mtu), +# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 35 +# :1:53-53: Error: syntax error, unexpected end of file +# add rule ip6 test6 input icmpv6 parameter-problem 35 +# ^ +# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem +# :1:26-31: Error: Value 58 exceeds valid range 0-0 +# add rule ip6 test6 input icmpv6 parameter-problem +# ^^^^^^ +# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 2-4 +# :1:54-54: Error: syntax error, unexpected end of file +# add rule ip6 test6 input icmpv6 parameter-problem 2-4 + +# BUG: packet-too-big +# $ sudo nft add rule ip6 test6 input icmpv6 packet-too-big 34 +# :1:50-50: Error: syntax error, unexpected end of file +# add rule ip6 test6 input icmpv6 packet-too-big 34 + +icmpv6 mtu 22;ok +icmpv6 mtu != 233;ok +icmpv6 mtu 33-45;ok +icmpv6 mtu != 33-45;ok +icmpv6 mtu {33, 55, 67, 88};ok +- icmpv6 mtu != {33, 55, 67, 88};ok +icmpv6 mtu {33-55};ok +- icmpv6 mtu != {33-55};ok + +- icmpv6 id 2;ok +- icmpv6 id != 233;ok +icmpv6 id 33-45;ok +icmpv6 id != 33-45;ok +icmpv6 id {33, 55, 67, 88};ok +- icmpv6 id != {33, 55, 67, 88};ok +icmpv6 id {33-55};ok +- icmpv6 id != {33-55};ok + +icmpv6 sequence 2;ok +icmpv6 sequence {3, 4, 5, 6, 7} accept;ok + +icmpv6 sequence {2, 4};ok +- icmpv6 sequence != {2, 4};ok +icmpv6 sequence 2-4;ok +icmpv6 sequence != 2-4;ok +icmpv6 sequence { 2-4};ok +- icmpv6 sequence != {2-4};ok + +- icmpv6 max-delay 22;ok +- icmpv6 max-delay != 233;ok +icmpv6 max-delay 33-45;ok +icmpv6 max-delay != 33-45;ok +icmpv6 max-delay {33, 55, 67, 88};ok +- icmpv6 max-delay != {33, 55, 67, 88};ok +icmpv6 max-delay {33-55};ok +- icmpv6 max-delay != {33-55};ok diff --git a/tests/py/ip6/icmpv6.t.payload.ip6 b/tests/py/ip6/icmpv6.t.payload.ip6 new file mode 100644 index 00000000..55af9d8d --- /dev/null +++ b/tests/py/ip6/icmpv6.t.payload.ip6 @@ -0,0 +1,409 @@ +# icmpv6 type destination-unreachable accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + +# icmpv6 type packet-too-big accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ immediate reg 0 accept ] + +# icmpv6 type time-exceeded accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000003 ] + [ immediate reg 0 accept ] + +# icmpv6 type echo-request accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000080 ] + [ immediate reg 0 accept ] + +# icmpv6 type echo-reply accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ immediate reg 0 accept ] + +# icmpv6 type mld-listener-query accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000082 ] + [ immediate reg 0 accept ] + +# icmpv6 type mld-listener-report accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000083 ] + [ immediate reg 0 accept ] + +# icmpv6 type mld-listener-reduction accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000084 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-router-solicit accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000085 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-router-advert accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000086 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-neighbor-solicit accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000087 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-neighbor-advert accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000088 ] + [ immediate reg 0 accept ] + +# icmpv6 type nd-redirect accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x00000089 ] + [ immediate reg 0 accept ] + +# icmpv6 type router-renumbering accept +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ cmp eq reg 1 0x0000008a ] + [ immediate reg 0 accept ] + +# icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000001 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 0000008a : 0 [end] element 00000084 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000082 : 0 [end] element 00000003 : 0 [end] element 00000086 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 code 4 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + +# icmpv6 code 3-66 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ cmp gte reg 1 0x00000003 ] + [ cmp lte reg 1 0x00000042 ] + +# icmpv6 code {5, 6, 7} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 code { 3-66} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000003 : 0 [end] element 00000043 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 checksum 2222 log +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000ae08 ] + [ log prefix (null) ] + +# icmpv6 checksum != 2222 log +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000ae08 ] + [ log prefix (null) ] + +# icmpv6 checksum 222-226 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x0000de00 ] + [ cmp lte reg 1 0x0000e200 ] + +# icmpv6 checksum != 2222 log +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp neq reg 1 0x0000ae08 ] + [ log prefix (null) ] + +# icmpv6 checksum { 222, 226} +set%d test-ip6 3 +set%d test-ip6 0 + element 0000de00 : 0 [end] element 0000e200 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 checksum { 222-226} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 0000de00 : 0 [end] element 0000e300 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 mtu 22 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp eq reg 1 0x16000000 ] + +# icmpv6 mtu != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp neq reg 1 0xe9000000 ] + +# icmpv6 mtu 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# icmpv6 mtu != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# icmpv6 mtu {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 mtu {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 id 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmpv6 id != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmpv6 id {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 id {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 sequence 2 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000200 ] + +# icmpv6 sequence {3, 4, 5, 6, 7} accept +set%d test-ip6 3 +set%d test-ip6 0 + element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + [ immediate reg 0 accept ] + +# icmpv6 sequence {2, 4} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000200 : 0 [end] element 00000400 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 sequence 2-4 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp gte reg 1 0x00000200 ] + [ cmp lte reg 1 0x00000400 ] + +# icmpv6 sequence != 2-4 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ cmp lt reg 1 0x00000200 ] + [ cmp gt reg 1 0x00000400 ] + +# icmpv6 sequence { 2-4} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000200 : 0 [end] element 00000500 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 max-delay 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# icmpv6 max-delay != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# icmpv6 max-delay {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# icmpv6 max-delay {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x0000003a ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/ip6.t b/tests/py/ip6/ip6.t new file mode 100644 index 00000000..d4c5c7e3 --- /dev/null +++ b/tests/py/ip6/ip6.t @@ -0,0 +1,143 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +# BUG: Problem with version, priority +# :1:1-38: Error: Could not process rule: Invalid argument +# add rule ip6 test6 input ip6 version 1 +# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- ip6 version 6;ok +- ip6 priority 3;ok + +# $ sudo nft add rule ip6 test6 input ip6 priority 33 +# :1:39-40: Error: Value 33 exceeds valid range 0-15 +# $ sudo nft add rule ip6 test6 input ip6 priority 3 +# :1:1-39: Error: Could not process rule: Invalid argument +# add rule ip6 test6 input ip6 priority 3 +#^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +ip6 flowlabel 22;ok +ip6 flowlabel != 233;ok +- ip6 flowlabel 33-45;ok +- ip6 flowlabel != 33-45;ok +ip6 flowlabel { 33, 55, 67, 88};ok +# BUG ip6 flowlabel { 5046528, 2883584, 13522432 } +- ip6 flowlabel != { 33, 55, 67, 88};ok +ip6 flowlabel { 33-55};ok +- ip6 flowlabel != { 33-55};ok + +ip6 length 22;ok +ip6 length != 233;ok +ip6 length 33-45;ok +ip6 length != 33-45;ok +- ip6 length { 33, 55, 67, 88};ok +- ip6 length != {33, 55, 67, 88};ok +ip6 length { 33-55};ok +- ip6 length != { 33-55};ok + +ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log;ok;ip6 nexthdr { 132, 51, 108, 136, 17, 33, 6} log +ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;ip6 nexthdr { 6, 136, 108, 33, 50, 17, 132, 58, 51} +- ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok +ip6 nexthdr esp;ok;ip6 nexthdr 50 +ip6 nexthdr != esp;ok;ip6 nexthdr != 50 +ip6 nexthdr { 33-44};ok +- p6 nexthdr != { 33-44};ok +ip6 nexthdr 33-44;ok +ip6 nexthdr != 33-44;ok + +ip6 hoplimit 1 log;ok +ip6 hoplimit != 233;ok +ip6 hoplimit 33-45;ok +ip6 hoplimit != 33-45;ok +ip6 hoplimit {33, 55, 67, 88};ok +- ip6 hoplimit != {33, 55, 67, 88};ok +ip6 hoplimit {33-55};ok +- ip6 hoplimit != {33-55};ok + +# from src/scanner.l +# v680 (({hex4}:){7}{hex4}) +ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234;ok +# v670 ((:)(:{hex4}{7})) +ip6 saddr ::1234:1234:1234:1234:1234:1234:1234;ok;ip6 saddr 0:1234:1234:1234:1234:1234:1234:1234 +# v671 ((({hex4}:){1})(:{hex4}{6})) +ip6 saddr 1234::1234:1234:1234:1234:1234:1234;ok;ip6 saddr 1234:0:1234:1234:1234:1234:1234:1234 +# v672 ((({hex4}:){2})(:{hex4}{5})) +ip6 saddr 1234:1234::1234:1234:1234:1234:1234;ok;ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 +ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234;ok +# v673 ((({hex4}:){3})(:{hex4}{4})) +ip6 saddr 1234:1234:1234::1234:1234:1234:1234;ok;ip6 saddr 1234:1234:1234:0:1234:1234:1234:1234 +# v674 ((({hex4}:){4})(:{hex4}{3})) +ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234;ok +# v675 ((({hex4}:){5})(:{hex4}{2})) +ip6 saddr 1234:1234:1234:1234:1234::1234:1234;ok;ip6 saddr 1234:1234:1234:1234:1234:0:1234:1234 +# v676 ((({hex4}:){6})(:{hex4}{1})) +ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234;ok +# v677 ((({hex4}:){7})(:)) +ip6 saddr 1234:1234:1234:1234:1234:1234:1234::;ok;ip6 saddr 1234:1234:1234:1234:1234:1234:1234:0 +# v67 ({v670}|{v671}|{v672}|{v673}|{v674}|{v675}|{v676}|{v677}) +# v660 ((:)(:{hex4}{6})) +ip6 saddr ::1234:1234:1234:1234:1234:1234;ok +# v661 ((({hex4}:){1})(:{hex4}{5})) +ip6 saddr 1234::1234:1234:1234:1234:1234;ok +# v662 ((({hex4}:){2})(:{hex4}{4})) +ip6 saddr 1234:1234::1234:1234:1234:1234;ok +# v663 ((({hex4}:){3})(:{hex4}{3})) +ip6 saddr 1234:1234:1234::1234:1234:1234;ok +# v664 ((({hex4}:){4})(:{hex4}{2})) +ip6 saddr 1234:1234:1234:1234::1234:1234;ok +# v665 ((({hex4}:){5})(:{hex4}{1})) +ip6 saddr 1234:1234:1234:1234:1234::1234;ok +# v666 ((({hex4}:){6})(:)) +ip6 saddr 1234:1234:1234:1234:1234:1234::;ok +# v66 ({v660}|{v661}|{v662}|{v663}|{v664}|{v665}|{v666}) +# v650 ((:)(:{hex4}{5})) +ip6 saddr ::1234:1234:1234:1234:1234;ok +# v651 ((({hex4}:){1})(:{hex4}{4})) +ip6 saddr 1234::1234:1234:1234:1234;ok +# v652 ((({hex4}:){2})(:{hex4}{3})) +ip6 saddr 1234:1234::1234:1234:1234;ok +# v653 ((({hex4}:){3})(:{hex4}{2})) +ip6 saddr 1234:1234:1234::1234:1234;ok +# v654 ((({hex4}:){4})(:{hex4}{1})) +ip6 saddr 1234:1234:1234:1234::1234;ok +# v655 ((({hex4}:){5})(:)) +ip6 saddr 1234:1234:1234:1234:1234::;ok +# v65 ({v650}|{v651}|{v652}|{v653}|{v654}|{v655}) +# v640 ((:)(:{hex4}{4})) +ip6 saddr ::1234:1234:1234:1234;ok +# v641 ((({hex4}:){1})(:{hex4}{3})) +ip6 saddr 1234::1234:1234:1234;ok +# v642 ((({hex4}:){2})(:{hex4}{2})) +ip6 saddr 1234:1234::1234:1234;ok +# v643 ((({hex4}:){3})(:{hex4}{1})) +ip6 saddr 1234:1234:1234::1234;ok +# v644 ((({hex4}:){4})(:)) +ip6 saddr 1234:1234:1234:1234::;ok +# v64 ({v640}|{v641}|{v642}|{v643}|{v644}) +# v630 ((:)(:{hex4}{3})) +ip6 saddr ::1234:1234:1234;ok +# v631 ((({hex4}:){1})(:{hex4}{2})) +ip6 saddr 1234::1234:1234;ok +# v632 ((({hex4}:){2})(:{hex4}{1})) +ip6 saddr 1234:1234::1234;ok +# v633 ((({hex4}:){3})(:)) +ip6 saddr 1234:1234:1234::;ok +# v63 ({v630}|{v631}|{v632}|{v633}) +# v620 ((:)(:{hex4}{2})) +ip6 saddr ::1234:1234;ok;ip6 saddr ::18.52.18.52 +# v621 ((({hex4}:){1})(:{hex4}{1})) +ip6 saddr 1234::1234;ok +# v622 ((({hex4}:){2})(:)) +ip6 saddr 1234:1234::;ok +# v62 ({v620}|{v621}|{v622}) +# v610 ((:)(:{hex4}{1})) +ip6 saddr ::1234;ok +# v611 ((({hex4}:){1})(:)) +ip6 saddr 1234::;ok +# v61 ({v610}|{v611}) +# v60 (::) +ip6 saddr ::/64;ok + +- ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 };ok +ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234;ok;ip6 daddr != 0:1234:1234:1234:1234:1234:1234:1234-1234:1234:0:1234:1234:1234:1234:1234 diff --git a/tests/py/ip6/ip6.t.payload.inet b/tests/py/ip6/ip6.t.payload.inet new file mode 100644 index 00000000..b4fd2779 --- /dev/null +++ b/tests/py/ip6/ip6.t.payload.inet @@ -0,0 +1,461 @@ +# ip6 flowlabel 22 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp eq reg 1 0x00160000 ] + +# ip6 flowlabel != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp neq reg 1 0x00e90000 ] + +# ip6 flowlabel { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 flowlabel { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 length 22 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip6 length != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip6 length 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip6 length != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip6 length { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log +set%d test-inet 3 +set%d test-inet 0 + element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + [ log prefix (null) ] + +# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-inet 3 +set%d test-inet 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr esp +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ip6 nexthdr != esp +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# ip6 nexthdr { 33-44} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr 33-44 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002c ] + +# ip6 nexthdr != 33-44 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002c ] + +# ip6 hoplimit 1 log +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ log prefix (null) ] + +# ip6 hoplimit != 233 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# ip6 hoplimit 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# ip6 hoplimit != 33-45 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# ip6 hoplimit {33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 hoplimit {33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:: +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::/64 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] + +# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + diff --git a/tests/py/ip6/ip6.t.payload.ip6 b/tests/py/ip6/ip6.t.payload.ip6 new file mode 100644 index 00000000..d355adae --- /dev/null +++ b/tests/py/ip6/ip6.t.payload.ip6 @@ -0,0 +1,339 @@ +# ip6 flowlabel 22 +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp eq reg 1 0x00160000 ] + +# ip6 flowlabel != 233 +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ cmp neq reg 1 0x00e90000 ] + +# ip6 flowlabel { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 flowlabel { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] +ip6 test-ip6 input + [ payload load 3b @ network header + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 length 22 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip6 length != 233 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# ip6 length 33-45 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# ip6 length != 33-45 +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# ip6 length { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log +set%d test-ip6 3 +set%d test-ip6 0 + element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + [ log prefix (null) ] + +# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr esp +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ip6 nexthdr != esp +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# ip6 nexthdr { 33-44} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 nexthdr 33-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002c ] + +# ip6 nexthdr != 33-44 +ip6 test-ip6 input + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002c ] + +# ip6 hoplimit 1 log +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ log prefix (null) ] + +# ip6 hoplimit != 233 +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# ip6 hoplimit 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# ip6 hoplimit != 33-45 +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# ip6 hoplimit {33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 hoplimit {33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ payload load 1b @ network header + 7 => reg 1 ] + [ lookup reg 1 set set%d ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ] + +# ip6 saddr ::1234:1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ] + +# ip6 saddr ::1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ] + +# ip6 saddr 1234::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234:1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ] + +# ip6 saddr 1234::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234:1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ] + +# ip6 saddr ::1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ] + +# ip6 saddr 1234::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ] + +# ip6 saddr 1234:: +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ] + +# ip6 saddr ::/64 +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] + +# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 +ip6 test-ip6 input + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] + [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] + diff --git a/tests/py/ip6/masquerade.t b/tests/py/ip6/masquerade.t new file mode 100644 index 00000000..4e6c086c --- /dev/null +++ b/tests/py/ip6/masquerade.t @@ -0,0 +1,25 @@ +*ip6;test-ip6 +:postrouting;type nat hook postrouting priority 0 + +# nf_nat flags combination +udp dport 53 masquerade;ok +udp dport 53 masquerade random;ok +udp dport 53 masquerade random,persistent;ok +udp dport 53 masquerade random,persistent,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent +udp dport 53 masquerade random,fully-random;ok +udp dport 53 masquerade random,fully-random,persistent;ok +udp dport 53 masquerade persistent;ok +udp dport 53 masquerade persistent,random;ok;udp dport 53 masquerade random,persistent +udp dport 53 masquerade persistent,random,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent +udp dport 53 masquerade persistent,fully-random;ok;udp dport 53 masquerade fully-random,persistent +udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerade random,fully-random,persistent + +# masquerade is a terminal statement +tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail +tcp sport 22 masquerade accept;fail +ip6 saddr ::1 masquerade drop;fail + +# masquerade with sets +tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade;ok +ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade;ok +iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade;ok diff --git a/tests/py/ip6/masquerade.t.payload.ip6 b/tests/py/ip6/masquerade.t.payload.ip6 new file mode 100644 index 00000000..2e8bf959 --- /dev/null +++ b/tests/py/ip6/masquerade.t.payload.ip6 @@ -0,0 +1,127 @@ +# udp dport 53 masquerade +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq ] + +# udp dport 53 masquerade random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x4 ] + +# udp dport 53 masquerade random,persistent +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade random,persistent,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade random,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x14 ] + +# udp dport 53 masquerade random,fully-random,persistent +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x8 ] + +# udp dport 53 masquerade persistent,random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade persistent,random,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent,fully-random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x18 ] + +# udp dport 53 masquerade persistent,fully-random,random +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade +set%d test-ip6 3 +set%d test-ip6 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ masq ] + +# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade +ip6 test-ip6 postrouting + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] + [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ masq ] + +# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0 [end] element 0000de00 : 0 [end] +ip6 test-ip6 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + [ masq ] + diff --git a/tests/py/ip6/mh.t b/tests/py/ip6/mh.t new file mode 100644 index 00000000..cd652b39 --- /dev/null +++ b/tests/py/ip6/mh.t @@ -0,0 +1,49 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +mh nexthdr 1;ok +mh nexthdr != 1;ok +mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp };ok;mh nexthdr { 58, 17, 108, 6, 51, 136, 50, 132, 33} +- mh nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok +mh nexthdr icmp;ok;mh nexthdr 1 +mh nexthdr != icmp;ok;mh nexthdr != 1 +mh nexthdr 22;ok +mh nexthdr != 233;ok +mh nexthdr 33-45;ok +mh nexthdr != 33-45;ok +mh nexthdr { 33, 55, 67, 88 };ok +- mh nexthdr != { 33, 55, 67, 88 };ok +mh nexthdr { 33-55 };ok +- mh nexthdr != { 33-55 };ok + +mh hdrlength 22;ok +mh hdrlength != 233;ok +mh hdrlength 33-45;ok +mh hdrlength != 33-45;ok +mh hdrlength { 33, 55, 67, 88 };ok +- mh hdrlength != { 33, 55, 67, 88 };ok +mh hdrlength { 33-55 };ok +- mh hdrlength != { 33-55 };ok + +mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message};ok +mh type home-agent-switch-message;ok +mh type != home-agent-switch-message;ok + +mh reserved 22;ok +mh reserved != 233;ok +mh reserved 33-45;ok +mh reserved != 33-45;ok +mh reserved { 33, 55, 67, 88};ok +- mh reserved != {33, 55, 67, 88};ok +mh reserved { 33-55};ok +- mh reserved != { 33-55};ok + +mh checksum 22;ok +mh checksum != 233;ok +mh checksum 33-45;ok +mh checksum != 33-45;ok +mh checksum { 33, 55, 67, 88};ok +- mh checksum != { 33, 55, 67, 88};ok +mh checksum { 33-55};ok +- mh checksum != { 33-55};ok diff --git a/tests/py/ip6/mh.t.payload.inet b/tests/py/ip6/mh.t.payload.inet new file mode 100644 index 00000000..53a0ce08 --- /dev/null +++ b/tests/py/ip6/mh.t.payload.inet @@ -0,0 +1,198 @@ +# mh nexthdr 1 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != 1 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } +set%d test-inet 3 +set%d test-inet 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr icmp +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != icmp +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr 22 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh nexthdr != 233 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh nexthdr 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh nexthdr != 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh nexthdr { 33, 55, 67, 88 } +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr { 33-55 } +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength 22 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh hdrlength != 233 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh hdrlength 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh hdrlength != 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh hdrlength { 33, 55, 67, 88 } +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength { 33-55 } +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} +set%d test-inet 3 +set%d test-inet 0 + element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type home-agent-switch-message +inet test-inet input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp eq reg 1 0x0000000c ] + +# mh type != home-agent-switch-message +inet test-inet input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp neq reg 1 0x0000000c ] + +# mh reserved 22 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh reserved != 233 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh reserved 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh reserved != 33-45 +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh reserved { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh reserved { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum 22 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# mh checksum != 233 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# mh checksum 33-45 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# mh checksum != 33-45 +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# mh checksum { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/mh.t.payload.ip6 b/tests/py/ip6/mh.t.payload.ip6 new file mode 100644 index 00000000..e903b74f --- /dev/null +++ b/tests/py/ip6/mh.t.payload.ip6 @@ -0,0 +1,198 @@ +# mh nexthdr 1 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != 1 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } +set%d test-ip6 3 +set%d test-ip6 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr icmp +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# mh nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# mh nexthdr 22 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh nexthdr != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh nexthdr 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh nexthdr != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh nexthdr { 33, 55, 67, 88 } +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh nexthdr { 33-55 } +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh hdrlength { 33, 55, 67, 88 } +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh hdrlength { 33-55 } +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh type home-agent-switch-message +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp eq reg 1 0x0000000c ] + +# mh type != home-agent-switch-message +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 2 => reg 1 ] + [ cmp neq reg 1 0x0000000c ] + +# mh reserved 22 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# mh reserved != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# mh reserved 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# mh reserved != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# mh reserved { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh reserved { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 135 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum 22 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# mh checksum != 233 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp neq reg 1 0x0000e900 ] + +# mh checksum 33-45 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp gte reg 1 0x00002100 ] + [ cmp lte reg 1 0x00002d00 ] + +# mh checksum != 33-45 +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ cmp lt reg 1 0x00002100 ] + [ cmp gt reg 1 0x00002d00 ] + +# mh checksum { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + +# mh checksum { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip6 test-ip6 input + [ exthdr load 2b @ 135 + 4 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/redirect.t b/tests/py/ip6/redirect.t new file mode 100644 index 00000000..31ffe8c9 --- /dev/null +++ b/tests/py/ip6/redirect.t @@ -0,0 +1,44 @@ +*ip6;test-ip6 +:output;type nat hook output priority 0 + +# with no arguments +redirect;ok +udp dport 954 redirect;ok +ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect;ok + +# nf_nat flags combination +udp dport 53 redirect random;ok +udp dport 53 redirect random,persistent;ok +udp dport 53 redirect random,persistent,fully-random;ok;udp dport 53 redirect random,fully-random,persistent +udp dport 53 redirect random,fully-random;ok +udp dport 53 redirect random,fully-random,persistent;ok +udp dport 53 redirect persistent;ok +udp dport 53 redirect persistent,random;ok;udp dport 53 redirect random,persistent +udp dport 53 redirect persistent,random,fully-random;ok;udp dport 53 redirect random,fully-random,persistent +udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-random,persistent +udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent + +# port specification +udp dport 1234 redirect to 1234;ok +ip6 daddr fe00::cafe udp dport 9998 redirect to 6515;ok +tcp dport 39128 redirect to 993;ok +redirect to 1234;fail +redirect to 12341111;fail + +# both port and nf_nat flags +tcp dport 9128 redirect to 993 random;ok +tcp dport 9128 redirect to 993 fully-random,persistent;ok + +# nf_nat flags are the last argument +tcp dport 9128 redirect persistent to 123;fail +tcp dport 9128 redirect random,persistent to 123;fail + +# redirect is a terminal statement +tcp dport 22 redirect counter packets 0 bytes 0 accept;fail +tcp sport 22 redirect accept;fail +ip6 saddr ::1 redirect drop;fail + +# redirect with sets +tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok +ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect;ok +iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok diff --git a/tests/py/ip6/redirect.t.payload.ip6 b/tests/py/ip6/redirect.t.payload.ip6 new file mode 100644 index 00000000..3369a7a3 --- /dev/null +++ b/tests/py/ip6/redirect.t.payload.ip6 @@ -0,0 +1,185 @@ +# redirect +ip6 test-ip6 output + [ redir ] + +# udp dport 954 redirect +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000ba03 ] + [ redir ] + +# ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect +ip6 test-ip6 output + [ payload load 16b @ network header + 8 => reg 1 ] + [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ] + [ counter pkts 0 bytes 0 ] + [ redir ] + +# udp dport 53 redirect random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x4 ] + +# udp dport 53 redirect random,persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0xc ] + +# udp dport 53 redirect random,persistent,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 53 redirect random,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x14 ] + +# udp dport 53 redirect random,fully-random,persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 53 redirect persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x8 ] + +# udp dport 53 redirect persistent,random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0xc ] + +# udp dport 53 redirect persistent,random,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 53 redirect persistent,fully-random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x18 ] + +# udp dport 53 redirect persistent,fully-random,random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ redir flags 0x1c ] + +# udp dport 1234 redirect to 1234 +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000d204 ] + [ immediate reg 1 0x0000d204 ] + [ redir proto_min reg 1 ] + +# ip6 daddr fe00::cafe udp dport 9998 redirect to 6515 +ip6 test-ip6 output + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00000e27 ] + [ immediate reg 1 0x00007319 ] + [ redir proto_min reg 1 ] + +# tcp dport 39128 redirect to 993 +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000d898 ] + [ immediate reg 1 0x0000e103 ] + [ redir proto_min reg 1 ] + +# tcp dport 9128 redirect to 993 random +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x0000e103 ] + [ redir proto_min reg 1 flags 0x4 ] + +# tcp dport 9128 redirect to 993 fully-random,persistent +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x0000a823 ] + [ immediate reg 1 0x0000e103 ] + [ redir proto_min reg 1 flags 0x18 ] + +# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect +set%d test-ip6 3 +set%d test-ip6 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + [ redir ] + +# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect +ip6 test-ip6 output + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] + [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ redir ] + +# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0 [end] element 0000de00 : 0 [end] +ip6 test-ip6 output + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + [ redir ] + diff --git a/tests/py/ip6/reject.t b/tests/py/ip6/reject.t new file mode 100644 index 00000000..60dec90e --- /dev/null +++ b/tests/py/ip6/reject.t @@ -0,0 +1,12 @@ +*ip6;test-ip6 +:output;type filter hook output priority 0 + +reject;ok +reject with icmpv6 type no-route;ok +reject with icmpv6 type admin-prohibited;ok +reject with icmpv6 type addr-unreachable;ok +reject with icmpv6 type port-unreachable;ok;reject +reject with tcp reset;ok;ip6 nexthdr 6 reject with tcp reset + +reject with icmpv6 type host-unreachable;fail +reject with icmp type host-unreachable;fail diff --git a/tests/py/ip6/reject.t.payload.ip6 b/tests/py/ip6/reject.t.payload.ip6 new file mode 100644 index 00000000..aa0b9ff2 --- /dev/null +++ b/tests/py/ip6/reject.t.payload.ip6 @@ -0,0 +1,26 @@ +# reject +ip6 test-ip6 output + [ reject type 0 code 4 ] + +# reject with icmpv6 type no-route +ip6 test-ip6 output + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +ip6 test-ip6 output + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +ip6 test-ip6 output + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +ip6 test-ip6 output + [ reject type 0 code 4 ] + +# reject with tcp reset +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ reject type 1 code 0 ] + diff --git a/tests/py/ip6/rt.t b/tests/py/ip6/rt.t new file mode 100644 index 00000000..eca47ca8 --- /dev/null +++ b/tests/py/ip6/rt.t @@ -0,0 +1,45 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +rt nexthdr 1;ok +rt nexthdr != 1;ok +rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;rt nexthdr { 33, 136, 50, 132, 51, 17, 108, 6, 58} +- rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok +rt nexthdr icmp;ok;rt nexthdr 1 +rt nexthdr != icmp;ok;rt nexthdr != 1 +rt nexthdr 22;ok +rt nexthdr != 233;ok +rt nexthdr 33-45;ok +rt nexthdr != 33-45;ok +rt nexthdr { 33, 55, 67, 88};ok +- rt nexthdr != { 33, 55, 67, 88};ok +rt nexthdr { 33-55};ok;rt nexthdr { 33-55} +- rt nexthdr != { 33-55};ok + +rt hdrlength 22;ok +rt hdrlength != 233;ok +rt hdrlength 33-45;ok +rt hdrlength != 33-45;ok +rt hdrlength { 33, 55, 67, 88};ok +- rt hdrlength != { 33, 55, 67, 88};ok +rt hdrlength { 33-55};ok +- rt hdrlength != { 33-55};ok + +rt type 22;ok +rt type != 233;ok +rt type 33-45;ok +rt type != 33-45;ok +rt type { 33, 55, 67, 88};ok +- rt type != { 33, 55, 67, 88};ok +rt type { 33-55};ok +- rt type != { 33-55};ok + +rt seg-left 22;ok +rt seg-left != 233;ok +rt seg-left 33-45;ok +rt seg-left != 33-45;ok +rt seg-left { 33, 55, 67, 88};ok +- rt seg-left != { 33, 55, 67, 88};ok +rt seg-left { 33-55};ok +- rt seg-left != { 33-55};ok diff --git a/tests/py/ip6/rt.t.payload.inet b/tests/py/ip6/rt.t.payload.inet new file mode 100644 index 00000000..9dc51b97 --- /dev/null +++ b/tests/py/ip6/rt.t.payload.inet @@ -0,0 +1,180 @@ +# rt nexthdr 1 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != 1 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-inet 3 +set%d test-inet 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr icmp +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != icmp +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr 22 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt nexthdr != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt nexthdr 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt nexthdr != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt nexthdr { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength 22 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt hdrlength != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt hdrlength 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt hdrlength != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt hdrlength { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type 22 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt type != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt type 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt type != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt type { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left 22 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt seg-left != 233 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt seg-left 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt seg-left != 33-45 +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt seg-left { 33, 55, 67, 88} +set%d test-inet 3 +set%d test-inet 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left { 33-55} +set%d test-inet 7 +set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/rt.t.payload.ip6 b/tests/py/ip6/rt.t.payload.ip6 new file mode 100644 index 00000000..f766ec0a --- /dev/null +++ b/tests/py/ip6/rt.t.payload.ip6 @@ -0,0 +1,180 @@ +# rt nexthdr 1 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != 1 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr icmp +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# rt nexthdr != icmp +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# rt nexthdr 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt nexthdr != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt nexthdr 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt nexthdr != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt nexthdr { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt nexthdr { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 0 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt hdrlength != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt hdrlength 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt hdrlength != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt hdrlength { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt hdrlength { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 1 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt type != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt type 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt type != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt type { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt type { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 2 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left 22 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# rt seg-left != 233 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# rt seg-left 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp gte reg 1 0x00000021 ] + [ cmp lte reg 1 0x0000002d ] + +# rt seg-left != 33-45 +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ cmp lt reg 1 0x00000021 ] + [ cmp gt reg 1 0x0000002d ] + +# rt seg-left { 33, 55, 67, 88} +set%d test-ip6 3 +set%d test-ip6 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + +# rt seg-left { 33-55} +set%d test-ip6 7 +set%d test-ip6 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip6 test-ip6 input + [ exthdr load 1b @ 43 + 3 => reg 1 ] + [ lookup reg 1 set set%d ] + diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t new file mode 100644 index 00000000..4938929c --- /dev/null +++ b/tests/py/ip6/sets.t @@ -0,0 +1,22 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +!set_ipv6_add1 ipv6_addr;ok +!set_inet1 inet_proto;ok +!set_inet inet_service;ok +!set_time time;ok + +?set2 192.168.3.4;fail +!set2 ipv6_addr;ok +?set2 1234:1234::1234:1234:1234:1234:1234;ok +?set2 1234:1234::1234:1234:1234:1234:1234;fail +?set2 1234::1234:1234:1234;ok +?set2 1234:1234:1234:1234:1234::1234:1234 1234:1234::123;ok +?set2 192.168.3.8 192.168.3.9;fail +?set2 1234:1234::1234:1234:1234:1234;ok +?set2 1234:1234::1234:1234:1234:1234;fail +?set2 1234:1234:1234::1234;ok + +ip6 saddr @set2 drop;ok +ip6 saddr @set33 drop;fail diff --git a/tests/py/ip6/sets.t.payload b/tests/py/ip6/sets.t.payload new file mode 100644 index 00000000..e69de29b diff --git a/tests/py/ip6/sets.t.payload.inet b/tests/py/ip6/sets.t.payload.inet new file mode 100644 index 00000000..27be86be --- /dev/null +++ b/tests/py/ip6/sets.t.payload.inet @@ -0,0 +1,8 @@ +# ip6 saddr @set2 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/py/ip6/sets.t.payload.ip6 b/tests/py/ip6/sets.t.payload.ip6 new file mode 100644 index 00000000..0e51fd3e --- /dev/null +++ b/tests/py/ip6/sets.t.payload.ip6 @@ -0,0 +1,6 @@ +# ip6 saddr @set2 drop +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/py/ip6/snat.t b/tests/py/ip6/snat.t new file mode 100644 index 00000000..37bf1a1d --- /dev/null +++ b/tests/py/ip6/snat.t @@ -0,0 +1,5 @@ +*ip6;test-ip6 +:postrouting;type nat hook postrouting priority 0 + +tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::80-100 +tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100;ok diff --git a/tests/py/ip6/snat.t.payload.ip6 b/tests/py/ip6/snat.t.payload.ip6 new file mode 100644 index 00000000..486bbb8b --- /dev/null +++ b/tests/py/ip6/snat.t.payload.ip6 @@ -0,0 +1,25 @@ +# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100 +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00005000 ] + [ immediate reg 4 0x00006400 ] + [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] + +# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100 +ip6 test-ip6 postrouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00006400 ] + [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] + diff --git a/tests/py/ip6/vmap.t b/tests/py/ip6/vmap.t new file mode 100644 index 00000000..301a28ae --- /dev/null +++ b/tests/py/ip6/vmap.t @@ -0,0 +1,54 @@ +*ip6;test-ip6 +*inet;test-inet +:input;type filter hook input priority 0 + +ip6 saddr vmap { abcd::3 : accept };ok +ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234:1234;fail + +# Ipv6 address combinations +# from src/scanner.l +ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 0:1234:1234:1234:1234:1234:1234:1234 : accept} +ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:0:1234:1234:1234:1234:1234:1234 : accept} +ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:0:1234:1234:1234:1234:1234 : accept} +ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:0:1234:1234:1234:1234 : accept} +ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:0:1234:1234:1234 : accept} +ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:0:1234:1234 : accept} +ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:0:1234 : accept} +ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:0 : accept} +ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept};ok +ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept};ok +ip6 saddr vmap { ::1234:1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234::1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234::1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234::1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:1234:: : accept};ok +ip6 saddr vmap { ::1234:1234:1234 : accept};ok +ip6 saddr vmap { 1234::1234:1234 : accept};ok +ip6 saddr vmap { 1234:1234::1234 : accept};ok +ip6 saddr vmap { 1234:1234:1234:: : accept};ok +ip6 saddr vmap { ::1234:1234 : accept};ok;ip6 saddr vmap { ::18.52.18.52 : accept} +ip6 saddr vmap { 1234::1234 : accept};ok +ip6 saddr vmap { 1234:1234:: : accept};ok +ip6 saddr vmap { ::1234 : accept};ok +ip6 saddr vmap { 1234:: : accept};ok +ip6 saddr vmap { ::/64 : accept};ok + +ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::aaaa : drop} +ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::bbbb : drop} +ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::cccc : drop} +ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::dddd: drop} + +# rule without comma: +filter-input ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:bbbb:::accept::adda : drop};fail diff --git a/tests/py/ip6/vmap.t.payload.inet b/tests/py/ip6/vmap.t.payload.inet new file mode 100644 index 00000000..f0312bf3 --- /dev/null +++ b/tests/py/ip6/vmap.t.payload.inet @@ -0,0 +1,420 @@ +# ip6 saddr vmap { abcd::3 : accept } +map%d test-inet b +map%d test-inet 0 + element 0000cdab 00000000 00000000 03000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34120000 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34120000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00003412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 00003412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 34123412 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 34120000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00003412 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 34120000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00003412 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 34123412 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 34120000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00003412 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 00000000 34123412 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 34123412 00000000 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234 : accept} +map%d test-inet b +map%d test-inet 0 + element 00000000 00000000 00000000 34120000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:: : accept} +map%d test-inet b +map%d test-inet 0 + element 00003412 00000000 00000000 00000000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::/64 : accept} +map%d test-inet f +map%d test-inet 0 + element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} +map%d test-inet b +map%d test-inet 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + diff --git a/tests/py/ip6/vmap.t.payload.ip6 b/tests/py/ip6/vmap.t.payload.ip6 new file mode 100644 index 00000000..0701b9b3 --- /dev/null +++ b/tests/py/ip6/vmap.t.payload.ip6 @@ -0,0 +1,336 @@ +# ip6 saddr vmap { abcd::3 : accept } +map%d test-ip6 b +map%d test-ip6 0 + element 0000cdab 00000000 00000000 03000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34120000 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34120000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00003412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 00003412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 34123412 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 34120000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00003412 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 34120000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00003412 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 34123412 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 34120000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00003412 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 00000000 34123412 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 00000000 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234 : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00000000 00000000 00000000 34120000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:: : accept} +map%d test-ip6 b +map%d test-ip6 0 + element 00003412 00000000 00000000 00000000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::/64 : accept} +map%d test-ip6 f +map%d test-ip6 0 + element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} +map%d test-ip6 b +map%d test-ip6 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] +ip6 test-ip6 input + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py new file mode 100755 index 00000000..e68087f3 --- /dev/null +++ b/tests/py/nft-test.py @@ -0,0 +1,968 @@ +#!/usr/bin/python +# +# (C) 2014 by Ana Rey Botello +# +# Based on iptables-test.py: +# (C) 2012 by Pablo Neira Ayuso " +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Thanks to the Outreach Program for Women (OPW) for sponsoring this test +# infrastructure. + +import sys +import os +import subprocess +import argparse +import signal + +TERMINAL_PATH = os.getcwd() +NFT_BIN = "src/nft" +TESTS_PATH = os.path.dirname(os.path.abspath(__file__)) +TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6"] +LOGFILE = "/tmp/nftables-test.log" +log_file = None +table_list = [] +chain_list = [] +all_set = dict() +signal_received = 0 + + +class Colors: + if sys.stdout.isatty(): + HEADER = '\033[95m' + GREEN = '\033[92m' + YELLOW = '\033[93m' + RED = '\033[91m' + ENDC = '\033[0m' + else: + HEADER = '' + GREEN = '' + YELLOW = '' + RED = '' + ENDC = '' + +def print_msg(reason, filename=None, lineno=None, color=None, errstr=None): + ''' + Prints a message with nice colors, indicating file and line number. + ''' + if filename and lineno: + print (filename + ": " + color + "ERROR:" + + Colors.ENDC + " line %d: %s" % (lineno + 1, reason)) + else: + print (color + "ERROR:" + Colors.ENDC + " %s" % (reason)) + +def print_error(reason, filename=None, lineno=None): + print_msg(reason, filename, lineno, Colors.RED, "ERROR:") + +def print_warning(reason, filename=None, lineno=None): + print_msg(reason, filename, lineno, Colors.YELLOW, "WARNING:") + + +def print_differences_warning(filename, lineno, rule1, rule2, cmd): + reason = "'" + rule1 + "' mismatches '" + rule2 + "'" + print filename + ": " + Colors.YELLOW + "WARNING: " + Colors.ENDC + \ + "line: " + str(lineno + 1) + ": '" + cmd + "': " + reason + + +def print_differences_error(filename, lineno, output, cmd): + reason = "Listing is broken." + print filename + ": " + Colors.RED + "ERROR: " + Colors.ENDC + \ + "line: " + str(lineno + 1) + ": '" + cmd + "': " + reason + + +def table_exist(table, filename, lineno): + ''' + Exists a table. + ''' + cmd = NFT_BIN + " list -nnn table " + table[0] + " " + table[1] + ret = execute_cmd(cmd, filename, lineno) + + return True if (ret == 0) else False + + +def table_flush(table, filename, lineno): + ''' + Flush a table. + ''' + cmd = NFT_BIN + " flush table " + str(table[0]) + " " + str(table[1]) + ret = execute_cmd(cmd, filename, lineno) + + return cmd + + +def table_create(table, filename, lineno): + ''' + Adds a table. + ''' + ## We check if table exists. + if table_exist(table, filename, lineno): + reason = "Table " + table[1] + " already exists" + print_error(reason, filename, lineno) + return -1 + + table_list.append(table) + + ## We add a new table + cmd = NFT_BIN + " add table " + table[0] + " " + table[1] + ret = execute_cmd(cmd, filename, lineno) + + if ret != 0: + reason = "Cannot add table " + table[1] + print_error(reason, filename, lineno) + table_list.remove(table) + return -1 + + ## We check if table was added correctly. + if not table_exist(table, filename, lineno): + table_list.remove(table) + reason = "I have just added the table " + table[1] + \ + " but it does not exist. Giving up!" + print_error(reason, filename, lineno) + return -1 + + return 0 + + +def table_delete(table, filename=None, lineno=None): + ''' + Deletes a table. + ''' + table_info = " " + table[0] + " " + table[1] + " " + + if not table_exist(table, filename, lineno): + reason = "Table " + table[1] + \ + " does not exist but I added it before." + print_error(reason, filename, lineno) + return -1 + + cmd = NFT_BIN + " delete table" + table_info + ret = execute_cmd(cmd, filename, lineno) + if ret != 0: + reason = cmd + ": " \ + "I cannot delete table '" + table[1] + "'. Giving up! " + print_error(reason, filename, lineno) + return -1 + + if table_exist(table, filename, lineno): + reason = "I have just deleted the table " + table[1] + \ + " but the table still exists." + print_error(reason, filename, lineno) + return -1 + + return 0 + + +def chain_exist(chain, table, filename, lineno): + ''' + Checks a chain + ''' + + table_info = " " + table[0] + " " + table[1] + " " + cmd = NFT_BIN + " list -nnn chain" + table_info + chain + ret = execute_cmd(cmd, filename, lineno) + + return True if (ret == 0) else False + + +def chain_create(chain, chain_type, chain_list, table, filename, lineno): + ''' + Adds a chain + ''' + + table_info = " " + table[0] + " " + table[1] + " " + + if chain_exist(chain, table, filename, lineno): + reason = "This chain '" + chain + "' exists in " + table[1] + "." + \ + "I cannot create two chains with same name." + print_error(reason, filename, lineno) + return -1 + + if chain_type: + cmd = NFT_BIN + " add chain" + table_info + chain + "\{ " + chain_type + "\; \}" + else: + cmd = NFT_BIN + " add chain" + table_info + chain + + ret = execute_cmd(cmd, filename, lineno) + if ret != 0: + reason = "I cannot create the chain '" + chain + print_error(reason, filename, lineno) + return -1 + + if not chain in chain_list: + chain_list.append(chain) + + if not chain_exist(chain, table, filename, lineno): + reason = "I have added the chain '" + chain + \ + "' but it does not exist in " + table[1] + print_error(reason, filename, lineno) + return -1 + + return 0 + + +def chain_delete(chain, table, filename=None, lineno=None): + ''' + Flushes and deletes a chain. + ''' + + table_info = " " + table[0] + " " + table[1] + " " + + if not chain_exist(chain, table, filename, lineno): + reason = "The chain " + chain + " does not exists in " + table[1] + \ + ". I cannot delete it." + print_error(reason, filename, lineno) + return -1 + + cmd = NFT_BIN + " flush chain" + table_info + chain + ret = execute_cmd(cmd, filename, lineno) + if ret != 0: + reason = "I cannot flush this chain " + chain + print_error(reason, filename, lineno) + return -1 + + cmd = NFT_BIN + " delete chain" + table_info + chain + ret = execute_cmd(cmd, filename, lineno) + if ret != 0: + reason = cmd + "I cannot delete this chain. DD" + print_error(reason, filename, lineno) + return -1 + + if chain_exist(chain, table, filename, lineno): + reason = "The chain " + chain + " exists in " + table[1] + \ + ". I cannot delete this chain" + print_error(reason, filename, lineno) + return -1 + + return 0 + + +def set_add(set_info, table_list, filename, lineno): + ''' + Adds a set. + ''' + + if not table_list: + reason = "Missing table to add rule" + print_error(reason, filename, lineno) + return -1 + + for table in table_list: + if set_exist(set_info[0], table, filename, lineno): + reason = "This set " + set_info + " exists in " + table[1] + \ + ". I cannot add it again" + print_error(reason, filename, lineno) + return -1 + + table_info = " " + table[0] + " " + table[1] + " " + set_text = " " + set_info[0] + " { type " + set_info[1] + " \;}" + cmd = NFT_BIN + " add set" + table_info + set_text + ret = execute_cmd(cmd, filename, lineno) + + if (ret == 0 and set_info[2].rstrip() == "fail") or \ + (ret != 0 and set_info[2].rstrip() == "ok"): + reason = cmd + ": " + "I cannot add the set " + set_info[0] + print_error(reason, filename, lineno) + return -1 + + if not set_exist(set_info[0], table, filename, lineno): + reason = "I have just added the set " + set_info[0] + \ + " to the table " + table[1] + " but it does not exist" + print_error(reason, filename, lineno) + return -1 + + return 0 + + +def set_add_elements(set_element, set_name, set_all, state, table_list, + filename, lineno): + ''' + Adds elements to the set. + ''' + + if not table_list: + reason = "Missing table to add rules" + print_error(reason, filename, lineno) + return -1 + + for table in table_list: + # Check if set exists. + if (not set_exist(set_name, table, filename, lineno) or + not set_name in set_all) and state == "ok": + reason = "I cannot add an element to the set " + set_name + \ + " since it does not exist." + print_error(reason, filename, lineno) + return -1 + + table_info = " " + table[0] + " " + table[1] + " " + + element = "" + for e in set_element: + if not element: + element = e + else: + element = element + ", " + e + + set_text = set_name + " { " + element + " }" + cmd = NFT_BIN + " add element" + table_info + set_text + ret = execute_cmd(cmd, filename, lineno) + + if (state == "fail" and ret == 0) or (state == "ok" and ret != 0): + test_state = "This rule should have failed." + reason = cmd + ": " + test_state + print_error(reason, filename, lineno) + return -1 + + # Add element into a all_set. + if (ret == 0 and state == "ok"): + for e in set_element: + set_all[set_name].add(e) + + return 0 + + +def set_delete_elements(set_element, set_name, table, filename=None, + lineno=None): + ''' + Deletes elements in a set. + ''' + table_info = " " + table[0] + " " + table[1] + " " + + for element in set_element: + set_text = set_name + " {" + element + "}" + cmd = NFT_BIN + " delete element" + table_info + set_text + ret = execute_cmd(cmd, filename, lineno) + if ret != 0: + reason = "I cannot delete an element" + element + \ + " from the set '" + set_name + print_error(reason, filename, lineno) + return -1 + + return 0 + + +def set_delete(all_set, table, filename=None, lineno=None): + ''' + Deletes set and its content. + ''' + + for set_name in all_set.keys(): + # Check if exists the set + if not set_exist(set_name, table, filename, lineno): + reason = "The set " + set_name + \ + " does not exist, I cannot delete it" + print_error(reason, filename, lineno) + return -1 + + # We delete all elements in the set + set_delete_elements(all_set[set_name], set_name, table, filename, + lineno) + + # We delete the set. + table_info = " " + table[0] + " " + table[1] + " " + cmd = NFT_BIN + " delete set " + table_info + " " + set_name + ret = execute_cmd(cmd, filename, lineno) + + # Check if the set still exists after I deleted it. + if ret != 0 or set_exist(set_name, table, filename, lineno): + reason = "Cannot remove the set " + set_name + print_error(reason, filename, lineno) + return -1 + + return 0 + + +def set_exist(set_name, table, filename, lineno): + ''' + Check if the set exists. + ''' + table_info = " " + table[0] + " " + table[1] + " " + cmd = NFT_BIN + " list -nnn set" + table_info + set_name + ret = execute_cmd(cmd, filename, lineno) + + return True if (ret == 0) else False + + +def set_check_element(rule1, rule2): + ''' + Check if element exists in anonymous sets. + ''' + ret = -1 + pos1 = rule1.find("{") + pos2 = rule2.find("{") + end1 = rule1.find("}") + end2 = rule2.find("}") + + if ((pos1 != -1) and (pos2 != -1) and (end1 != -1) and (end2 != -1)): + list1 = (rule1[pos1 + 1:end1].replace(" ", "")).split(",") + list2 = (rule2[pos2 + 1:end2].replace(" ", "")).split(",") + list1.sort() + list2.sort() + if (cmp(list1, list2) == 0): + ret = 0 + return ret + + +def output_clean(pre_output, chain): + pos_chain = pre_output[0].find(chain) + if pos_chain == -1: + return "" + output_intermediate = pre_output[0][pos_chain:] + brace_start = output_intermediate.find("{") + brace_end = output_intermediate.find("}") + pre_rule = output_intermediate[brace_start:brace_end] + if pre_rule[1:].find("{") > -1: # this rule has a set. + set = pre_rule[1:].replace("\t", "").replace("\n", "").strip() + set = set.split(";")[2].strip() + "}" + return set + else: + rule = pre_rule.split(";")[2].replace("\t", "").replace("\n", "").strip() + if len(rule) < 0: + return "" + return rule + +def payload_check_elems_to_set(elems): + newset = set() + + for n, line in enumerate(elems.split('[end]')): + e = line.strip() + if e in newset: + print_error("duplicate", e, n) + return newset + + newset.add(e) + + return newset + +def payload_check_set_elems(want, got): + + if want.find('element') < 0 or want.find('[end]') < 0: + return 0 + + if got.find('element') < 0 or got.find('[end]') < 0: + return 0 + + set_want = payload_check_elems_to_set(want) + set_got = payload_check_elems_to_set(got) + + return set_want == set_got + +def payload_check(payload_buffer, file, cmd): + + file.seek(0, 0) + + ret = False + i = 0 + + for lineno, want_line in enumerate(payload_buffer): + line = file.readline() + + if want_line == line: + i += 1 + continue + + if want_line.find('[') < 0 and line.find('[') < 0: + continue + if want_line.find(']') < 0 and line.find(']') < 0: + continue + + if payload_check_set_elems(want_line, line): + continue + + print_differences_warning(file.name, lineno, want_line.strip(), line.strip(), cmd); + return 0 + + return i > 0 + +def rule_add(rule, table_list, chain_list, filename, lineno, + force_all_family_option, filename_path): + ''' + Adds a rule + ''' + # TODO Check if a rule is added correctly. + ret = warning = error = unit_tests = 0 + + if not table_list or not chain_list: + reason = "Missing table or chain to add rule." + print_error(reason, filename, lineno) + return [-1, warning, error, unit_tests] + + payload_expected = [] + + for table in table_list: + try: + payload_log = open("%s.payload.%s" % (filename_path, table[0])) + except (IOError): + payload_log = open("%s.payload" % filename_path) + + if rule[1].strip() == "ok": + try: + payload_expected.index(rule[0]) + except (ValueError): + payload_expected = payload_find_expected(payload_log, rule[0]) + + if payload_expected == []: + print_error("did not find payload information for rule '%s'" % rule[0], payload_log.name, 1) + + for chain in chain_list: + unit_tests += 1 + table_flush(table, filename, lineno) + table_info = " " + table[0] + " " + table[1] + " " + cmd = NFT_BIN + " add rule" + table_info + chain + " " + rule[0] + + payload_log = os.tmpfile(); + + cmd = NFT_BIN + " add rule --debug=netlink" + table_info + chain + " " + rule[0] + ret = execute_cmd(cmd, filename, lineno, payload_log) + + state = rule[1].rstrip() + if (ret == 0 and state == "fail") or (ret != 0 and state == "ok"): + if state == "fail": + test_state = "This rule should have failed." + else: + test_state = "This rule should not have failed." + reason = cmd + ": " + test_state + print_error(reason, filename, lineno) + ret = -1 + error += 1 + if not force_all_family_option: + return [ret, warning, error, unit_tests] + + if (state == "fail" and ret != 0): + ret = 0 + continue + + if ret == 0: + # Check for matching payload + if state == "ok" and not payload_check(payload_expected, payload_log, cmd): + error += 1 + gotf = open("%s.payload.got" % filename_path, 'a') + payload_log.seek(0, 0) + gotf.write("# %s\n" % rule[0]) + while True: + line = payload_log.readline() + if line == "": + break + gotf.write(line) + gotf.close() + print_warning("Wrote payload for rule %s" % rule[0], gotf.name, 1) + + # Check output of nft + process = subprocess.Popen([NFT_BIN, '-nnn', 'list', 'table'] + table, + shell=False, stdout=subprocess.PIPE, + preexec_fn=preexec) + pre_output = process.communicate() + output = pre_output[0].split(";") + if len(output) < 2: + reason = cmd + ": Listing is broken." + print_error(reason, filename, lineno) + ret = -1 + error += 1 + if not force_all_family_option: + return [ret, warning, error, unit_tests] + else: + rule_output = output_clean(pre_output, chain) + if (len(rule) == 3): + teoric_exit = rule[2] + else: + teoric_exit = rule[0] + + if (rule_output.rstrip() != teoric_exit.rstrip()): + if (rule[0].find("{") != -1): # anonymous sets + if (set_check_element(teoric_exit, rule_output) != 0): + warning += 1 + print_differences_warning(filename, lineno, + rule[0], rule_output, + cmd) + if not force_all_family_option: + return [ret, warning, error, unit_tests] + else: + if len(rule_output) <= 0: + error += 1 + print_differences_error(filename, lineno, + rule_output, cmd) + if not force_all_family_option: + return [ret, warning, error, unit_tests] + + warning += 1 + print_differences_warning(filename, lineno, + teoric_exit.rstrip(), rule_output, + cmd) + + if not force_all_family_option: + return [ret, warning, error, unit_tests] + + return [ret, warning, error, unit_tests] + + +def preexec(): + os.setpgrp() # Don't forward signals. + + +def cleanup_on_exit(): + for table in table_list: + for chain in chain_list: + ret = chain_delete(chain, table, "", "") + if all_set: + ret = set_delete(all_set, table) + ret = table_delete(table) + + +def signal_handler(signal, frame): + global signal_received + signal_received = 1 + + +def execute_cmd(cmd, filename, lineno, stdout_log = False): + ''' + Executes a command, checks for segfaults and returns the command exit + code. + + :param cmd: string with the command to be executed + :param filename: name of the file tested (used for print_error purposes) + :param lineno: line number being tested (used for print_error purposes) + ''' + global log_file + print >> log_file, "command: %s" % cmd + if debug_option: + print cmd + + if not stdout_log: + stdout_log = log_file + + ret = subprocess.call(cmd, shell=True, universal_newlines=True, + stderr=log_file, stdout=stdout_log, + preexec_fn=preexec) + log_file.flush() + + if ret == -11: + reason = "command segfaults: " + cmd + print_error(reason, filename, lineno) + + return ret + + +def print_result(filename, tests, warning, error): + return str(filename) + ": " + str(tests) + " unit tests, " + \ + str(error) + " error, " + str(warning) + " warning" + + +def print_result_all(filename, tests, warning, error, unit_tests): + return str(filename) + ": " + str(tests) + " unit tests, " +\ + str(unit_tests) + " total test executed, " + \ + str(error) + " error, " + \ + str(warning) + " warning" + + +def table_process(table_line, filename, lineno): + if ";" in table_line: + table_info = table_line.split(";") + else: + table_info.append("ip") + table_info.append(table_line) + + return table_create(table_info, filename, lineno) + + +def chain_process(chain_line, filename, lineno): + chain_name = chain_line[0] + chain_type = "" + for table in table_list: + if len(chain_line) > 1: + chain_type = chain_line[1] + ret = chain_create(chain_name, chain_type, chain_list, table, + filename, lineno) + if ret != 0: + return -1 + return ret + + +def set_process(set_line, filename, lineno): + set_info = [] + set_name = "".join(set_line[0].rstrip()[1:]) + set_info.append(set_name) + set_type = set_line[1].split(";")[0] + set_state = set_line[1].split(";")[1] # ok or fail + set_info.append(set_type) + set_info.append(set_state) + ret = set_add(set_info, table_list, filename, lineno) + if ret == 0: + all_set[set_name] = set() + + return ret + + +def set_element_process(element_line, filename, lineno): + rule_state = element_line[1] + set_name = element_line[0].split(" ")[0] + set_element = element_line[0].split(" ") + set_element.remove(set_name) + return set_add_elements(set_element, set_name, all_set, rule_state, + table_list, filename, lineno) + +def payload_find_expected(payload_log, rule): + ''' + Find the netlink payload that should be generated by given rule in payload_log + + :param payload_log: open file handle of the payload data + :param rule: nft rule we are going to add + ''' + found = 0 + pos = 0 + payload_buffer = [] + + while True: + line = payload_log.readline() + if not line: + break + + if line[0] == "#": # rule start + rule_line = line.strip()[2:] + + if rule_line == rule.strip(): + found = 1 + continue + + if found == 1: + payload_buffer.append(line) + if line.isspace(): + return payload_buffer + + payload_log.seek(0, 0) + return payload_buffer + +def run_test_file(filename, force_all_family_option, specific_file): + ''' + Runs a test file + + :param filename: name of the file with the test rules + ''' + + if specific_file: + filename_path = os.path.join(TERMINAL_PATH, filename) + else: + filename_path = os.path.join(TESTS_PATH, filename) + + f = open(filename_path) + tests = passed = total_unit_run = total_warning = total_error = 0 + table = "" + total_test_passed = True + + for lineno, line in enumerate(f): + if signal_received == 1: + print "\nSignal received. Cleaning up and Exitting..." + cleanup_on_exit() + sys.exit(0) + + if line.isspace(): + continue + + if line[0] == "#": # Command-line + continue + + if line[0] == '*': # Table + table_line = line.rstrip()[1:] + ret = table_process(table_line, filename, lineno) + if (ret != 0): + total_test_passed = False + break + continue + + if line[0] == ":": # Chain + chain_line = line.rstrip()[1:].split(";") + ret = chain_process(chain_line, filename, lineno) + if ret != 0: + total_test_passed = False + break + continue + + if line[0] == "!": # Adds this set + set_line = line.rstrip()[0:].split(" ") + ret = set_process(set_line, filename, lineno) + tests += 1 + if ret == -1: + total_test_passed = False + continue + passed += 1 + continue + + if line[0] == "?": # Adds elements in a set + element_line = line.rstrip()[1:].split(";") + ret = set_element_process(element_line, filename, lineno) + tests += 1 + if ret == -1: + total_test_passed = False + continue + + passed += 1 + continue + + # Rule + rule = line.split(';') # rule[1] Ok or FAIL + if len(rule) == 1 or len(rule) > 3 or rule[1].rstrip() not in {"ok", "fail"}: + reason = "Skipping malformed rule test. (" + line.rstrip('\n') + ")" + print_warning(reason, filename, lineno) + continue + + if line[0] == "-": # Run omitted lines + if need_fix_option: + rule[0] = rule[0].rstrip()[1:].strip() + else: + continue + elif need_fix_option: + continue + + result = rule_add(rule, table_list, chain_list, filename, lineno, + force_all_family_option, filename_path) + tests += 1 + ret = result[0] + warning = result[1] + total_warning += warning + total_error += result[2] + total_unit_run += result[3] + + if ret != 0: + total_test_passed = False + continue + + if warning == 0: # All ok. + passed += 1 + + # Delete rules, sets, chains and tables + for table in table_list: + # We delete chains + for chain in chain_list: + ret = chain_delete(chain, table, filename, lineno) + if ret != 0: + total_test_passed = False + + # We delete sets. + if all_set: + ret = set_delete(all_set, table, filename, lineno) + if ret != 0: + total_test_passed = False + reason = "There is a problem when we delete a set" + print_error(reason, filename, lineno) + + # We delete tables. + ret = table_delete(table, filename, lineno) + + if ret != 0: + total_test_passed = False + + if specific_file: + if force_all_family_option: + print print_result_all(filename, tests, total_warning, total_error, + total_unit_run) + else: + print print_result(filename, tests, total_warning, total_error) + else: + if (tests == passed and tests > 0): + print filename + ": " + Colors.GREEN + "OK" + Colors.ENDC + + f.close() + del table_list[:] + del chain_list[:] + all_set.clear() + + return [tests, passed, total_warning, total_error, total_unit_run] + + +def main(): + parser = argparse.ArgumentParser(description='Run nft tests', + version='1.0') + + parser.add_argument('filename', nargs='?', + metavar='path/to/file.t', + help='Run only this test') + + parser.add_argument('-d', '--debug', action='store_true', + dest='debug', + help='enable debugging mode') + + parser.add_argument('-e', '--need-fix', action='store_true', + dest='need_fix_line', + help='run rules that need a fix') + + parser.add_argument('-f', '--force-family', action='store_true', + dest='force_all_family', + help='keep testing all families on error') + + args = parser.parse_args() + global debug_option, need_fix_option + debug_option = args.debug + need_fix_option = args.need_fix_line + force_all_family_option = args.force_all_family + specific_file = False + + signal.signal(signal.SIGINT, signal_handler) + signal.signal(signal.SIGTERM, signal_handler) + + if os.getuid() != 0: + print "You need to be root to run this, sorry" + return + + # Change working directory to repository root + os.chdir(TESTS_PATH + "/../..") + + if not os.path.isfile(NFT_BIN): + print "The nft binary does not exist. You need to build the project." + return + + test_files = files_ok = run_total = 0 + tests = passed = warnings = errors = 0 + global log_file + try: + log_file = open(LOGFILE, 'w') + except IOError: + print "Cannot open log file %s" % LOGFILE + return + + file_list = [] + if args.filename: + file_list = [args.filename] + specific_file = True + else: + for directory in TESTS_DIRECTORY: + path = os.path.join(TESTS_PATH, directory) + for root, dirs, files in os.walk(path): + for f in files: + if f.endswith(".t"): + file_list.append(os.path.join(directory, f)) + + for filename in file_list: + result = run_test_file(filename, force_all_family_option, specific_file) + file_tests = result[0] + file_passed = result[1] + file_warnings = result[2] + file_errors = result[3] + file_unit_run = result[4] + + test_files += 1 + + if file_warnings == 0 and file_tests == file_passed: + files_ok += 1 + if file_tests: + tests += file_tests + passed += file_passed + errors += file_errors + warnings += file_warnings + if force_all_family_option: + run_total += file_unit_run + + if test_files == 0: + print "No test files to run" + else: + if not specific_file: + if force_all_family_option: + print ("%d test files, %d files passed, %d unit tests, %d total executed, %d error, %d warning" % + (test_files, files_ok, tests, run_total, errors, warnings)) + else: + print ("%d test files, %d files passed, %d unit tests, %d error, %d warning" % + (test_files, files_ok, tests, errors, warnings)) + +if __name__ == '__main__': + main() diff --git a/tests/regression/README b/tests/regression/README deleted file mode 100644 index 82d73a27..00000000 --- a/tests/regression/README +++ /dev/null @@ -1,141 +0,0 @@ -Author: Ana Rey -Date: 18/Sept/2014 - -Here, the automated regression testing for nftables and some test -files. - -This script checks that the rule input and output of nft matches. -More details here below. - -A) What is this testing? - -This script tests two different paths: - -* The rule input from the command-line. This checks the different steps - from the command line to the kernel. This includes the parsing, - evaluation and netlink generation steps. - -* The output listing that is obtained from the kernel. This checks the - different steps from the kernel to the command line: The netlink - message parsing, postprocess and textify steps to display the rule - listing. - -As a final step, this script compares that the rule that is added can -be listed by nft. - -B) What options are available? - -The script offers the following options: - -* Execute test files: - -./nft-test.py # Run all test files -./nft-test.py path/file.t # Run this test file - -If there is a problem, it shows the differences between the rule that -is added and the rule that is listed by nft. - -In case you hit an error, the script doesn't keep testing for more -families. Unless you specify the --force-family option. - -* Execute broken tests: - -./nft-test.sh -e - -This runs tests for rules that need a fix: This mode runs the lines that -that start with a "-" symbol. - -* Debugging: - -./nft-test.sh -d - -This shows all the commands that the script executes, so you can watch -its internal behaviour. - -* Keep testing all families on error. - -./nft-test.sh -f - -Don't stop testing for more families in case of error. - -C) What is the structure of the test file? - -A test file contains a set of rules that are added in the system. - -Here, an example of a test file: - - *ip;test-ipv4 # line 1 - *ip6;test-ipv6 # line 2 - *inet;test-inet # line 3 - - :input;type filter hook input priority 0 # line 4 - - ah hdrlength != 11-23;ok;ah hdrlength < 11 ah hdrlength > 23 # line 5 - - tcp dport != {22-25} # line 6 - - !set1 ipv4_addr;ok # line 7 - ?set1 192.168.3.8 192.168.3.9;ok # line 8 - # This is a commented-line. # line 9 - -Line 1 defines a table. The name of the table is 'test-ip' and the -family is ip. Lines 2 and 3 defines more tables for different families -so the rules in this test file are also tested there. - -Line 4 defines the chain. The name of this chain is "input". The type is -"filter", the hook is "input" and the priority is 0. - -Line 5 defines the rule, the ";" character is used as separator of several -parts: - -* Part 1: "ah hdrlength != 11-23" is the rule to check. -* Part 2: "ok" is the result expected with the execute of this rule. -* Part 3: "ah hdrlength < 11 ah hdrlength > 23". This is the expected - output. You can leave this empty if the output is the same as the - input. - -Line 6 is a marked line. This means that this rule is tested if -'-e' is passed as argument to nft-test.py. - -Line 7 adds a new set. The name of this set is "set1" and the type -of this set is "ipv4_add". - -Line 8 adds two elements into the 'set1' set: "192.168.3.8" and -"192.168.3.9". A whitespace separates the elements of the set. - -Line 9 uses the "#" symbol that means that this line is commented out. - -D) The test folders - -The test files are divided in several directories: ip, ip6, inet, arp, -bridge and any. - - * "ip" folder contains the test files that are executed in ip and inet - table. - - * "ip6" folder contains the test files that are executed in ip6 and inet - table. - - * "inet" folder contains the test files that are executed in the ip, ip6 - and inet table. - - * "arp" folder contains the test files that are executed in the arp - table. - - * "bridge" folder: Here are the test files are executed in bridge - tables. - - * "any" folder: Here are the test files are executed in ip, ip6, inet, - arp and bridge tables. - -E) Meaning of messages: - -* A warning message means the rule input and output of nft mismatches. -* An error message means the nft-tool shows an error when we add it or - the listing is broken after the rule is added. - -F) Acknowledgements - -Thanks to the Outreach Program for Women (OPW) for sponsoring this test -infrastructure and my mentor Pablo Neira. - --EOF- diff --git a/tests/regression/any/ct.t b/tests/regression/any/ct.t deleted file mode 100644 index 059402e2..00000000 --- a/tests/regression/any/ct.t +++ /dev/null @@ -1,109 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet - -:output;type filter hook output priority 0 - -ct state new,established, related, untracked;ok;ct state established,related,new,untracked -ct state != related;ok -ct state {new,established, related, untracked};ok -- ct state != {new,established, related, untracked};ok -ct state invalid drop;ok -ct state established accept;ok -ct state 8;ok;ct state new -ct state xxx;fail - -ct direction original;ok -ct direction != original;ok -ct direction reply;ok -ct direction != reply;ok -ct direction {reply, original};ok -- ct direction != {reply, original};ok -ct direction xxx;fail - -ct status expected;ok -ct status != expected;ok -ct status seen-reply;ok -ct status != seen-reply;ok -ct status {expected, seen-reply, assured, confirmed, dying};ok -ct status xxx;fail - -# SYMBOL("snat", IPS_SRC_NAT) -# SYMBOL("dnat", IPS_DST_NAT) -- ct status snat;ok -- ct status dnat;ok - -ct mark 0;ok;ct mark 0x00000000 -ct mark or 0x23 == 0x11;ok;ct mark | 0x00000023 == 0x00000011 -ct mark or 0x3 != 0x1;ok;ct mark | 0x00000003 != 0x00000001 -ct mark and 0x23 == 0x11;ok;ct mark & 0x00000023 == 0x00000011 -ct mark and 0x3 != 0x1;ok;ct mark & 0x00000003 != 0x00000001 -ct mark xor 0x23 == 0x11;ok;ct mark 0x00000032 -ct mark xor 0x3 != 0x1;ok;ct mark != 0x00000002 - -ct mark 0x00000032;ok -ct mark != 0x00000032;ok -ct mark 0x00000032-0x00000045;ok -ct mark != 0x00000032-0x00000045;ok -ct mark {0x32, 0x2222, 0x42de3};ok;ct mark { 0x00042de3, 0x00002222, 0x00000032} -- ct mark != {0x32, 0x2222, 0x42de3};ok - -# ct mark != {0x32, 0x2222, 0x42de3};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -ct mark set 0x11 xor 0x1331;ok;ct mark set 0x00001320 -ct mark set 0x11333 and 0x11;ok;ct mark set 0x00000011 -ct mark set 0x12 or 0x11;ok;ct mark set 0x00000013 -ct mark set 0x11;ok;ct mark set 0x00000011 - -ct expiration 30;ok;ct expiration 30s -ct expiration 22;ok;ct expiration 22s -ct expiration != 233;ok;ct expiration != 3m53s -ct expiration 33-45;ok;ct expiration 33s-45s -ct expiration != 33-45;ok;ct expiration != 33s-45s -ct expiration {33, 55, 67, 88};ok;ct expiration { 1m7s, 33s, 55s, 1m28s} -- ct expiration != {33, 55, 67, 88};ok;ct expiration { 1m7s, 33s, 55s, 1m28s} -ct expiration {33-55};ok;ct expiration { 33s-55s} -# BUG: ct expiration {33-55} -# Broken output: ct expiration { "4271d23h25m52s"-"8738d3h11m59s" } -- ct expiration != {33-55};ok - -ct helper "ftp";ok -ct helper "12345678901234567";fail - -# BUG: ct l3proto "Layer 3 protocol of the connection" -# nft add rule ip test input ct l3proto arp -# :1:35-37: Error: Can t parse symbolic invalid expressions - - -# If table is ip6 or inet or bridge family,, It is failed. I can not test it -# ct saddr 1.2.3.4;ok - -# BUG: ct saddr 192.168.3.4 -# :1:1-43: Error: Could not process rule: Invalid argument -# add rule ip test input ct saddr 192.168.3.4 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- ct saddr 192.168.3.4;ok -- ct daddr 192.168.3.4;ok - -# BUG: ct protocol tcp -# :1:1-37: Error: Could not process rule: Invalid argument -# input ct protocol bgp :1:36-38: Error: Could not resolve protocol name -# ct protocol tcp;ok -- ct protocol tcp;ok - -- ct proto-src udp;ok -- ct proto-dst udp;ok -# BUG: ct proto-src udp and ct proto-dst udp -# :1:37-39: Error: datatype mismatch, expected invalid, expression has type Internet protocol -# add rule ip test input ct proto-src udp -# ~~~~~~~~~~~~ ^^^ -# :1:37-39: Error: datatype mismatch, expected invalid, expression has type Internet protocol -# add rule ip test input ct proto-dst udp -# ~~~~~~~~~~~~ ^^^ - -ct state . ct mark { new . 0x12345678};ok -ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634};ok -ct direction . ct mark { original . 0x12345678};ok -ct state . ct mark vmap { new . 0x12345678 : drop};ok diff --git a/tests/regression/any/ct.t.payload b/tests/regression/any/ct.t.payload deleted file mode 100644 index 2bebaccd..00000000 --- a/tests/regression/any/ct.t.payload +++ /dev/null @@ -1,275 +0,0 @@ -# ct state new,established, related, untracked -ip test-ip4 output - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000004e ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# ct state != related -ip test-ip4 output - [ ct load state => reg 1 ] - [ cmp neq reg 1 0x00000004 ] - -# ct state {new,established, related, untracked} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000008 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000040 : 0 [end] -ip test-ip4 output - [ ct load state => reg 1 ] - [ lookup reg 1 set set%d ] - -# ct state invalid drop -ip test-ip4 output - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ immediate reg 0 drop ] - -# ct state established accept -ip test-ip4 output - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ immediate reg 0 accept ] - -# ct state 8 -ip test-ip4 output - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000008 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# ct direction original -ip test-ip4 output - [ ct load direction => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# ct direction != original -ip test-ip4 output - [ ct load direction => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# ct direction reply -ip test-ip4 output - [ ct load direction => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# ct direction != reply -ip test-ip4 output - [ ct load direction => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# ct direction {reply, original} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000000 : 0 [end] -ip test-ip4 output - [ ct load direction => reg 1 ] - [ lookup reg 1 set set%d ] - -# ct status expected -ip test-ip4 output - [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# ct status != expected -ip test-ip4 output - [ ct load status => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# ct status seen-reply -ip test-ip4 output - [ ct load status => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# ct status != seen-reply -ip test-ip4 output - [ ct load status => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - -# ct status {expected, seen-reply, assured, confirmed, dying} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000200 : 0 [end] -ip test-ip4 output - [ ct load status => reg 1 ] - [ lookup reg 1 set set%d ] - -# ct mark 0 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# ct mark or 0x23 == 0x11 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffdc ) ^ 0x00000023 ] - [ cmp eq reg 1 0x00000011 ] - -# ct mark or 0x3 != 0x1 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] - [ cmp neq reg 1 0x00000001 ] - -# ct mark and 0x23 == 0x11 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000023 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000011 ] - -# ct mark and 0x3 != 0x1 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000001 ] - -# ct mark xor 0x23 == 0x11 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# ct mark xor 0x3 != 0x1 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - -# ct mark 0x00000032 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# ct mark != 0x00000032 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# ct mark 0x00000032-0x00000045 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0x32000000 ] - [ cmp lte reg 1 0x45000000 ] - -# ct mark != 0x00000032-0x00000045 -ip test-ip4 output - [ ct load mark => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0x32000000 ] - [ cmp gt reg 1 0x45000000 ] - -# ct mark {0x32, 0x2222, 0x42de3} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000032 : 0 [end] element 00002222 : 0 [end] element 00042de3 : 0 [end] -ip test-ip4 output - [ ct load mark => reg 1 ] - [ lookup reg 1 set set%d ] - -# ct mark set 0x11 xor 0x1331 -ip test-ip4 output - [ immediate reg 1 0x00001320 ] - [ ct set mark with reg 1 ] - -# ct mark set 0x11333 and 0x11 -ip test-ip4 output - [ immediate reg 1 0x00000011 ] - [ ct set mark with reg 1 ] - -# ct mark set 0x12 or 0x11 -ip test-ip4 output - [ immediate reg 1 0x00000013 ] - [ ct set mark with reg 1 ] - -# ct mark set 0x11 -ip test-ip4 output - [ immediate reg 1 0x00000011 ] - [ ct set mark with reg 1 ] - -# ct expiration 30 -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ cmp eq reg 1 0x0000001e ] - -# ct expiration 22 -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# ct expiration != 233 -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# ct expiration 33-45 -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# ct expiration != 33-45 -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# ct expiration {33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ lookup reg 1 set set%d ] - -# ct expiration {33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 output - [ ct load expiration => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - -# ct helper "ftp" -ip test-ip4 output - [ ct load helper => reg 1 ] - [ cmp eq reg 1 0x00707466 0x00000000 0x00000000 0x00000000 ] - -# ct state . ct mark { new . 0x12345678} -set%d test 3 -set%d test 0 - element 00000008 12345678 : 0 [end] -ip test-ip4 output - [ ct load state => reg 1 ] - [ ct load mark => reg 9 ] - [ lookup reg 1 set set%d ] - -# ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000008 12345678 : 0 [end] element 00000008 34127856 : 0 [end] element 00000002 12785634 : 0 [end] -ip test-ip4 output - [ ct load state => reg 1 ] - [ ct load mark => reg 9 ] - [ lookup reg 1 set set%d ] - -# ct direction . ct mark { original . 0x12345678} -set%d test 3 -set%d test 0 - element 00000000 12345678 : 0 [end] -ip test-ip4 output - [ ct load direction => reg 1 ] - [ ct load mark => reg 9 ] - [ lookup reg 1 set set%d ] - -# ct state . ct mark vmap { new . 0x12345678 : drop} -map%d test-ip4 b -map%d test-ip4 0 - element 00000008 12345678 : 0 [end] -ip test-ip4 output - [ ct load state => reg 1 ] - [ ct load mark => reg 9 ] - [ lookup reg 1 set map%d dreg 0 ] - diff --git a/tests/regression/any/frag.t b/tests/regression/any/frag.t deleted file mode 100644 index d61a3d4f..00000000 --- a/tests/regression/any/frag.t +++ /dev/null @@ -1,64 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*arp;test-arp -*bridge;test-bridge -:output;type filter hook output priority 0 - -frag nexthdr tcp;ok;frag nexthdr 6 -frag nexthdr != icmp;ok;frag nexthdr != 1 -frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok;frag nexthdr { 51, 136, 132, 6, 108, 50, 17, 33} -- frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok -frag nexthdr esp;ok;frag nexthdr 50 -frag nexthdr ah;ok;frag nexthdr 51 - -frag reserved 22;ok -frag reserved != 233;ok -frag reserved 33-45;ok -frag reserved != 33-45;ok -frag reserved { 33, 55, 67, 88};ok -- frag reserved != { 33, 55, 67, 88};ok -frag reserved { 33-55};ok -- frag reserved != { 33-55};ok - -# BUG: frag frag-off 22 and frag frag-off { 33-55} -# This breaks table listing: "netlink: Error: Relational expression size mismatch" - -- frag frag-off 22;ok -- frag frag-off != 233;ok -- frag frag-off 33-45;ok -- frag frag-off != 33-45;ok -- frag frag-off { 33, 55, 67, 88};ok -- frag frag-off != { 33, 55, 67, 88};ok -- frag frag-off { 33-55};ok -- frag frag-off != { 33-55};ok - -# BUG frag reserved2 33 and frag reserved2 1 -# $ sudo nft add rule ip test input frag reserved2 33 -# :1:39-40: Error: Value 33 exceeds valid range 0-3 -# add rule ip test input frag reserved2 33 -# ^^ -# sudo nft add rule ip test input frag reserved2 1 -# :1:1-39: Error: Could not process rule: Invalid argument -# add rule ip test input frag reserved2 1 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -# BUG more-fragments 1 and frag more-fragments 4 -# frag more-fragments 1 -# :1:1-44: Error: Could not process rule: Invalid argument -# add rule ip test input frag more-fragments 1 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -# $ sudo nft add rule ip test input frag more-fragments 4 -# :1:44-44: Error: Value 4 exceeds valid range 0-1 -# add rule ip test input frag more-fragments 4 -# ^ - -frag id 1;ok -frag id 22;ok -frag id != 33;ok -frag id 33-45;ok -frag id != 33-45;ok -frag id { 33, 55, 67, 88};ok -- frag id != { 33, 55, 67, 88};ok -frag id { 33-55};ok -- frag id != { 33-55};ok diff --git a/tests/regression/any/frag.t.payload b/tests/regression/any/frag.t.payload deleted file mode 100644 index a91ab3fa..00000000 --- a/tests/regression/any/frag.t.payload +++ /dev/null @@ -1,109 +0,0 @@ -# frag nexthdr tcp -ip test-ip4 output - [ exthdr load 1b @ 44 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - -# frag nexthdr != icmp -ip test-ip4 output - [ exthdr load 1b @ 44 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -ip test-ip4 output - [ exthdr load 1b @ 44 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# frag nexthdr esp -ip test-ip4 output - [ exthdr load 1b @ 44 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# frag nexthdr ah -ip test-ip4 output - [ exthdr load 1b @ 44 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - -# frag reserved 22 -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# frag reserved != 233 -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# frag reserved 33-45 -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# frag reserved != 33-45 -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# frag reserved { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# frag reserved { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 output - [ exthdr load 1b @ 44 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# frag id 1 -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ cmp eq reg 1 0x01000000 ] - -# frag id 22 -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# frag id != 33 -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ cmp neq reg 1 0x21000000 ] - -# frag id 33-45 -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# frag id != 33-45 -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# frag id { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# frag id { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 output - [ exthdr load 4b @ 44 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/any/limit.t b/tests/regression/any/limit.t deleted file mode 100644 index 96ffe609..00000000 --- a/tests/regression/any/limit.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*arp;test-arp -*bridge;test-bridge -:output;type filter hook output priority 0 - -limit rate 400/minute;ok -limit rate 20/second;ok -limit rate 400/hour;ok -limit rate 40/day;ok -limit rate 400/week;ok -limit rate 1023/second burst 10 packets;ok - -limit rate 1 kbytes/second;ok -limit rate 2 kbytes/second;ok -limit rate 1025 kbytes/second;ok -limit rate 1023 mbytes/second;ok -limit rate 10230 mbytes/second;ok -limit rate 1023000 mbytes/second;ok - -limit rate 1025 bytes/second burst 512 bytes;ok -limit rate 1025 kbytes/second burst 1023 kbytes;ok -limit rate 1025 mbytes/second burst 1025 kbytes;ok -limit rate 1025000 mbytes/second burst 1023 mbytes;ok diff --git a/tests/regression/any/limit.t.payload b/tests/regression/any/limit.t.payload deleted file mode 100644 index a3c87d84..00000000 --- a/tests/regression/any/limit.t.payload +++ /dev/null @@ -1,64 +0,0 @@ -# limit rate 400/minute -ip test-ip4 output - [ limit rate 400/minute burst 0 type packets ] - -# limit rate 20/second -ip test-ip4 output - [ limit rate 20/second burst 0 type packets ] - -# limit rate 400/hour -ip test-ip4 output - [ limit rate 400/hour burst 0 type packets ] - -# limit rate 400/week -ip test-ip4 output - [ limit rate 400/week burst 0 type packets ] - -# limit rate 40/day -ip test-ip4 output - [ limit rate 40/day burst 0 type packets ] - -# limit rate 1023/second burst 10 packets -ip test-ip4 output - [ limit rate 1023/second burst 10 type packets ] - -# limit rate 1 kbytes/second -ip test-ip4 output - [ limit rate 1024/second burst 0 type bytes ] - -# limit rate 2 kbytes/second -ip test-ip4 output - [ limit rate 2048/second burst 0 type bytes ] - -# limit rate 1025 kbytes/second -ip test-ip4 output - [ limit rate 1049600/second burst 0 type bytes ] - -# limit rate 1023 mbytes/second -ip test-ip4 output - [ limit rate 1072693248/second burst 0 type bytes ] - -# limit rate 10230 mbytes/second -ip test-ip4 output - [ limit rate 10726932480/second burst 0 type bytes ] - -# limit rate 1023000 mbytes/second -ip test-ip4 output - [ limit rate 1072693248000/second burst 0 type bytes ] - -# limit rate 1025 bytes/second burst 512 bytes -ip test-ip4 output - [ limit rate 1025/second burst 512 type bytes ] - -# limit rate 1025 kbytes/second burst 1023 kbytes -ip test-ip4 output - [ limit rate 1049600/second burst 1047552 type bytes ] - -# limit rate 1025 mbytes/second burst 1025 kbytes -ip test-ip4 output - [ limit rate 1074790400/second burst 1049600 type bytes ] - -# limit rate 1025000 mbytes/second burst 1023 mbytes -ip test-ip4 output - [ limit rate 1074790400000/second burst 1072693248 type bytes ] - diff --git a/tests/regression/any/log.t b/tests/regression/any/log.t deleted file mode 100644 index 0eed5807..00000000 --- a/tests/regression/any/log.t +++ /dev/null @@ -1,26 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*arp;test-arp -*bridge;test-bridge -:output;type filter hook output priority 0 - -log;ok -log level emerg;ok -log level alert;ok -log level crit;ok -log level err;ok -log level warn;ok;log -log level notice;ok -log level info;ok -log level debug;ok - -log level emerg group 2;fail -log level alert group 2 prefix "log test2";fail - -log prefix aaaaa-aaaaaa group 2 snaplen 33;ok;log prefix "aaaaa-aaaaaa" group 2 snaplen 33 -# TODO: Add an exception: 'queue-threshold' attribute needs 'group' attribute -# The correct rule is log group 2 queue-threshold 2 -log group 2 queue-threshold 2;ok -log group 2 snaplen 33;ok -log group 2 prefix \"nft-test: \";ok;log prefix "nft-test: " group 2 diff --git a/tests/regression/any/log.t.payload b/tests/regression/any/log.t.payload deleted file mode 100644 index 689668b6..00000000 --- a/tests/regression/any/log.t.payload +++ /dev/null @@ -1,52 +0,0 @@ -# log -ip test-ip4 output - [ log prefix (null) ] - -# log level emerg -ip test-ip4 output - [ log prefix (null) level 0 flags 0] - -# log level alert -ip test-ip4 output - [ log prefix (null) level 1 flags 0] - -# log level crit -ip test-ip4 output - [ log prefix (null) level 2 flags 0] - -# log level err -ip test-ip4 output - [ log prefix (null) level 3 flags 0] - -# log level warn -ip test-ip4 output - [ log prefix (null) level 4 flags 0] - -# log level notice -ip test-ip4 output - [ log prefix (null) level 5 flags 0] - -# log level info -ip test-ip4 output - [ log prefix (null) level 6 flags 0] - -# log level debug -ip test-ip4 output - [ log prefix (null) level 7 flags 0] - -# log prefix aaaaa-aaaaaa group 2 snaplen 33 -ip test-ip4 output - [ log prefix aaaaa-aaaaaa group 2 snaplen 33 qthreshold 0] - -# log group 2 queue-threshold 2 -ip test-ip4 output - [ log prefix (null) group 2 snaplen 0 qthreshold 2] - -# log group 2 snaplen 33 -ip test-ip4 output - [ log prefix (null) group 2 snaplen 33 qthreshold 0] - -# log group 2 prefix \"nft-test: \" -ip test-ip4 output - [ log prefix nft-test: group 2 snaplen 0 qthreshold 0] - diff --git a/tests/regression/any/meta.t b/tests/regression/any/meta.t deleted file mode 100644 index c03e7f4e..00000000 --- a/tests/regression/any/meta.t +++ /dev/null @@ -1,197 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*arp;test-arp -*bridge;test-bridge - -:input;type filter hook input priority 0 - -meta length 1000;ok -meta length 22;ok -meta length != 233;ok -meta length 33-45;ok -meta length != 33-45;ok -meta length { 33, 55, 67, 88};ok -- meta length != { 33, 55, 67, 88};ok -meta length { 33-55};ok -- meta length != { 33-55};ok - -meta protocol { ip, arp, ip6, vlan };ok;meta protocol { ip6, ip, vlan, arp} -- meta protocol != {ip, arp, ip6, vlan};ok -meta protocol ip;ok -meta protocol != ip;ok - -meta nfproto ipv4;ok -meta nfproto ipv6;ok -meta nfproto {ipv4, ipv6};ok - -meta l4proto 22;ok -meta l4proto != 233;ok -meta l4proto 33-45;ok -meta l4proto != 33-45;ok -meta l4proto { 33, 55, 67, 88};ok;meta l4proto { 33, 55, 67, 88} -- meta l4proto != { 33, 55, 67, 88};ok -meta l4proto { 33-55};ok -- meta l4proto != { 33-55};ok - -- meta priority :aabb;ok -- meta priority bcad:dadc;ok -- meta priority aabb:;ok -- meta priority != :aabb;ok -- meta priority != bcad:dadc;ok -- meta priority != aabb:;ok -- meta priority bcad:dada-bcad:dadc;ok -- meta priority != bcad:dada-bcad:dadc;ok -- meta priority {bcad:dada, bcad:dadc, aaaa:bbbb};ok -- meta priority != {bcad:dada, bcad:dadc, aaaa:bbbb};ok - -meta mark 0x4;ok;mark 0x00000004 -meta mark 0x32;ok;mark 0x00000032 -meta mark and 0x03 == 0x01;ok;mark & 0x00000003 == 0x00000001 -meta mark and 0x03 != 0x01;ok;mark & 0x00000003 != 0x00000001 -meta mark 0x10;ok;mark 0x00000010 -meta mark != 0x10;ok;mark != 0x00000010 - -meta mark or 0x03 == 0x01;ok;mark | 0x00000003 == 0x00000001 -meta mark or 0x03 != 0x01;ok;mark | 0x00000003 != 0x00000001 -meta mark xor 0x03 == 0x01;ok;mark 0x00000002 -meta mark xor 0x03 != 0x01;ok;mark != 0x00000002 - -meta iif eth0 accept;ok;iif eth0 accept -meta iif eth0 accept;ok;iif eth0 accept -meta iif != eth0 accept;ok;iif != eth0 accept -meta iif != eth0 accept;ok;iif != eth0 accept - -meta iifname "eth0";ok;iifname "eth0" -meta iifname != "eth0";ok;iifname != "eth0" -meta iifname {"eth0", "lo"};ok -- meta iifname != {"eth0", "lo"};ok -meta iifname "eth*";ok;iifname "eth*" -meta iifname "eth\*";ok;iifname "eth\*" - -meta iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok -- meta iiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok -meta iiftype != ether;ok;iiftype != ether -meta iiftype ether;ok;iiftype ether -meta iiftype != ppp;ok;iiftype != ppp -meta iiftype ppp;ok;iiftype ppp - -meta oif lo accept;ok;oif lo accept -meta oif != lo accept;ok;oif != lo accept -meta oif {eth0, lo} accept;ok -- meta oif != {eth0, lo} accept;ok - -meta oifname "eth0";ok;oifname "eth0" -meta oifname != "eth0";ok;oifname != "eth0" -meta oifname { "eth0", "lo"};ok -- meta iifname != {"eth0", "lo"};ok -meta oifname "eth*";ok;oifname "eth*" -meta oifname "eth\*";ok;oifname "eth\*" - -meta oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok -- meta oiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok -meta oiftype != ether;ok;oiftype != ether -meta oiftype ether;ok;oiftype ether - -meta skuid {bin, root, daemon} accept;ok;skuid { 0, 1, 2} accept -- meta skuid != {bin, root, daemon} accept;ok -meta skuid root;ok;skuid 0 -meta skuid != root;ok;skuid != 0 -meta skuid lt 3000 accept;ok;skuid < 3000 accept -meta skuid gt 3000 accept;ok;skuid > 3000 accept -meta skuid eq 3000 accept;ok;skuid 3000 accept -meta skuid 3001-3005 accept;ok;skuid 3001-3005 accept -meta skuid != 2001-2005 accept;ok;skuid != 2001-2005 accept -meta skuid { 2001-2005} accept;ok;skuid { 2001-2005} accept -- meta skuid != { 2001-2005} accept;ok - -meta skgid {bin, root, daemon} accept;ok;skgid { 0, 1, 2} accept -- meta skgid != {bin, root, daemon} accept;ok -meta skgid root;ok;skgid 0 -meta skgid != root;ok;skgid != 0 -meta skgid lt 3000 accept;ok;skgid < 3000 accept -meta skgid gt 3000 accept;ok;skgid > 3000 accept -meta skgid eq 3000 accept;ok;skgid 3000 accept -meta skgid 2001-2005 accept;ok;skgid 2001-2005 accept -meta skgid != 2001-2005 accept;ok;skgid != 2001-2005 accept -meta skgid { 2001-2005} accept;ok;skgid { 2001-2005} accept -- meta skgid != { 2001-2005} accept;ok;skgid != { 2001-2005} accept - -# BUG: meta nftrace 2 and meta nftrace 1 -# $ sudo nft add rule ip test input meta nftrace 2 -# :1:37-37: Error: Value 2 exceeds valid range 0-1 -# add rule ip test input meta nftrace 2 -# ^ -# $ sudo nft add rule ip test input meta nftrace 1 -# :1:1-37: Error: Could not process rule: Operation not supported -# add rule ip test input meta nftrace 1 -# -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -meta mark set 0xffffffc8 xor 0x16;ok;mark set 0xffffffde -meta mark set 0x16 and 0x16;ok;mark set 0x00000016 -meta mark set 0xffffffe9 or 0x16;ok;mark set 0xffffffff -meta mark set 0xffffffde and 0x16;ok;mark set 0x00000016 -meta mark set 0xf045ffde or 0x10;ok;mark set 0xf045ffde -meta mark set 0xffffffde or 0x16;ok;mark set 0xffffffde -meta mark set 0x32 or 0xfffff;ok;mark set 0x000fffff -meta mark set 0xfffe xor 0x16;ok;mark set 0x0000ffe8 - -meta iif lo;ok;iif lo -meta oif lo;ok;oif lo -meta oifname "eth2" accept;ok;oifname "eth2" accept -meta skuid 3000;ok;skuid 3000 -meta skgid 3000;ok;skgid 3000 -# BUG: meta nftrace 1;ok -# :1:1-37: Error: Could not process rule: Operation not supported -- meta nftrace 1;ok -meta rtclassid cosmos;ok;rtclassid cosmos - -meta pkttype broadcast;ok;pkttype broadcast -meta pkttype unicast;ok;pkttype unicast -meta pkttype multicast;ok;pkttype multicast -meta pkttype != broadcast;ok;pkttype != broadcast -meta pkttype != unicast;ok;pkttype != unicast -meta pkttype != multicast;ok;pkttype != multicast -meta pkttype broadcastttt;fail -meta pkttype { broadcast, multicast} accept;ok - -meta cpu 1;ok;cpu 1 -meta cpu != 1;ok;cpu != 1 -meta cpu 1-3;ok;cpu 1-3 -meta cpu != 1-2;ok;cpu != 1-2 -meta cpu { 2,3};ok;cpu { 2,3} --meta cpu != { 2,3};ok; cpu != { 2,3} - -meta iifgroup 0;ok;iifgroup default -meta iifgroup != 0;ok;iifgroup != default -meta iifgroup default;ok;iifgroup default -meta iifgroup != default;ok;iifgroup != default -meta iifgroup {default};ok;iifgroup {default} -- meta iifgroup != {default};ok -meta iifgroup { 11,33};ok -meta iifgroup {11-33};ok -- meta iifgroup != {11,33};ok -- meta iifgroup != {11-33};ok -meta oifgroup 0;ok;oifgroup default -meta oifgroup != 0;ok;oifgroup != default -meta oifgroup default;ok;oifgroup default -meta oifgroup != default;ok;oifgroup != default -meta oifgroup {default};ok;oifgroup {default} -- meta oifgroup != {default};ok -meta oifgroup { 11,33};ok -meta oifgroup {11-33};ok -- meta oifgroup != {11,33};ok -- meta oifgroup != {11-33};ok - -meta cgroup 1048577;ok;cgroup 1048577 -meta cgroup != 1048577;ok;cgroup != 1048577 -meta cgroup { 1048577, 1048578 };ok;cgroup { 1048577, 1048578} -# meta cgroup != { 1048577, 1048578};ok;cgroup != { 1048577, 1048578} -meta cgroup 1048577-1048578;ok;cgroup 1048577-1048578 -meta cgroup != 1048577-1048578;ok;cgroup != 1048577-1048578 -meta cgroup {1048577-1048578};ok;cgroup { 1048577-1048578} -# meta cgroup != { 1048577-1048578};ok;cgroup != { 1048577-1048578} - -meta iif . meta oif { lo . eth0 };ok -meta iif . meta oif . meta mark { lo . eth0 . 0x0000000a };ok -meta iif . meta oif vmap { lo . eth0 : drop };ok diff --git a/tests/regression/any/meta.t.payload b/tests/regression/any/meta.t.payload deleted file mode 100644 index 9f7a6d99..00000000 --- a/tests/regression/any/meta.t.payload +++ /dev/null @@ -1,756 +0,0 @@ -# meta length 1000 -ip test-ip4 input - [ meta load len => reg 1 ] - [ cmp eq reg 1 0x000003e8 ] - -# meta length 22 -ip test-ip4 input - [ meta load len => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# meta length != 233 -ip test-ip4 input - [ meta load len => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# meta length 33-45 -ip test-ip4 input - [ meta load len => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# meta length != 33-45 -ip test-ip4 input - [ meta load len => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# meta length { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip test-ip4 input - [ meta load len => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta length { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ meta load len => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - -# meta protocol { ip, arp, ip6, vlan } -set%d test-ip4 3 -set%d test-ip4 0 - element 00000008 : 0 [end] element 00000608 : 0 [end] element 0000dd86 : 0 [end] element 00000081 : 0 [end] -ip test-ip4 input - [ meta load protocol => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta protocol ip -ip test-ip4 input - [ meta load protocol => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - -# meta protocol != ip -ip test-ip4 input - [ meta load protocol => reg 1 ] - [ cmp neq reg 1 0x00000008 ] - -# meta nfproto ipv4 -ip test-ip4 input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - -# meta nfproto ipv6 -ip test-ip4 input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - -# meta nfproto {ipv4, ipv6} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000002 : 0 [end] element 0000000a : 0 [end] -ip test-ip4 input - [ meta load nfproto => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta l4proto 22 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# meta l4proto != 233 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# meta l4proto 33-45 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 2, 1) ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# meta l4proto != 33-45 -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 2, 1) ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# meta l4proto { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta l4proto { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ meta load l4proto => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 2, 1) ] - [ lookup reg 1 set set%d ] - -# meta mark 0x4 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp eq reg 1 0x00000004 ] - -# meta mark 0x32 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# meta mark and 0x03 == 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000001 ] - -# meta mark and 0x03 != 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000001 ] - -# meta mark 0x10 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp eq reg 1 0x00000010 ] - -# meta mark != 0x10 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp neq reg 1 0x00000010 ] - -# meta mark or 0x03 == 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] - [ cmp eq reg 1 0x00000001 ] - -# meta mark or 0x03 != 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] - [ cmp neq reg 1 0x00000001 ] - -# meta mark xor 0x03 == 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - -# meta mark xor 0x03 != 0x01 -ip test-ip4 input - [ meta load mark => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - -# meta iif eth0 accept -ip test-ip4 input - [ meta load iif => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# meta iif eth0 accept -ip test-ip4 input - [ meta load iif => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# meta iif != eth0 accept -ip test-ip4 input - [ meta load iif => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# meta iif != eth0 accept -ip test-ip4 input - [ meta load iif => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# meta iifname "eth0" -ip test-ip4 input - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - -# meta iifname != "eth0" -ip test-ip4 input - [ meta load iifname => reg 1 ] - [ cmp neq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - -# meta iifname {"eth0", "lo"} -set%d test-ip4 3 -set%d test-ip4 0 - element 30687465 00000000 00000000 00000000 : 0 [end] element 00006f6c 00000000 00000000 00000000 : 0 [end] -ip test-ip4 input - [ meta load iifname => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta iifname "eth*" -ip test-ip4 input - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x00687465 ] - -# meta iifname "eth\*" -ip test-ip4 input - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x2a687465 0x00000000 0x00000000 0x00000000 ] - -# meta iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000301 : 0 [end] element 00000304 : 0 [end] element 00000308 : 0 [end] element 0000030a : 0 [end] -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta iiftype != ether -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# meta iiftype ether -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta iiftype != ppp -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp neq reg 1 0x00000200 ] - -# meta iiftype ppp -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000200 ] - -# meta oif lo accept -ip test-ip4 input - [ meta load oif => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ immediate reg 0 accept ] - -# meta oif != lo accept -ip test-ip4 input - [ meta load oif => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - [ immediate reg 0 accept ] - -# meta oif {eth0, lo} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000002 : 0 [end] element 00000001 : 0 [end] -ip test-ip4 input - [ meta load oif => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta oifname "eth0" -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - -# meta oifname != "eth0" -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ cmp neq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - -# meta oifname { "eth0", "lo"} -set%d test-ip4 3 -set%d test-ip4 0 - element 30687465 00000000 00000000 00000000 : 0 [end] element 00006f6c 00000000 00000000 00000000 : 0 [end] -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta oifname "eth*" -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ cmp eq reg 1 0x00687465 ] - -# meta oifname "eth\*" -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ cmp eq reg 1 0x2a687465 0x00000000 0x00000000 0x00000000 ] - -# meta oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000301 : 0 [end] element 00000304 : 0 [end] element 00000308 : 0 [end] element 0000030a : 0 [end] -ip test-ip4 input - [ meta load oiftype => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta oiftype != ether -ip test-ip4 input - [ meta load oiftype => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# meta oiftype ether -ip test-ip4 input - [ meta load oiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta skuid {bin, root, daemon} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000000 : 0 [end] element 00000002 : 0 [end] -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta skuid root -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta skuid != root -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta skuid lt 3000 accept -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0xb80b0000 ] - [ immediate reg 0 accept ] - -# meta skuid gt 3000 accept -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gt reg 1 0xb80b0000 ] - [ immediate reg 0 accept ] - -# meta skuid eq 3000 accept -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ cmp eq reg 1 0x00000bb8 ] - [ immediate reg 0 accept ] - -# meta skuid 3001-3005 accept -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0xb90b0000 ] - [ cmp lte reg 1 0xbd0b0000 ] - [ immediate reg 0 accept ] - -# meta skuid != 2001-2005 accept -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0xd1070000 ] - [ cmp gt reg 1 0xd5070000 ] - [ immediate reg 0 accept ] - -# meta skuid { 2001-2005} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta skgid {bin, root, daemon} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000000 : 0 [end] element 00000002 : 0 [end] -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta skgid root -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta skgid != root -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta skgid lt 3000 accept -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0xb80b0000 ] - [ immediate reg 0 accept ] - -# meta skgid gt 3000 accept -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gt reg 1 0xb80b0000 ] - [ immediate reg 0 accept ] - -# meta skgid eq 3000 accept -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ cmp eq reg 1 0x00000bb8 ] - [ immediate reg 0 accept ] - -# meta skgid 2001-2005 accept -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0xd1070000 ] - [ cmp lte reg 1 0xd5070000 ] - [ immediate reg 0 accept ] - -# meta skgid != 2001-2005 accept -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0xd1070000 ] - [ cmp gt reg 1 0xd5070000 ] - [ immediate reg 0 accept ] - -# meta skgid { 2001-2005} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta mark set 0xffffffc8 xor 0x16 -ip test-ip4 input - [ immediate reg 1 0xffffffde ] - [ meta set mark with reg 1 ] - -# meta mark set 0x16 and 0x16 -ip test-ip4 input - [ immediate reg 1 0x00000016 ] - [ meta set mark with reg 1 ] - -# meta mark set 0xffffffe9 or 0x16 -ip test-ip4 input - [ immediate reg 1 0xffffffff ] - [ meta set mark with reg 1 ] - -# meta mark set 0xffffffde and 0x16 -ip test-ip4 input - [ immediate reg 1 0x00000016 ] - [ meta set mark with reg 1 ] - -# meta mark set 0xf045ffde or 0x10 -ip test-ip4 input - [ immediate reg 1 0xf045ffde ] - [ meta set mark with reg 1 ] - -# meta mark set 0xffffffde or 0x16 -ip test-ip4 input - [ immediate reg 1 0xffffffde ] - [ meta set mark with reg 1 ] - -# meta mark set 0x32 or 0xfffff -ip test-ip4 input - [ immediate reg 1 0x000fffff ] - [ meta set mark with reg 1 ] - -# meta mark set 0xfffe xor 0x16 -ip test-ip4 input - [ immediate reg 1 0x0000ffe8 ] - [ meta set mark with reg 1 ] - -# meta iif lo -ip test-ip4 input - [ meta load iif => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta oif lo -ip test-ip4 input - [ meta load oif => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta oifname "eth2" accept -ip test-ip4 input - [ meta load oifname => reg 1 ] - [ cmp eq reg 1 0x32687465 0x00000000 0x00000000 0x00000000 ] - [ immediate reg 0 accept ] - -# meta skuid 3000 -ip test-ip4 input - [ meta load skuid => reg 1 ] - [ cmp eq reg 1 0x00000bb8 ] - -# meta skgid 3000 -ip test-ip4 input - [ meta load skgid => reg 1 ] - [ cmp eq reg 1 0x00000bb8 ] - -# meta rtclassid cosmos -ip test-ip4 input - [ meta load rtclassid => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta pkttype broadcast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta pkttype unicast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta pkttype multicast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - -# meta pkttype != broadcast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# meta pkttype != unicast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta pkttype != multicast -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ cmp neq reg 1 0x00000002 ] - -# meta pkttype { broadcast, multicast} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000002 : 0 [end] -ip test-ip4 input - [ meta load pkttype => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# meta cpu 1 -ip test-ip4 input - [ meta load cpu => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# meta cpu != 1 -ip test-ip4 input - [ meta load cpu => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# meta cpu 1-3 -ip test-ip4 input - [ meta load cpu => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0x01000000 ] - [ cmp lte reg 1 0x03000000 ] - -# meta cpu != 1-2 -ip test-ip4 input - [ meta load cpu => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0x01000000 ] - [ cmp gt reg 1 0x02000000 ] - -# meta cpu { 2,3} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000002 : 0 [end] element 00000003 : 0 [end] -ip test-ip4 input - [ meta load cpu => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta iifgroup 0 -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta iifgroup != 0 -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta iifgroup default -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta iifgroup != default -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta iifgroup {default} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000000 : 0 [end] -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta iifgroup { 11,33} -set%d test-ip4 3 -set%d test-ip4 0 - element 0000000b : 0 [end] element 00000021 : 0 [end] -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta iifgroup {11-33} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 0b000000 : 0 [end] element 22000000 : 1 [end] -ip test-ip4 input - [ meta load iifgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - -# meta oifgroup 0 -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta oifgroup != 0 -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta oifgroup default -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# meta oifgroup != default -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - -# meta oifgroup {default} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000000 : 0 [end] -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta oifgroup { 11,33} -set%d test-ip4 3 -set%d test-ip4 0 - element 0000000b : 0 [end] element 00000021 : 0 [end] -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta oifgroup {11-33} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 0b000000 : 0 [end] element 22000000 : 1 [end] -ip test-ip4 input - [ meta load oifgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - -# meta cgroup 1048577 -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ cmp eq reg 1 0x00100001 ] - -# meta cgroup != 1048577 -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ cmp neq reg 1 0x00100001 ] - -# meta cgroup { 1048577, 1048578 } -set%d test-ip4 3 -set%d test-ip4 0 - element 00100001 : 0 [end] element 00100002 : 0 [end] -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ lookup reg 1 set set%d ] - -# meta cgroup 1048577-1048578 -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp gte reg 1 0x01001000 ] - [ cmp lte reg 1 0x02001000 ] - -# meta cgroup != 1048577-1048578 -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ cmp lt reg 1 0x01001000 ] - [ cmp gt reg 1 0x02001000 ] - -# meta cgroup {1048577-1048578} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 01001000 : 0 [end] element 03001000 : 1 [end] -ip test-ip4 input - [ meta load cgroup => reg 1 ] - [ byteorder reg 1 = hton(reg 1, 4, 4) ] - [ lookup reg 1 set set%d ] - - -# meta iif . meta oif { lo . eth0 } -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 00000002 : 0 [end] -ip test-ip4 output - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ lookup reg 1 set set%d ] - -# meta iif . meta oif . meta mark { lo . eth0 . 0x0000000a } -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 00000002 0000000a : 0 [end] -ip test-ip4 output - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ meta load mark => reg 10 ] - [ lookup reg 1 set set%d ] - -# meta iif . meta oif vmap { lo . eth0 : drop } -map%d test-ip4 b -map%d test-ip4 0 - element 00000001 00000002 : 0 [end] -ip test-ip4 output - [ meta load iif => reg 1 ] - [ meta load oif => reg 9 ] - [ lookup reg 1 set map%d dreg 0 ] - diff --git a/tests/regression/any/queue.t b/tests/regression/any/queue.t deleted file mode 100644 index 600c1121..00000000 --- a/tests/regression/any/queue.t +++ /dev/null @@ -1,15 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*arp;test-arp -*bridge;test-bridge - -:output;type filter hook output priority 0 - -queue;ok;queue num 0 -queue num 2;ok -queue num 2-3;ok -- queue num {3, 4, 6};ok -queue num 4-5 fanout bypass;ok;queue num 4-5 bypass,fanout -queue num 4-5 fanout;ok -queue num 4-5 bypass;ok diff --git a/tests/regression/any/queue.t.payload b/tests/regression/any/queue.t.payload deleted file mode 100644 index 43a6650c..00000000 --- a/tests/regression/any/queue.t.payload +++ /dev/null @@ -1,24 +0,0 @@ -# queue -ip test-ip4 output - [ queue num 0] - -# queue num 2 -ip test-ip4 output - [ queue num 2] - -# queue num 2-3 -ip test-ip4 output - [ queue num 2-3] - -# queue num 4-5 fanout bypass -ip test-ip4 output - [ queue num 4-5 bypass fanout] - -# queue num 4-5 fanout -ip test-ip4 output - [ queue num 4-5 fanout] - -# queue num 4-5 bypass -ip test-ip4 output - [ queue num 4-5 bypass] - diff --git a/tests/regression/arp/arp.t b/tests/regression/arp/arp.t deleted file mode 100644 index c4e07d57..00000000 --- a/tests/regression/arp/arp.t +++ /dev/null @@ -1,53 +0,0 @@ -*arp;test-arp -# filter chains available are: input, output, forward -:input;type filter hook input priority 0 - -arp htype 1;ok -arp htype != 1;ok -arp htype 22;ok -arp htype != 233;ok -arp htype 33-45;ok -arp htype != 33-45;ok -arp htype { 33, 55, 67, 88};ok -- arp htype != { 33, 55, 67, 88};ok -arp htype { 33-55};ok -- arp htype != { 33-55};ok - -arp ptype 0x0800;ok;arp ptype ip - -arp hlen 22;ok -arp hlen != 233;ok -arp hlen 33-45;ok -arp hlen != 33-45;ok -arp hlen { 33, 55, 67, 88};ok -- arp hlen != { 33, 55, 67, 88};ok -arp hlen { 33-55};ok -- arp hlen != { 33-55};ok - -arp plen 22;ok -arp plen != 233;ok -arp plen 33-45;ok -arp plen != 33-45;ok -arp plen { 33, 55, 67, 88};ok -- arp plen != { 33, 55, 67, 88};ok -arp plen { 33-55};ok -- arp plen != {33-55};ok - -arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request};ok -- arp operation != {nak, inreply, inrequest, rreply, rrequest, reply, request};ok -arp operation request;ok -arp operation reply;ok -arp operation rrequest;ok -arp operation rreply;ok -arp operation inrequest;ok -arp operation inreply;ok -arp operation nak;ok -arp operation reply;ok -arp operation != request;ok -arp operation != reply;ok -arp operation != rrequest;ok -arp operation != rreply;ok -arp operation != inrequest;ok -arp operation != inreply;ok -arp operation != nak;ok -arp operation != reply;ok diff --git a/tests/regression/arp/arp.t.payload b/tests/regression/arp/arp.t.payload deleted file mode 100644 index bfa37cdd..00000000 --- a/tests/regression/arp/arp.t.payload +++ /dev/null @@ -1,217 +0,0 @@ -# arp htype 1 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] - -# arp htype != 1 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp neq reg 1 0x00000100 ] - -# arp htype 22 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# arp htype != 233 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# arp htype 33-45 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# arp htype != 33-45 -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# arp htype { 33, 55, 67, 88} -set%d test-arp 3 -set%d test-arp 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp htype { 33-55} -set%d test-arp 7 -set%d test-arp 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -arp test-arp input - [ payload load 2b @ network header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp ptype 0x0800 -arp test-arp input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - -# arp hlen 22 -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# arp hlen != 233 -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# arp hlen 33-45 -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# arp hlen != 33-45 -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# arp hlen { 33, 55, 67, 88} -set%d test-arp 3 -set%d test-arp 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp hlen { 33-55} -set%d test-arp 7 -set%d test-arp 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -arp test-arp input - [ payload load 1b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp plen 22 -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# arp plen != 233 -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# arp plen 33-45 -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# arp plen != 33-45 -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# arp plen { 33, 55, 67, 88} -set%d test-arp 3 -set%d test-arp 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp plen { 33-55} -set%d test-arp 7 -set%d test-arp 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -arp test-arp input - [ payload load 1b @ network header + 5 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request} -set%d test-arp 3 -set%d test-arp 0 - element 00000a00 : 0 [end] element 00000900 : 0 [end] element 00000800 : 0 [end] element 00000400 : 0 [end] element 00000300 : 0 [end] element 00000200 : 0 [end] element 00000100 : 0 [end] -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# arp operation request -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] - -# arp operation reply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000200 ] - -# arp operation rrequest -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000300 ] - -# arp operation rreply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000400 ] - -# arp operation inrequest -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000800 ] - -# arp operation inreply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000900 ] - -# arp operation nak -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000a00 ] - -# arp operation reply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000200 ] - -# arp operation != request -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000100 ] - -# arp operation != reply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000200 ] - -# arp operation != rrequest -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000300 ] - -# arp operation != rreply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000400 ] - -# arp operation != inrequest -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000800 ] - -# arp operation != inreply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000900 ] - -# arp operation != nak -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000a00 ] - -# arp operation != reply -arp test-arp input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000200 ] - diff --git a/tests/regression/arp/chains.t b/tests/regression/arp/chains.t deleted file mode 100644 index cf08c1af..00000000 --- a/tests/regression/arp/chains.t +++ /dev/null @@ -1,6 +0,0 @@ -*arp;test-arp - -# filter chains available are: input, output, forward -:input;type filter hook input priority 0 -:forward;type filter hook forward priority 0 -:output;type filter hook output priority 0 diff --git a/tests/regression/arp/chains.t.payload b/tests/regression/arp/chains.t.payload deleted file mode 100644 index e69de29b..00000000 diff --git a/tests/regression/bridge/chains.t b/tests/regression/bridge/chains.t deleted file mode 100644 index 8070de4f..00000000 --- a/tests/regression/bridge/chains.t +++ /dev/null @@ -1,8 +0,0 @@ -*bridge;test-bridge - -# filter chains available are: prerouting, input, output, forward, postrouting -:filter-pre;type filter hook input priority 0 -:filter-output;type filter hook output priority 0 -:filter-forward;type filter hook forward priority 0 -:filter-input;type filter hook input priority 0 -:filter-post;type filter hook input priority 0 diff --git a/tests/regression/bridge/chains.t.payload b/tests/regression/bridge/chains.t.payload deleted file mode 100644 index e69de29b..00000000 diff --git a/tests/regression/bridge/ether.t b/tests/regression/bridge/ether.t deleted file mode 100644 index 6257dfcd..00000000 --- a/tests/regression/bridge/ether.t +++ /dev/null @@ -1,8 +0,0 @@ -*bridge;test-bridge - -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept -tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 -tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok -ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok diff --git a/tests/regression/bridge/ether.t.payload b/tests/regression/bridge/ether.t.payload deleted file mode 100644 index 8fdb0a95..00000000 --- a/tests/regression/bridge/ether.t.payload +++ /dev/null @@ -1,44 +0,0 @@ -# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 8b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00080411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 8b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00080411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 8b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00080411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - -# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept -bridge test-bridge input - [ payload load 8b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00080411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ immediate reg 0 accept ] - diff --git a/tests/regression/bridge/reject.t b/tests/regression/bridge/reject.t deleted file mode 100644 index 43e54611..00000000 --- a/tests/regression/bridge/reject.t +++ /dev/null @@ -1,38 +0,0 @@ -*bridge;test-bridge -:input;type filter hook input priority 0 - -# The output is specific for bridge family -reject with icmp type host-unreachable;ok;ether type ip reject with icmp type host-unreachable -reject with icmp type net-unreachable;ok;ether type ip reject with icmp type net-unreachable -reject with icmp type prot-unreachable;ok;ether type ip reject with icmp type prot-unreachable -reject with icmp type port-unreachable;ok;ether type ip reject -reject with icmp type net-prohibited;ok;ether type ip reject with icmp type net-prohibited -reject with icmp type host-prohibited;ok;ether type ip reject with icmp type host-prohibited -reject with icmp type admin-prohibited;ok;ether type ip reject with icmp type admin-prohibited - -reject with icmpv6 type no-route;ok;ether type ip6 reject with icmpv6 type no-route -reject with icmpv6 type admin-prohibited;ok;ether type ip6 reject with icmpv6 type admin-prohibited -reject with icmpv6 type addr-unreachable;ok;ether type ip6 reject with icmpv6 type addr-unreachable -reject with icmpv6 type port-unreachable;ok;ether type ip6 reject - -ip protocol tcp reject with tcp reset;ok;ip protocol 6 reject with tcp reset - -reject;ok -ether type ip reject;ok -ether type ip6 reject;ok - -reject with icmpx type host-unreachable;ok -reject with icmpx type no-route;ok -reject with icmpx type admin-prohibited;ok -reject with icmpx type port-unreachable;ok;reject - -ether type ipv6 reject with icmp type host-unreachable;fail -ether type ip6 reject with icmp type host-unreachable;fail -ether type ip reject with icmpv6 type no-route;fail -ether type vlan reject;fail -ether type arp reject;fail -ether type vlan reject;fail -ether type arp reject;fail -ether type vlan reject with tcp reset;fail -ether type arp reject with tcp reset;fail -ip protocol udp reject with tcp reset;fail diff --git a/tests/regression/bridge/reject.t.payload b/tests/regression/bridge/reject.t.payload deleted file mode 100644 index f5a0e6a8..00000000 --- a/tests/regression/bridge/reject.t.payload +++ /dev/null @@ -1,106 +0,0 @@ -# reject with icmp type host-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 1 ] - -# reject with icmp type net-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 0 ] - -# reject with icmp type prot-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 13 ] - -# reject with icmpv6 type no-route -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x0000dd86 ] - [ reject type 0 code 0 ] - -# reject with icmpv6 type admin-prohibited -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x0000dd86 ] - [ reject type 0 code 1 ] - -# reject with icmpv6 type addr-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x0000dd86 ] - [ reject type 0 code 3 ] - -# reject with icmpv6 type port-unreachable -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x0000dd86 ] - [ reject type 0 code 4 ] - -# ip protocol tcp reject with tcp reset -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ reject type 1 code 0 ] - -# reject -bridge test-bridge input - [ reject type 2 code 1 ] - -# ether type ip reject -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ reject type 0 code 3 ] - -# ether type ip6 reject -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x0000dd86 ] - [ reject type 0 code 4 ] - -# reject with icmpx type host-unreachable -bridge test-bridge input - [ reject type 2 code 2 ] - -# reject with icmpx type no-route -bridge test-bridge input - [ reject type 2 code 0 ] - -# reject with icmpx type admin-prohibited -bridge test-bridge input - [ reject type 2 code 3 ] - -# reject with icmpx type port-unreachable -bridge test-bridge input - [ reject type 2 code 1 ] - diff --git a/tests/regression/bridge/vlan.t b/tests/regression/bridge/vlan.t deleted file mode 100644 index f86561a2..00000000 --- a/tests/regression/bridge/vlan.t +++ /dev/null @@ -1,34 +0,0 @@ -*bridge;test-bridge -:input;type filter hook input priority 0 - -vlan id 4094;ok -vlan id 0;ok -# bad vlan id -vlan id 4096;fail -vlan id 4094 vlan cfi 0;ok -vlan id 4094 vlan cfi != 1;ok -vlan id 4094 vlan cfi 1;ok -# bad cfi -vlan id 4094 vlan cfi 2;fail -vlan id 4094 vlan cfi 1 vlan pcp 8;fail -vlan id 4094 vlan cfi 1 vlan pcp 7;ok -vlan id 4094 vlan cfi 1 vlan pcp 3;ok - -ether type vlan vlan id 4094;ok;vlan id 4094 -ether type vlan vlan id 0;ok;vlan id 0 -ether type vlan vlan id 4094 vlan cfi 0;ok;vlan id 4094 vlan cfi 0 -ether type vlan vlan id 4094 vlan cfi 1;ok;vlan id 4094 vlan cfi 1 -ether type vlan vlan id 4094 vlan cfi 2;fail - -vlan id 4094 tcp dport 22;ok -vlan id 1 ip saddr 10.0.0.1;ok -vlan id 1 ip saddr 10.0.0.0/23;ok -vlan id 1 ip saddr 10.0.0.0/23 udp dport 53;ok -ether type vlan vlan id 1 ip saddr 10.0.0.0/23 udp dport 53;ok;vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 - -vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3;ok -vlan id { 1, 2, 4, 100, 4096 };fail - -# illegal dependencies -ether type ip vlan id 1;fail -ether type ip vlan id 1 ip saddr 10.0.0.1;fail diff --git a/tests/regression/bridge/vlan.t.payload b/tests/regression/bridge/vlan.t.payload deleted file mode 100644 index 02242d22..00000000 --- a/tests/regression/bridge/vlan.t.payload +++ /dev/null @@ -1,201 +0,0 @@ -# vlan id 4094 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - -# vlan id 0 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# vlan id 4094 vlan cfi 0 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# vlan id 4094 vlan cfi != 1 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000010 ] - -# vlan id 4094 vlan cfi 1 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000010 ] - -# ether type vlan vlan id 4094 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - -# ether type vlan vlan id 0 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# ether type vlan vlan id 4094 vlan cfi 0 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# ether type vlan vlan id 4094 vlan cfi 1 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000010 ] - -# vlan id 4094 tcp dport 22 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# vlan id 1 ip saddr 10.0.0.1 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000100 ] - [ payload load 2b @ link header + 16 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x0100000a ] - -# vlan id 1 ip saddr 10.0.0.0/23 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000100 ] - [ payload load 2b @ link header + 16 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000a ] - -# vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000100 ] - [ payload load 2b @ link header + 16 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - -# ether type vlan vlan id 1 ip saddr 10.0.0.0/23 udp dport 53 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000100 ] - [ payload load 2b @ link header + 16 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00feffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - -# vlan id 4094 vlan cfi 1 vlan pcp 7 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000010 ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x000000e0 ] - -# vlan id 4094 vlan cfi 1 vlan pcp 3 -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000fe0f ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000010 ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000060 ] - -# vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3 -set%d test-bridge 3 -set%d test-bridge 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000400 : 0 [end] element 00006400 : 0 [end] element 0000ff0f : 0 [end] -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ payload load 2b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ff0f ) ^ 0x00000000 ] - [ lookup reg 1 set set%d ] - [ payload load 1b @ link header + 14 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000e0 ) ^ 0x00000000 ] - [ cmp gte reg 1 0x00000001 ] - [ cmp lte reg 1 0x00000003 ] - diff --git a/tests/regression/inet/ah.t b/tests/regression/inet/ah.t deleted file mode 100644 index 666659d3..00000000 --- a/tests/regression/inet/ah.t +++ /dev/null @@ -1,58 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -# nexthdr Bug to list table. - -- ah nexthdr esp;ok -- ah nexthdr ah;ok -- ah nexthdr comp;ok -- ah nexthdr udp;ok -- ah nexthdr udplite;ok -- ah nexthdr tcp;ok -- ah nexthdr dccp;ok -- ah nexthdr sctp;ok - -- ah nexthdr { esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok;ah nexthdr { 6, 132, 50, 17, 136, 33, 51, 108} -- ah nexthdr != { esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok - -ah hdrlength 11-23;ok -ah hdrlength != 11-23;ok -ah hdrlength { 11-23};ok -- ah hdrlength != { 11-23};ok -ah hdrlength {11, 23, 44 };ok -- ah hdrlength != {11-23 };ok - -ah reserved 22;ok -ah reserved != 233;ok -ah reserved 33-45;ok -ah reserved != 33-45;ok -ah reserved {23, 100};ok -- ah reserved != {33, 55, 67, 88};ok -ah reserved { 33-55};ok -- ah reserved != { 33-55};ok - -ah spi 111;ok -ah spi != 111;ok -ah spi 111-222;ok -ah spi != 111-222;ok -ah spi {111, 122};ok -- ah spi != {111, 122};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -ah spi { 111-122};ok -- ah spi != { 111-122};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -# sequence -ah sequence 123;ok -ah sequence != 123;ok -ah sequence {23, 25, 33};ok -- ah sequence != {23, 25, 33};ok -ah sequence { 23-33};ok -- ah sequence != { 33-44};ok -ah sequence 23-33;ok -ah sequence != 23-33;ok diff --git a/tests/regression/inet/ah.t.payload.inet b/tests/regression/inet/ah.t.payload.inet deleted file mode 100644 index d8755980..00000000 --- a/tests/regression/inet/ah.t.payload.inet +++ /dev/null @@ -1,186 +0,0 @@ -# ah hdrlength 11-23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x0000000b ] - [ cmp lte reg 1 0x00000017 ] - -# ah hdrlength != 11-23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x0000000b ] - [ cmp gt reg 1 0x00000017 ] - -# ah hdrlength { 11-23} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah hdrlength {11, 23, 44 } -set%d test-inet 3 -set%d test-inet 0 - element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ah reserved != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ah reserved 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ah reserved != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ah reserved {23, 100} -set%d test-inet 3 -set%d test-inet 0 - element 00001700 : 0 [end] element 00006400 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi 111 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x6f000000 ] - -# ah spi != 111 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x6f000000 ] - -# ah spi 111-222 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# ah spi != 111-222 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# ah spi {111, 122} -set%d test-inet 3 -set%d test-inet 0 - element 6f000000 : 0 [end] element 7a000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi { 111-122} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 123 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x7b000000 ] - -# ah sequence != 123 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x7b000000 ] - -# ah sequence {23, 25, 33} -set%d test-inet 3 -set%d test-inet 0 - element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence { 23-33} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 23-33 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x17000000 ] - [ cmp lte reg 1 0x21000000 ] - -# ah sequence != 23-33 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x17000000 ] - [ cmp gt reg 1 0x21000000 ] - diff --git a/tests/regression/inet/ah.t.payload.ip b/tests/regression/inet/ah.t.payload.ip deleted file mode 100644 index 6a58bb1f..00000000 --- a/tests/regression/inet/ah.t.payload.ip +++ /dev/null @@ -1,186 +0,0 @@ -# ah hdrlength 11-23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x0000000b ] - [ cmp lte reg 1 0x00000017 ] - -# ah hdrlength != 11-23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x0000000b ] - [ cmp gt reg 1 0x00000017 ] - -# ah hdrlength { 11-23} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah hdrlength {11, 23, 44 } -set%d test-ip4 3 -set%d test-ip4 0 - element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ah reserved != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ah reserved 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ah reserved != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ah reserved {23, 100} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00006400 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi 111 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x6f000000 ] - -# ah spi != 111 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x6f000000 ] - -# ah spi 111-222 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# ah spi != 111-222 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# ah spi {111, 122} -set%d test-ip4 3 -set%d test-ip4 0 - element 6f000000 : 0 [end] element 7a000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi { 111-122} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 123 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x7b000000 ] - -# ah sequence != 123 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x7b000000 ] - -# ah sequence {23, 25, 33} -set%d test-ip4 3 -set%d test-ip4 0 - element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence { 23-33} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 23-33 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x17000000 ] - [ cmp lte reg 1 0x21000000 ] - -# ah sequence != 23-33 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x17000000 ] - [ cmp gt reg 1 0x21000000 ] - diff --git a/tests/regression/inet/ah.t.payload.ip6 b/tests/regression/inet/ah.t.payload.ip6 deleted file mode 100644 index ce89754b..00000000 --- a/tests/regression/inet/ah.t.payload.ip6 +++ /dev/null @@ -1,186 +0,0 @@ -# ah hdrlength 11-23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x0000000b ] - [ cmp lte reg 1 0x00000017 ] - -# ah hdrlength != 11-23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x0000000b ] - [ cmp gt reg 1 0x00000017 ] - -# ah hdrlength { 11-23} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 0000000b : 0 [end] element 00000018 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah hdrlength {11, 23, 44 } -set%d test-ip6 3 -set%d test-ip6 0 - element 0000000b : 0 [end] element 00000017 : 0 [end] element 0000002c : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ah reserved != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ah reserved 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ah reserved != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ah reserved {23, 100} -set%d test-ip6 3 -set%d test-ip6 0 - element 00001700 : 0 [end] element 00006400 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah reserved { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi 111 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x6f000000 ] - -# ah spi != 111 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x6f000000 ] - -# ah spi 111-222 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# ah spi != 111-222 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# ah spi {111, 122} -set%d test-ip6 3 -set%d test-ip6 0 - element 6f000000 : 0 [end] element 7a000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah spi { 111-122} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 6f000000 : 0 [end] element 7b000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 123 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x7b000000 ] - -# ah sequence != 123 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x7b000000 ] - -# ah sequence {23, 25, 33} -set%d test-ip6 3 -set%d test-ip6 0 - element 17000000 : 0 [end] element 19000000 : 0 [end] element 21000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence { 23-33} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 17000000 : 0 [end] element 22000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ah sequence 23-33 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x17000000 ] - [ cmp lte reg 1 0x21000000 ] - -# ah sequence != 23-33 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000033 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x17000000 ] - [ cmp gt reg 1 0x21000000 ] - diff --git a/tests/regression/inet/comp.t b/tests/regression/inet/comp.t deleted file mode 100644 index f4753bbc..00000000 --- a/tests/regression/inet/comp.t +++ /dev/null @@ -1,31 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet - -:input;type filter hook input priority 0 - -# BUG: nft: payload.c:88: payload_expr_pctx_update: Assertion `left->payload.base + 1 <= (__PROTO_BASE_MAX - 1)' failed. -- comp nexthdr esp;ok;comp nexthdr 50 -comp nexthdr != esp;ok;comp nexthdr != 50 - -- comp nexthdr {esp, ah, comp, udp, udplite, tcp, tcp, dccp, sctp};ok -# comp flags ## 8-bit field. Reserved for future use. MUST be set to zero. - -# Bug comp flags: to list. List the decimal value. -comp flags 0x0;ok -comp flags != 0x23;ok -comp flags 0x33-0x45;ok -comp flags != 0x33-0x45;ok -comp flags {0x33, 0x55, 0x67, 0x88};ok -- comp flags != {0x33, 0x55, 0x67, 0x88};ok -comp flags { 0x33-0x55};ok -- comp flags != { 0x33-0x55};ok - -comp cpi 22;ok -comp cpi != 233;ok -comp cpi 33-45;ok -comp cpi != 33-45;ok -comp cpi {33, 55, 67, 88};ok -- comp cpi != {33, 55, 67, 88};ok -comp cpi { 33-55};ok -- comp cpi != { 33-55};ok diff --git a/tests/regression/inet/comp.t.payload.inet b/tests/regression/inet/comp.t.payload.inet deleted file mode 100644 index c00bcc71..00000000 --- a/tests/regression/inet/comp.t.payload.inet +++ /dev/null @@ -1,107 +0,0 @@ -# comp nexthdr != esp -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# comp flags 0x0 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# comp flags != 0x23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp neq reg 1 0x00000023 ] - -# comp flags 0x33-0x45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000033 ] - [ cmp lte reg 1 0x00000045 ] - -# comp flags != 0x33-0x45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x00000033 ] - [ cmp gt reg 1 0x00000045 ] - -# comp flags {0x33, 0x55, 0x67, 0x88} -set%d test-inet 3 -set%d test-inet 0 - element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp flags { 0x33-0x55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# comp cpi != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# comp cpi 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# comp cpi != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# comp cpi {33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/comp.t.payload.ip b/tests/regression/inet/comp.t.payload.ip deleted file mode 100644 index e226c9a5..00000000 --- a/tests/regression/inet/comp.t.payload.ip +++ /dev/null @@ -1,107 +0,0 @@ -# comp nexthdr != esp -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# comp flags 0x0 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# comp flags != 0x23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp neq reg 1 0x00000023 ] - -# comp flags 0x33-0x45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000033 ] - [ cmp lte reg 1 0x00000045 ] - -# comp flags != 0x33-0x45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x00000033 ] - [ cmp gt reg 1 0x00000045 ] - -# comp flags {0x33, 0x55, 0x67, 0x88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp flags { 0x33-0x55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# comp cpi != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# comp cpi 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# comp cpi != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# comp cpi {33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/comp.t.payload.ip6 b/tests/regression/inet/comp.t.payload.ip6 deleted file mode 100644 index 135e5a2e..00000000 --- a/tests/regression/inet/comp.t.payload.ip6 +++ /dev/null @@ -1,107 +0,0 @@ -# comp nexthdr != esp -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# comp flags 0x0 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# comp flags != 0x23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp neq reg 1 0x00000023 ] - -# comp flags 0x33-0x45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000033 ] - [ cmp lte reg 1 0x00000045 ] - -# comp flags != 0x33-0x45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x00000033 ] - [ cmp gt reg 1 0x00000045 ] - -# comp flags {0x33, 0x55, 0x67, 0x88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000033 : 0 [end] element 00000055 : 0 [end] element 00000067 : 0 [end] element 00000088 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp flags { 0x33-0x55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000033 : 0 [end] element 00000056 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# comp cpi != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# comp cpi 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# comp cpi != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# comp cpi {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# comp cpi { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000006c ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/dccp.t b/tests/regression/inet/dccp.t deleted file mode 100644 index e323992e..00000000 --- a/tests/regression/inet/dccp.t +++ /dev/null @@ -1,33 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -dccp sport 21-35;ok -dccp sport != 21-35;ok -dccp sport {23, 24, 25};ok -- dccp sport != { 27, 34};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -dccp sport { 20-50 };ok -dccp sport ftp-data - re-mail-ck;ok;dccp sport 20-50 -dccp sport 20-50;ok -dccp sport { 20-50};ok -- dccp sport != {27-34};ok -# dccp sport != {27-34};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -# dccp dport 21-35;ok -# dccp dport != 21-35;ok -dccp dport {23, 24, 25};ok -# dccp dport != {27, 34};ok -dccp dport { 20-50};ok -# dccp dport != {27-34};ok - -# BUG dccp type -# dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok -# dccp type != {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok -# dccp type request;ok -# dccp type != request;ok diff --git a/tests/regression/inet/dccp.t.payload.inet b/tests/regression/inet/dccp.t.payload.inet deleted file mode 100644 index ecd8863f..00000000 --- a/tests/regression/inet/dccp.t.payload.inet +++ /dev/null @@ -1,82 +0,0 @@ -# dccp sport 21-35 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001500 ] - [ cmp lte reg 1 0x00002300 ] - -# dccp sport != 21-35 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001500 ] - [ cmp gt reg 1 0x00002300 ] - -# dccp sport {23, 24, 25} -set%d test-inet 3 -set%d test-inet 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport { 20-50 } -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport ftp-data - re-mail-ck -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport 20-50 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport {23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/dccp.t.payload.ip b/tests/regression/inet/dccp.t.payload.ip deleted file mode 100644 index 9e1cc2ec..00000000 --- a/tests/regression/inet/dccp.t.payload.ip +++ /dev/null @@ -1,82 +0,0 @@ -# dccp sport 21-35 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001500 ] - [ cmp lte reg 1 0x00002300 ] - -# dccp sport != 21-35 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001500 ] - [ cmp gt reg 1 0x00002300 ] - -# dccp sport {23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport { 20-50 } -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport ftp-data - re-mail-ck -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport 20-50 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport {23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/dccp.t.payload.ip6 b/tests/regression/inet/dccp.t.payload.ip6 deleted file mode 100644 index c0e1d70a..00000000 --- a/tests/regression/inet/dccp.t.payload.ip6 +++ /dev/null @@ -1,82 +0,0 @@ -# dccp sport 21-35 -ip test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001500 ] - [ cmp lte reg 1 0x00002300 ] - -# dccp sport != 21-35 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001500 ] - [ cmp gt reg 1 0x00002300 ] - -# dccp sport {23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport { 20-50 } -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp sport ftp-data - re-mail-ck -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport 20-50 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001400 ] - [ cmp lte reg 1 0x00003200 ] - -# dccp sport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport {23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dccp dport { 20-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001400 : 0 [end] element 00003300 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000021 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/esp.t b/tests/regression/inet/esp.t deleted file mode 100644 index 3a8502d9..00000000 --- a/tests/regression/inet/esp.t +++ /dev/null @@ -1,23 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -esp spi 100;ok -esp spi != 100;ok -esp spi 111-222;ok -esp spi != 111-222;ok -esp spi { 100, 102};ok -- esp spi != { 100, 102};ok -esp spi { 100-102};ok -- esp spi {100-102};ok - -esp sequence 22;ok -esp sequence 22-24;ok -esp sequence != 22-24;ok -esp sequence { 22, 24};ok -- esp sequence != { 22, 24};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. -esp sequence { 22-25};ok -- esp sequence != { 22-25};ok diff --git a/tests/regression/inet/esp.t.payload.inet b/tests/regression/inet/esp.t.payload.inet deleted file mode 100644 index 4ba9ea8e..00000000 --- a/tests/regression/inet/esp.t.payload.inet +++ /dev/null @@ -1,93 +0,0 @@ -# esp spi 100 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x64000000 ] - -# esp spi != 100 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x64000000 ] - -# esp spi 111-222 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# esp spi != 111-222 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# esp spi { 100, 102} -set%d test-inet 3 -set%d test-inet 0 - element 64000000 : 0 [end] element 66000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp spi { 100-102} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# esp sequence 22-24 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x16000000 ] - [ cmp lte reg 1 0x18000000 ] - -# esp sequence != 22-24 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x16000000 ] - [ cmp gt reg 1 0x18000000 ] - -# esp sequence { 22, 24} -set%d test-inet 3 -set%d test-inet 0 - element 16000000 : 0 [end] element 18000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence { 22-25} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/esp.t.payload.ip b/tests/regression/inet/esp.t.payload.ip deleted file mode 100644 index 5a66b042..00000000 --- a/tests/regression/inet/esp.t.payload.ip +++ /dev/null @@ -1,93 +0,0 @@ -# esp spi 100 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x64000000 ] - -# esp spi != 100 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x64000000 ] - -# esp spi 111-222 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# esp spi != 111-222 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# esp spi { 100, 102} -set%d test-ip4 3 -set%d test-ip4 0 - element 64000000 : 0 [end] element 66000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp spi { 100-102} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# esp sequence 22-24 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x16000000 ] - [ cmp lte reg 1 0x18000000 ] - -# esp sequence != 22-24 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x16000000 ] - [ cmp gt reg 1 0x18000000 ] - -# esp sequence { 22, 24} -set%d test-ip4 3 -set%d test-ip4 0 - element 16000000 : 0 [end] element 18000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence { 22-25} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/esp.t.payload.ip6 b/tests/regression/inet/esp.t.payload.ip6 deleted file mode 100644 index 7c784262..00000000 --- a/tests/regression/inet/esp.t.payload.ip6 +++ /dev/null @@ -1,93 +0,0 @@ -# esp spi 100 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x64000000 ] - -# esp spi != 100 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x64000000 ] - -# esp spi 111-222 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x6f000000 ] - [ cmp lte reg 1 0xde000000 ] - -# esp spi != 111-222 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x6f000000 ] - [ cmp gt reg 1 0xde000000 ] - -# esp spi { 100, 102} -set%d test-ip6 3 -set%d test-ip6 0 - element 64000000 : 0 [end] element 66000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp spi { 100-102} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# esp sequence 22-24 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x16000000 ] - [ cmp lte reg 1 0x18000000 ] - -# esp sequence != 22-24 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x16000000 ] - [ cmp gt reg 1 0x18000000 ] - -# esp sequence { 22, 24} -set%d test-ip6 3 -set%d test-ip6 0 - element 16000000 : 0 [end] element 18000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# esp sequence { 22-25} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/ether-ip.t b/tests/regression/inet/ether-ip.t deleted file mode 100644 index 3726db45..00000000 --- a/tests/regression/inet/ether-ip.t +++ /dev/null @@ -1,5 +0,0 @@ -*inet;test-inet -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept -tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok diff --git a/tests/regression/inet/ether-ip.t.payload b/tests/regression/inet/ether-ip.t.payload deleted file mode 100644 index 62e37a59..00000000 --- a/tests/regression/inet/ether-ip.t.payload +++ /dev/null @@ -1,28 +0,0 @@ -# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 8b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00080411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] diff --git a/tests/regression/inet/ether.t b/tests/regression/inet/ether.t deleted file mode 100644 index 9d0f9729..00000000 --- a/tests/regression/inet/ether.t +++ /dev/null @@ -1,13 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -*bridge;test-bridge - -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 accept -tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept -tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept;ok - -ether saddr 00:0f:54:0c:11:04 accept;ok -ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4;ok diff --git a/tests/regression/inet/ether.t.payload b/tests/regression/inet/ether.t.payload deleted file mode 100644 index 86f30c37..00000000 --- a/tests/regression/inet/ether.t.payload +++ /dev/null @@ -1,55 +0,0 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 accept -inet test-inet input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 -inet test-inet input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - diff --git a/tests/regression/inet/ether.t.payload.bridge b/tests/regression/inet/ether.t.payload.bridge deleted file mode 100644 index 4a6bccbe..00000000 --- a/tests/regression/inet/ether.t.payload.bridge +++ /dev/null @@ -1,49 +0,0 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept -bridge test-bridge input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 accept -bridge test-bridge input - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 -bridge test-bridge input - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - diff --git a/tests/regression/inet/ether.t.payload.ip b/tests/regression/inet/ether.t.payload.ip deleted file mode 100644 index 2d33f0ce..00000000 --- a/tests/regression/inet/ether.t.payload.ip +++ /dev/null @@ -1,55 +0,0 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 accept -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - diff --git a/tests/regression/inet/ether.t.payload.ip6 b/tests/regression/inet/ether.t.payload.ip6 deleted file mode 100644 index 9065952d..00000000 --- a/tests/regression/inet/ether.t.payload.ip6 +++ /dev/null @@ -1,55 +0,0 @@ -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 meta nfproto ipv4 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# tcp dport 22 iiftype ether ether saddr 00:0f:54:0c:11:4 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 accept -ip6 test-ip6 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# ether saddr 00:0f:54:0c:11:04 meta nfproto ipv4 -ip6 test-ip6 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - diff --git a/tests/regression/inet/ip.t b/tests/regression/inet/ip.t deleted file mode 100644 index a56c5c97..00000000 --- a/tests/regression/inet/ip.t +++ /dev/null @@ -1,7 +0,0 @@ -*ip;test-ip4 -*inet;test-inet -*bridge;test-bridge - -:input;type filter hook input priority 0 - -ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe };ok diff --git a/tests/regression/inet/ip.t.payload.bridge b/tests/regression/inet/ip.t.payload.bridge deleted file mode 100644 index 606e3b34..00000000 --- a/tests/regression/inet/ip.t.payload.bridge +++ /dev/null @@ -1,11 +0,0 @@ -# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } -set%d test-bridge 3 -set%d test-bridge 0 - element 01010101 02020202 fecafeca 0000feca : 0 [end] -bridge test-bridge input - [ payload load 2b @ link header + 12 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 6b @ link header + 6 => reg 10 ] - [ lookup reg 1 set set%d ] diff --git a/tests/regression/inet/ip.t.payload.inet b/tests/regression/inet/ip.t.payload.inet deleted file mode 100644 index c8e9b054..00000000 --- a/tests/regression/inet/ip.t.payload.inet +++ /dev/null @@ -1,13 +0,0 @@ -# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } -set%d test-inet 3 -set%d test-inet 0 - element 01010101 02020202 fecafeca 0000feca : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 6b @ link header + 6 => reg 10 ] - [ lookup reg 1 set set%d ] diff --git a/tests/regression/inet/ip.t.payload.ip b/tests/regression/inet/ip.t.payload.ip deleted file mode 100644 index 66f14681..00000000 --- a/tests/regression/inet/ip.t.payload.ip +++ /dev/null @@ -1,11 +0,0 @@ -# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } -set%d test-ip4 3 -set%d test-ip4 0 - element 01010101 02020202 fecafeca 0000feca : 0 [end] -ip test-ip4 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 6b @ link header + 6 => reg 10 ] - [ lookup reg 1 set set%d ] diff --git a/tests/regression/inet/reject.t b/tests/regression/inet/reject.t deleted file mode 100644 index 52e7b28b..00000000 --- a/tests/regression/inet/reject.t +++ /dev/null @@ -1,35 +0,0 @@ -*inet;test-inet -:input;type filter hook input priority 0 - -# The output is specific for inet family -reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable -reject with icmp type net-unreachable;ok;meta nfproto ipv4 reject with icmp type net-unreachable -reject with icmp type prot-unreachable;ok;meta nfproto ipv4 reject with icmp type prot-unreachable -reject with icmp type port-unreachable;ok;meta nfproto ipv4 reject -reject with icmp type net-prohibited;ok;meta nfproto ipv4 reject with icmp type net-prohibited -reject with icmp type host-prohibited;ok;meta nfproto ipv4 reject with icmp type host-prohibited -reject with icmp type admin-prohibited;ok;meta nfproto ipv4 reject with icmp type admin-prohibited - -reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route -reject with icmpv6 type admin-prohibited;ok;meta nfproto ipv6 reject with icmpv6 type admin-prohibited -reject with icmpv6 type addr-unreachable;ok;meta nfproto ipv6 reject with icmpv6 type addr-unreachable -reject with icmpv6 type port-unreachable;ok;meta nfproto ipv6 reject - -reject with tcp reset;ok;meta l4proto 6 reject with tcp reset - -reject;ok -meta nfproto ipv4 reject;ok -meta nfproto ipv6 reject;ok - -reject with icmpx type host-unreachable;ok -reject with icmpx type no-route;ok -reject with icmpx type admin-prohibited;ok -reject with icmpx type port-unreachable;ok;reject - -meta nfproto ipv4 reject with icmp type host-unreachable;ok -meta nfproto ipv6 reject with icmpv6 type no-route;ok - -meta nfproto ipv6 reject with icmp type host-unreachable;fail -meta nfproto ipv4 ip protocol icmp reject with icmpv6 type no-route;fail -meta nfproto ipv6 ip protocol icmp reject with icmp type host-unreachable;fail -meta l4proto udp reject with tcp reset;fail diff --git a/tests/regression/inet/reject.t.payload.inet b/tests/regression/inet/reject.t.payload.inet deleted file mode 100644 index 5770330d..00000000 --- a/tests/regression/inet/reject.t.payload.inet +++ /dev/null @@ -1,220 +0,0 @@ -# reject with icmp type host-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 1 ] - -# reject with icmp type net-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 0 ] - -# reject with icmp type prot-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 13 ] - -# reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - -# reject with icmpv6 type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 1 ] - -# reject with icmpv6 type addr-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 3 ] - -# reject with icmpv6 type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with tcp reset -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ reject type 1 code 0 ] - -# reject -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# meta nfproto ipv6 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with icmpx type host-unreachable -inet test-inet input - [ reject type 2 code 2 ] - -# reject with icmpx type no-route -inet test-inet input - [ reject type 2 code 0 ] - -# reject with icmpx type admin-prohibited -inet test-inet input - [ reject type 2 code 3 ] - -# reject with icmpx type port-unreachable -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject with icmp type host-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 1 ] - -# meta nfproto ipv6 reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - -# reject with icmp type prot-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 13 ] - -# reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - -# reject with icmpv6 type admin-prohibited -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 1 ] - -# reject with icmpv6 type addr-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 3 ] - -# reject with icmpv6 type port-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with tcp reset -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ reject type 1 code 0 ] - -# reject -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 3 ] - -# meta nfproto ipv6 reject -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 4 ] - -# reject with icmpx type host-unreachable -inet test-inet input - [ reject type 2 code 2 ] - -# reject with icmpx type no-route -inet test-inet input - [ reject type 2 code 0 ] - -# reject with icmpx type admin-prohibited -inet test-inet input - [ reject type 2 code 3 ] - -# reject with icmpx type port-unreachable -inet test-inet input - [ reject type 2 code 1 ] - -# meta nfproto ipv4 reject with icmp type host-unreachable -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ reject type 0 code 1 ] - -# meta nfproto ipv6 reject with icmpv6 type no-route -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ reject type 0 code 0 ] - diff --git a/tests/regression/inet/sctp.t b/tests/regression/inet/sctp.t deleted file mode 100644 index 537a9b17..00000000 --- a/tests/regression/inet/sctp.t +++ /dev/null @@ -1,42 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -sctp sport 23;ok -sctp sport != 23;ok -sctp sport 23-44;ok -sctp sport != 23-44;ok -sctp sport { 23, 24, 25};ok -- sctp sport != { 23, 24, 25};ok -sctp sport { 23-44};ok -- sctp sport != { 23-44};ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -sctp dport 23;ok -sctp dport != 23;ok -sctp dport 23-44;ok -sctp dport != 23-44;ok -sctp dport { 23, 24, 25};ok -- sctp dport != { 23, 24, 25};ok -sctp dport { 23-44};ok -- sctp dport != { 23-44};ok - -sctp checksum 1111;ok -sctp checksum != 11;ok -sctp checksum 21-333;ok -sctp checksum != 32-111;ok -sctp checksum { 22, 33, 44};ok -- sctp checksum != { 22, 33, 44};ok -sctp checksum { 22-44};ok -- sctp checksum != { 22-44};ok - -sctp vtag 22;ok -sctp vtag != 233;ok -sctp vtag 33-45;ok -sctp vtag != 33-45;ok -sctp vtag {33, 55, 67, 88};ok -- sctp vtag != {33, 55, 67, 88};ok -sctp vtag { 33-55};ok -- sctp vtag != { 33-55};ok diff --git a/tests/regression/inet/sctp.t.payload.inet b/tests/regression/inet/sctp.t.payload.inet deleted file mode 100644 index dd6e2759..00000000 --- a/tests/regression/inet/sctp.t.payload.inet +++ /dev/null @@ -1,200 +0,0 @@ -# sctp sport 23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp sport != 23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp sport 23-44 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp sport != 23-44 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp sport { 23, 24, 25} -set%d test-inet 3 -set%d test-inet 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp sport { 23-44} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport 23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp dport != 23 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp dport 23-44 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp dport != 23-44 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp dport { 23, 24, 25} -set%d test-inet 3 -set%d test-inet 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport { 23-44} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum 1111 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x57040000 ] - -# sctp checksum != 11 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x0b000000 ] - -# sctp checksum 21-333 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x15000000 ] - [ cmp lte reg 1 0x4d010000 ] - -# sctp checksum != 32-111 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x20000000 ] - [ cmp gt reg 1 0x6f000000 ] - -# sctp checksum { 22, 33, 44} -set%d test-inet 3 -set%d test-inet 0 - element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum { 22-44} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# sctp vtag != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# sctp vtag 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# sctp vtag != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# sctp vtag {33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/sctp.t.payload.ip b/tests/regression/inet/sctp.t.payload.ip deleted file mode 100644 index 053d319e..00000000 --- a/tests/regression/inet/sctp.t.payload.ip +++ /dev/null @@ -1,200 +0,0 @@ -# sctp sport 23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp sport != 23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp sport 23-44 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp sport != 23-44 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp sport { 23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp sport { 23-44} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport 23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp dport != 23 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp dport 23-44 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp dport != 23-44 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp dport { 23, 24, 25} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport { 23-44} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum 1111 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x57040000 ] - -# sctp checksum != 11 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x0b000000 ] - -# sctp checksum 21-333 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x15000000 ] - [ cmp lte reg 1 0x4d010000 ] - -# sctp checksum != 32-111 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x20000000 ] - [ cmp gt reg 1 0x6f000000 ] - -# sctp checksum { 22, 33, 44} -set%d test-ip4 3 -set%d test-ip4 0 - element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum { 22-44} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# sctp vtag != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# sctp vtag 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# sctp vtag != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# sctp vtag {33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/sctp.t.payload.ip6 b/tests/regression/inet/sctp.t.payload.ip6 deleted file mode 100644 index eae6fa94..00000000 --- a/tests/regression/inet/sctp.t.payload.ip6 +++ /dev/null @@ -1,200 +0,0 @@ -# sctp sport 23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp sport != 23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp sport 23-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp sport != 23-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp sport { 23, 24, 25} -set%d test-ip6 3 -set%d test-ip6 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp sport { 23-44} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport 23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001700 ] - -# sctp dport != 23 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00001700 ] - -# sctp dport 23-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00001700 ] - [ cmp lte reg 1 0x00002c00 ] - -# sctp dport != 23-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002c00 ] - -# sctp dport { 23, 24, 25} -set%d test-ip6 3 -set%d test-ip6 0 - element 00001700 : 0 [end] element 00001800 : 0 [end] element 00001900 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp dport { 23-44} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00001700 : 0 [end] element 00002d00 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum 1111 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x57040000 ] - -# sctp checksum != 11 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0x0b000000 ] - -# sctp checksum 21-333 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x15000000 ] - [ cmp lte reg 1 0x4d010000 ] - -# sctp checksum != 32-111 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x20000000 ] - [ cmp gt reg 1 0x6f000000 ] - -# sctp checksum { 22, 33, 44} -set%d test-ip6 3 -set%d test-ip6 0 - element 16000000 : 0 [end] element 21000000 : 0 [end] element 2c000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp checksum { 22-44} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 16000000 : 0 [end] element 2d000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# sctp vtag != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# sctp vtag 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# sctp vtag != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# sctp vtag {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# sctp vtag { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/tcp.t b/tests/regression/inet/tcp.t deleted file mode 100644 index 53a16898..00000000 --- a/tests/regression/inet/tcp.t +++ /dev/null @@ -1,105 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -tcp dport 22;ok -tcp dport != 233;ok -tcp dport 33-45;ok -tcp dport != 33-45;ok -tcp dport { 33, 55, 67, 88};ok -- tcp dport != { 33, 55, 67, 88};ok -tcp dport { 33-55};ok -- tcp dport != { 33-55};ok -tcp dport {telnet, http, https} accept;ok;tcp dport { 443, 23, 80} accept -tcp dport vmap { 22 : accept, 23 : drop };ok -tcp dport vmap { 25:accept, 28:drop };ok -tcp dport { 22, 53, 80, 110 };ok -- tcp dport != { 22, 53, 80, 110 };ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -tcp sport 22;ok -tcp sport != 233;ok -tcp sport 33-45;ok -tcp sport != 33-45;ok -tcp sport { 33, 55, 67, 88};ok -- tcp sport != { 33, 55, 67, 88};ok -tcp sport { 33-55};ok -- tcp sport != { 33-55};ok -tcp sport vmap { 25:accept, 28:drop };ok - -tcp sport 8080 drop;ok -tcp sport 1024 tcp dport 22;ok -tcp sport 1024 tcp dport 22 tcp sequence 0;ok - -tcp sequence 0 tcp sport 1024 tcp dport 22;ok;tcp sport 1024 tcp dport 22 tcp sequence 0 -tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22;ok - -tcp sequence 22;ok -tcp sequence != 233;ok -tcp sequence 33-45;ok -tcp sequence != 33-45;ok -tcp sequence { 33, 55, 67, 88};ok -- tcp sequence != { 33, 55, 67, 88};ok -tcp sequence { 33-55};ok -- tcp sequence != { 33-55};ok - -tcp ackseq 42949672 drop;ok -tcp ackseq 22;ok -tcp ackseq != 233;ok -tcp ackseq 33-45;ok -tcp ackseq != 33-45;ok -tcp ackseq { 33, 55, 67, 88};ok -- tcp ackseq != { 33, 55, 67, 88};ok -tcp ackseq { 33-55};ok -- tcp ackseq != { 33-55};ok - -- tcp doff 22;ok -- tcp doff != 233;ok -- tcp doff 33-45;ok -- tcp doff != 33-45;ok -- tcp doff { 33, 55, 67, 88};ok -- tcp doff != { 33, 55, 67, 88};ok -- tcp doff { 33-55};ok -- tcp doff != { 33-55};ok - -# BUG reserved -# BUG: It is accepted but it is not shown then. tcp reserver - -tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop;ok -- tcp flags != { fin, urg, ecn, cwr} drop;ok -tcp flags cwr;ok -tcp flags != cwr;ok - -tcp window 22222;ok -tcp window 22;ok -tcp window != 233;ok -tcp window 33-45;ok -tcp window != 33-45;ok -tcp window { 33, 55, 67, 88};ok -- tcp window != { 33, 55, 67, 88};ok -tcp window { 33-55};ok -- tcp window != { 33-55};ok - -tcp checksum 23456 log drop;ok -tcp checksum 22;ok -tcp checksum != 233;ok -tcp checksum 33-45;ok -tcp checksum != 33-45;ok -tcp checksum { 33, 55, 67, 88};ok -- tcp checksum != { 33, 55, 67, 88};ok -tcp checksum { 33-55};ok -- tcp checksum != { 33-55};ok - -tcp urgptr 1234 accept;ok -tcp urgptr 22;ok -tcp urgptr != 233;ok -tcp urgptr 33-45;ok -tcp urgptr != 33-45;ok -tcp urgptr { 33, 55, 67, 88};ok -- tcp urgptr != { 33, 55, 67, 88};ok -tcp urgptr { 33-55};ok -- tcp urgptr != { 33-55};ok - -tcp doff 8;ok diff --git a/tests/regression/inet/tcp.t.payload.inet b/tests/regression/inet/tcp.t.payload.inet deleted file mode 100644 index 21b21abc..00000000 --- a/tests/regression/inet/tcp.t.payload.inet +++ /dev/null @@ -1,508 +0,0 @@ -# tcp dport 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp dport != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp dport 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp dport != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp dport { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport {telnet, http, https} accept -set%d test-inet 3 -set%d test-inet 0 - element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# tcp dport vmap { 22 : accept, 23 : drop } -map%d test-inet b -map%d test-inet 0 - element 00001600 : 0 [end] element 00001700 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport vmap { 25:accept, 28:drop } -map%d test-inet b -map%d test-inet 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport { 22, 53, 80, 110 } -set%d test-inet 3 -set%d test-inet 0 - element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp sport != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp sport 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp sport != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp sport { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport vmap { 25:accept, 28:drop } -map%d test-inet b -map%d test-inet 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp sport 8080 drop -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000901f ] - [ immediate reg 0 drop ] - -# tcp sport 1024 tcp dport 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 ] - -# tcp sport 1024 tcp dport 22 tcp sequence 0 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport 1024 tcp dport 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 -set%d test-inet 3 -set%d test-inet 0 - element 00000004 : 0 [end] element 0000fe03 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ payload load 6b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 0x00000000 ] - -# tcp sequence 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp sequence != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp sequence 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp sequence != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp sequence { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sequence { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq 42949672 drop -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x285c8f02 ] - [ immediate reg 0 drop ] - -# tcp ackseq 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp ackseq != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp ackseq 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp ackseq != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp ackseq { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop -set%d test-inet 3 -set%d test-inet 0 - element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# tcp flags cwr -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# tcp flags != cwr -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ cmp neq reg 1 0x00000080 ] - -# tcp window 22222 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x0000ce56 ] - -# tcp window 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp window != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp window 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp window != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp window { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp window { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum 23456 log drop -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x0000a05b ] - [ log prefix (null) ] - [ immediate reg 0 drop ] - -# tcp checksum 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp checksum != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp checksum 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp checksum != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp checksum { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr 1234 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 0 accept ] - -# tcp urgptr 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp urgptr != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp urgptr 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp urgptr != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp urgptr { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp doff 8 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000080 ] - diff --git a/tests/regression/inet/tcp.t.payload.ip b/tests/regression/inet/tcp.t.payload.ip deleted file mode 100644 index 34c97143..00000000 --- a/tests/regression/inet/tcp.t.payload.ip +++ /dev/null @@ -1,508 +0,0 @@ -# tcp dport 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp dport != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp dport 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp dport != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp dport { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport {telnet, http, https} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# tcp dport vmap { 22 : accept, 23 : drop } -map%d test-ip4 b -map%d test-ip4 0 - element 00001600 : 0 [end] element 00001700 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport vmap { 25:accept, 28:drop } -map%d test-ip4 b -map%d test-ip4 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport { 22, 53, 80, 110 } -set%d test-ip4 3 -set%d test-ip4 0 - element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp sport != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp sport 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp sport != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp sport { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport vmap { 25:accept, 28:drop } -map%d test-ip4 b -map%d test-ip4 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp sport 8080 drop -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000901f ] - [ immediate reg 0 drop ] - -# tcp sport 1024 tcp dport 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 ] - -# tcp sport 1024 tcp dport 22 tcp sequence 0 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport 1024 tcp dport 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 -set%d test-ip4 3 -set%d test-ip4 0 - element 00000004 : 0 [end] element 0000fe03 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ payload load 6b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 0x00000000 ] - -# tcp sequence 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp sequence != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp sequence 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp sequence != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp sequence { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sequence { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq 42949672 drop -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x285c8f02 ] - [ immediate reg 0 drop ] - -# tcp ackseq 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp ackseq != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp ackseq 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp ackseq != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp ackseq { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# tcp flags cwr -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# tcp flags != cwr -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ cmp neq reg 1 0x00000080 ] - -# tcp window 22222 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x0000ce56 ] - -# tcp window 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp window != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp window 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp window != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp window { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp window { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum 23456 log drop -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x0000a05b ] - [ log prefix (null) ] - [ immediate reg 0 drop ] - -# tcp checksum 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp checksum != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp checksum 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp checksum != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr 1234 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 0 accept ] - -# tcp urgptr 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp urgptr != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp urgptr 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp urgptr != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp urgptr { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp doff 8 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000080 ] - diff --git a/tests/regression/inet/tcp.t.payload.ip6 b/tests/regression/inet/tcp.t.payload.ip6 deleted file mode 100644 index 44decab4..00000000 --- a/tests/regression/inet/tcp.t.payload.ip6 +++ /dev/null @@ -1,508 +0,0 @@ -# tcp dport 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp dport != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp dport 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp dport != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp dport { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp dport {telnet, http, https} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 00001700 : 0 [end] element 00005000 : 0 [end] element 0000bb01 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# tcp dport vmap { 22 : accept, 23 : drop } -map%d test-ip6 b -map%d test-ip6 0 - element 00001600 : 0 [end] element 00001700 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport vmap { 25:accept, 28:drop } -map%d test-ip6 b -map%d test-ip6 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp dport { 22, 53, 80, 110 } -set%d test-ip6 3 -set%d test-ip6 0 - element 00001600 : 0 [end] element 00003500 : 0 [end] element 00005000 : 0 [end] element 00006e00 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp sport != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp sport 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp sport != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp sport { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sport vmap { 25:accept, 28:drop } -map%d test-ip6 b -map%d test-ip6 0 - element 00001900 : 0 [end] element 00001c00 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# tcp sport 8080 drop -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000901f ] - [ immediate reg 0 drop ] - -# tcp sport 1024 tcp dport 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 ] - -# tcp sport 1024 tcp dport 22 tcp sequence 0 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport 1024 tcp dport 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 8b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x16000004 0x00000000 ] - -# tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22 -set%d test-ip6 3 -set%d test-ip6 0 - element 00000004 : 0 [end] element 0000fe03 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ payload load 6b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 0x00000000 ] - -# tcp sequence 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp sequence != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp sequence 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp sequence != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp sequence { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp sequence { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq 42949672 drop -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x285c8f02 ] - [ immediate reg 0 drop ] - -# tcp ackseq 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# tcp ackseq != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# tcp ackseq 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# tcp ackseq != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# tcp ackseq { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp ackseq { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 4b @ transport header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop -set%d test-ip6 3 -set%d test-ip6 0 - element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000010 : 0 [end] element 00000020 : 0 [end] element 00000040 : 0 [end] element 00000080 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# tcp flags cwr -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00000080 ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - -# tcp flags != cwr -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 13 => reg 1 ] - [ cmp neq reg 1 0x00000080 ] - -# tcp window 22222 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x0000ce56 ] - -# tcp window 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp window != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp window 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp window != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp window { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp window { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 14 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum 23456 log drop -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x0000a05b ] - [ log prefix (null) ] - [ immediate reg 0 drop ] - -# tcp checksum 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp checksum != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp checksum 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp checksum != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp checksum { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp checksum { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr 1234 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 0 accept ] - -# tcp urgptr 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# tcp urgptr != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# tcp urgptr 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# tcp urgptr != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# tcp urgptr { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp urgptr { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 18 => reg 1 ] - [ lookup reg 1 set set%d ] - -# tcp doff 8 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 1b @ transport header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000080 ] - diff --git a/tests/regression/inet/udp.t b/tests/regression/inet/udp.t deleted file mode 100644 index 58f4002d..00000000 --- a/tests/regression/inet/udp.t +++ /dev/null @@ -1,49 +0,0 @@ -*ip;test-ip4 -*ip;test-ip6 -*ip;test-inet -:input;type filter hook input priority 0 - -udp sport 80 accept;ok -udp sport != 60 accept;ok -udp sport 50-70 accept;ok -udp sport != 50-60 accept;ok -udp sport { 49, 50} drop;ok -- udp sport != { 50, 60} accept;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. -udp sport { 12-40};ok -- udp sport != { 13-24};ok - -udp dport 80 accept;ok -udp dport != 60 accept;ok -udp dport 70-75 accept;ok -udp dport != 50-60 accept;ok -udp dport { 49, 50} drop;ok -- udp dport != { 50, 60} accept;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. -udp dport { 70-75} accept;ok -- udp dport != { 50-60} accept;ok - -udp length 6666;ok -udp length != 6666;ok -udp length 50-65 accept;ok -udp length != 50-65 accept;ok -udp length { 50, 65} accept;ok -- udp length != { 50, 65} accept;ok -udp length { 35-50};ok -- udp length != { 35-50};ok - -udp checksum 6666 drop;ok -- udp checksum != { 444, 555} accept;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -udp checksum 22;ok -udp checksum != 233;ok -udp checksum 33-45;ok -udp checksum != 33-45;ok -udp checksum { 33, 55, 67, 88};ok -- udp checksum != { 33, 55, 67, 88};ok -udp checksum { 33-55};ok -- udp checksum != { 33-55};ok diff --git a/tests/regression/inet/udp.t.payload.ip b/tests/regression/inet/udp.t.payload.ip deleted file mode 100644 index b3ec24b2..00000000 --- a/tests/regression/inet/udp.t.payload.ip +++ /dev/null @@ -1,222 +0,0 @@ -# udp sport 80 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udp sport != 60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udp sport 50-70 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00003200 ] - [ cmp lte reg 1 0x00004600 ] - [ immediate reg 0 accept ] - -# udp sport != 50-60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udp sport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udp sport { 12-40} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udp dport 80 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udp dport != 60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udp dport 70-75 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004600 ] - [ cmp lte reg 1 0x00004b00 ] - [ immediate reg 0 accept ] - -# udp dport != 50-60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udp dport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udp dport { 70-75} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# udp length 6666 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000a1a ] - -# udp length != 6666 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x00000a1a ] - -# udp length 50-65 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x00003200 ] - [ cmp lte reg 1 0x00004100 ] - [ immediate reg 0 accept ] - -# udp length != 50-65 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00004100 ] - [ immediate reg 0 accept ] - -# udp length { 50, 65} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00003200 : 0 [end] element 00004100 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# udp length { 35-50} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002300 : 0 [end] element 00003300 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udp checksum 6666 drop -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000a1a ] - [ immediate reg 0 drop ] - -# udp checksum 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# udp checksum != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# udp checksum 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# udp checksum != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# udp checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udp checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/udplite.t b/tests/regression/inet/udplite.t deleted file mode 100644 index 9420ab45..00000000 --- a/tests/regression/inet/udplite.t +++ /dev/null @@ -1,42 +0,0 @@ -*ip;test-ip4 -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -udplite sport 80 accept;ok -udplite sport != 60 accept;ok -udplite sport 50-70 accept;ok -udplite sport != 50-60 accept;ok -udplite sport { 49, 50} drop;ok -- udplite sport != { 50, 60} accept;ok -udplite sport { 12-40};ok -- udplite sport != { 13-24};ok - -udplite dport 80 accept;ok -udplite dport != 60 accept;ok -udplite dport 70-75 accept;ok -udplite dport != 50-60 accept;ok -udplite dport { 49, 50} drop;ok -- udplite dport != { 50, 60} accept;ok -udplite dport { 70-75} accept;ok -- udplite dport != { 50-60} accept;ok - -- udplite csumcov 6666;ok -- udplite csumcov != 6666;ok -- udplite csumcov 50-65 accept;ok -- udplite csumcov != 50-65 accept;ok -- udplite csumcov { 50, 65} accept;ok -- udplite csumcov != { 50, 65} accept;ok -- udplite csumcov { 35-50};ok -- udplite csumcov != { 35-50};ok - -udplite checksum 6666 drop;ok -- udplite checksum != { 444, 555} accept;ok -udplite checksum 22;ok -udplite checksum != 233;ok -udplite checksum 33-45;ok -udplite checksum != 33-45;ok -udplite checksum { 33, 55, 67, 88};ok -- udplite checksum != { 33, 55, 67, 88};ok -udplite checksum { 33-55};ok -- udplite checksum != { 33-55};ok diff --git a/tests/regression/inet/udplite.t.payload.inet b/tests/regression/inet/udplite.t.payload.inet deleted file mode 100644 index 4c57239f..00000000 --- a/tests/regression/inet/udplite.t.payload.inet +++ /dev/null @@ -1,169 +0,0 @@ -# udplite sport 80 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite sport != 60 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport 50-70 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00003200 ] - [ cmp lte reg 1 0x00004600 ] - [ immediate reg 0 accept ] - -# udplite sport != 50-60 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite sport { 12-40} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite dport 80 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite dport != 60 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport 70-75 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004600 ] - [ cmp lte reg 1 0x00004b00 ] - [ immediate reg 0 accept ] - -# udplite dport != 50-60 accept -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite dport { 70-75} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# udplite checksum 6666 drop -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000a1a ] - [ immediate reg 0 drop ] - -# udplite checksum 22 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# udplite checksum != 233 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# udplite checksum 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# udplite checksum != 33-45 -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# udplite checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load l4proto => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/udplite.t.payload.ip b/tests/regression/inet/udplite.t.payload.ip deleted file mode 100644 index e870c701..00000000 --- a/tests/regression/inet/udplite.t.payload.ip +++ /dev/null @@ -1,169 +0,0 @@ -# udplite sport 80 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite sport != 60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport 50-70 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00003200 ] - [ cmp lte reg 1 0x00004600 ] - [ immediate reg 0 accept ] - -# udplite sport != 50-60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite sport { 12-40} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite dport 80 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite dport != 60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport 70-75 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004600 ] - [ cmp lte reg 1 0x00004b00 ] - [ immediate reg 0 accept ] - -# udplite dport != 50-60 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite dport { 70-75} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# udplite checksum 6666 drop -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000a1a ] - [ immediate reg 0 drop ] - -# udplite checksum 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# udplite checksum != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# udplite checksum 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# udplite checksum != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# udplite checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/inet/udplite.t.payload.ip6 b/tests/regression/inet/udplite.t.payload.ip6 deleted file mode 100644 index 2d318854..00000000 --- a/tests/regression/inet/udplite.t.payload.ip6 +++ /dev/null @@ -1,169 +0,0 @@ -# udplite sport 80 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite sport != 60 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport 50-70 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp gte reg 1 0x00003200 ] - [ cmp lte reg 1 0x00004600 ] - [ immediate reg 0 accept ] - -# udplite sport != 50-60 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite sport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite sport { 12-40} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000c00 : 0 [end] element 00002900 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite dport 80 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00005000 ] - [ immediate reg 0 accept ] - -# udplite dport != 60 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport 70-75 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004600 ] - [ cmp lte reg 1 0x00004b00 ] - [ immediate reg 0 accept ] - -# udplite dport != 50-60 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00003200 ] - [ cmp gt reg 1 0x00003c00 ] - [ immediate reg 0 accept ] - -# udplite dport { 49, 50} drop -set%d test-ip4 3 -set%d test-ip4 0 - element 00003100 : 0 [end] element 00003200 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 drop ] - -# udplite dport { 70-75} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004600 : 0 [end] element 00004c00 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# udplite checksum 6666 drop -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000a1a ] - [ immediate reg 0 drop ] - -# udplite checksum 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# udplite checksum != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# udplite checksum 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# udplite checksum != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# udplite checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# udplite checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip/chains.t b/tests/regression/ip/chains.t deleted file mode 100644 index 8edf62b5..00000000 --- a/tests/regression/ip/chains.t +++ /dev/null @@ -1,15 +0,0 @@ -*ip;test-ip4 - -# filter chains available are: input, output, forward, prerouting, postrouting -:filter-input;type filter hook input priority 0 -:filter-pre;type filter hook prerouting priority 0 -:filter-forw;type filter hook forward priority 0 -:filter-out;type filter hook output priority 0 -:filter-post;type filter hook postrouting priority 0 -# nat chains available are: input, output, prerouting, postrouting -:nat-input-t;type nat hook input priority 0 -:nat-pre-t;type nat hook prerouting priority 0 -:nat-out-t;type nat hook output priority 0 -:nat-post-t;type nat hook postrouting priority 0 -# route chain available are: output -:route-out-t;type route hook output priority 0 diff --git a/tests/regression/ip/dnat.t b/tests/regression/ip/dnat.t deleted file mode 100644 index cdb78116..00000000 --- a/tests/regression/ip/dnat.t +++ /dev/null @@ -1,15 +0,0 @@ -*ip;test-ip4 -:prerouting;type nat hook prerouting priority 0 - -iifname "eth0" tcp dport 80-90 dnat 192.168.3.2;ok -iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2;ok -iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2;ok - -dnat ct mark map { 0x00000014 : 1.2.3.4};ok -dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok diff --git a/tests/regression/ip/dnat.t.payload.ip b/tests/regression/ip/dnat.t.payload.ip deleted file mode 100644 index 026e8719..00000000 --- a/tests/regression/ip/dnat.t.payload.ip +++ /dev/null @@ -1,69 +0,0 @@ -# iifname "eth0" tcp dport 80-90 dnat 192.168.3.2 -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2 -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00005000 ] - [ cmp gt reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2 -set%d test-ip4 3 -set%d test-ip4 0 - element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2 -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002200 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# dnat ct mark map { 0x00000014 : 1.2.3.4} -map%d test-ip4 b -map%d test-ip4 0 - element 00000014 : 04030201 0 [end] -ip test-ip4 prerouting - [ ct load mark => reg 1 ] - [ lookup reg 1 set map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} -map%d test-ip4 b -map%d test-ip4 0 - element 00000014 01010101 : 04030201 0 [end] -ip test-ip4 output - [ ct load mark => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ lookup reg 1 set map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - diff --git a/tests/regression/ip/dup.t b/tests/regression/ip/dup.t deleted file mode 100644 index 9320d546..00000000 --- a/tests/regression/ip/dup.t +++ /dev/null @@ -1,6 +0,0 @@ -*ip;test-ip4 -:input;type filter hook input priority 0 - -dup to 192.168.2.1;ok -dup to 192.168.2.1 device eth0;ok -dup to ip saddr map { 192.168.2.120 : 192.168.2.1 } device eth0;ok diff --git a/tests/regression/ip/dup.t.payload b/tests/regression/ip/dup.t.payload deleted file mode 100644 index 7928d5d5..00000000 --- a/tests/regression/ip/dup.t.payload +++ /dev/null @@ -1,21 +0,0 @@ -# dup to 192.168.2.1 -ip test-ip4 test - [ immediate reg 1 0x0102a8c0 ] - [ dup sreg_addr 1 ] - -# dup to 192.168.2.1 device eth0 -ip test-ip4 test - [ immediate reg 1 0x0102a8c0 ] - [ immediate reg 2 0x00000002 ] - [ dup sreg_addr 1 sreg_dev 2 ] - -# dup to ip saddr map { 192.168.2.120 : 192.168.2.1 } device eth0 -map%d test-ip4 b -map%d test-ip4 0 - element 7802a8c0 : 0102a8c0 0 [end] -ip test-ip4 test - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set map%d dreg 1 ] - [ immediate reg 2 0x00000002 ] - [ dup sreg_addr 1 sreg_dev 2 ] - diff --git a/tests/regression/ip/ether.t b/tests/regression/ip/ether.t deleted file mode 100644 index 4d30f51c..00000000 --- a/tests/regression/ip/ether.t +++ /dev/null @@ -1,8 +0,0 @@ -*ip;test-ip - -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 accept -tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok -tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok -ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok diff --git a/tests/regression/ip/ether.t.payload b/tests/regression/ip/ether.t.payload deleted file mode 100644 index 0d234dab..00000000 --- a/tests/regression/ip/ether.t.payload +++ /dev/null @@ -1,50 +0,0 @@ -# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept -ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 -ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - -# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 -ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - -# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept -ip test-ip input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ immediate reg 0 accept ] - diff --git a/tests/regression/ip/icmp.t b/tests/regression/ip/icmp.t deleted file mode 100644 index bd00f5ca..00000000 --- a/tests/regression/ip/icmp.t +++ /dev/null @@ -1,93 +0,0 @@ -*ip;test-ip4 -# BUG: There is a bug with icmp protocol and inet family. -# *inet;test-inet -:input;type filter hook input priority 0 - -icmp type echo-reply accept;ok -icmp type destination-unreachable accept;ok -icmp type source-quench accept;ok -icmp type redirect accept;ok -icmp type echo-request accept;ok -icmp type time-exceeded accept;ok -icmp type parameter-problem accept;ok -icmp type timestamp-request accept;ok -icmp type timestamp-reply accept;ok -icmp type info-request accept;ok -icmp type info-reply accept;ok -icmp type address-mask-request accept;ok -icmp type address-mask-reply accept;ok -icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept;ok -- icmp type != {echo-reply, destination-unreachable, source-quench};ok -# BUG: icmp type != {echo-reply, destination-unreachable, source-quench} -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp code 111 accept;ok -icmp code != 111 accept;ok -icmp code 33-55;ok -icmp code != 33-55;ok -icmp code { 33-55};ok -- icmp code != { 33-55};ok -icmp code { 2, 4, 54, 33, 56};ok -- icmp code != { 2, 4, 54, 33, 56};ok -# $ sudo nft add rule ip test input icmp code != {2, 4, 54, 33, 56} -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp checksum 12343 accept;ok -icmp checksum != 12343 accept;ok -icmp checksum 11-343 accept;ok -icmp checksum != 11-343 accept;ok -icmp checksum { 11-343} accept;ok -- icmp checksum != { 11-343} accept;ok -icmp checksum { 1111, 222, 343} accept;ok -- icmp checksum != { 1111, 222, 343} accept;ok -# BUG: invalid expression type set -# icmp checksum != { 1111, 222, 343} accept;ok -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp id 1245 log;ok -icmp id 22;ok -icmp id != 233;ok -icmp id 33-45;ok -icmp id != 33-45;ok -icmp id { 33-55};ok -- icmp id != { 33-55};ok -icmp id { 22, 34, 333};ok -- icmp id != { 22, 34, 333};ok -# BUG: invalid expression type set -# icmp id != { 22, 34, 333} -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp sequence 22;ok -icmp sequence != 233;ok -icmp sequence 33-45;ok -icmp sequence != 33-45;ok -icmp sequence { 33, 55, 67, 88};ok -- icmp sequence != { 33, 55, 67, 88};ok -icmp sequence { 33-55};ok -- icmp sequence != { 33-55};ok - -icmp mtu 33;ok -icmp mtu 22-33;ok -icmp mtu { 22-33};ok -- icmp mtu != { 22-33};ok -icmp mtu 22;ok -icmp mtu != 233;ok -icmp mtu 33-45;ok -icmp mtu != 33-45;ok -icmp mtu { 33, 55, 67, 88};ok -- icmp mtu != { 33, 55, 67, 88};ok -icmp mtu { 33-55};ok -- icmp mtu != { 33-55};ok - -icmp gateway 22;ok -icmp gateway != 233;ok -icmp gateway 33-45;ok -icmp gateway != 33-45;ok -icmp gateway { 33, 55, 67, 88};ok -- icmp gateway != { 33, 55, 67, 88};ok -icmp gateway { 33-55};ok -- icmp gateway != { 33-55};ok -icmp gateway != 34;ok -- icmp gateway != { 333, 334};ok diff --git a/tests/regression/ip/icmp.t.payload.ip b/tests/regression/ip/icmp.t.payload.ip deleted file mode 100644 index a6071a65..00000000 --- a/tests/regression/ip/icmp.t.payload.ip +++ /dev/null @@ -1,463 +0,0 @@ -# icmp type echo-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - [ immediate reg 0 accept ] - -# icmp type destination-unreachable accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000003 ] - [ immediate reg 0 accept ] - -# icmp type source-quench accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] - [ immediate reg 0 accept ] - -# icmp type redirect accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000005 ] - [ immediate reg 0 accept ] - -# icmp type echo-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ immediate reg 0 accept ] - -# icmp type time-exceeded accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000b ] - [ immediate reg 0 accept ] - -# icmp type parameter-problem accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000c ] - [ immediate reg 0 accept ] - -# icmp type timestamp-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000d ] - [ immediate reg 0 accept ] - -# icmp type timestamp-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000e ] - [ immediate reg 0 accept ] - -# icmp type info-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000f ] - [ immediate reg 0 accept ] - -# icmp type info-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000010 ] - [ immediate reg 0 accept ] - -# icmp type address-mask-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ immediate reg 0 accept ] - -# icmp type address-mask-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000012 ] - [ immediate reg 0 accept ] - -# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000000 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000008 : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] element 0000000d : 0 [end] element 0000000e : 0 [end] element 0000000f : 0 [end] element 00000010 : 0 [end] element 00000011 : 0 [end] element 00000012 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmp code 111 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x0000006f ] - [ immediate reg 0 accept ] - -# icmp code != 111 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp neq reg 1 0x0000006f ] - [ immediate reg 0 accept ] - -# icmp code 33-55 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x00000037 ] - -# icmp code != 33-55 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x00000037 ] - -# icmp code { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp code { 2, 4, 54, 33, 56} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000036 : 0 [end] element 00000021 : 0 [end] element 00000038 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp checksum 12343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003730 ] - [ immediate reg 0 accept ] - -# icmp checksum != 12343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003730 ] - [ immediate reg 0 accept ] - -# icmp checksum 11-343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00000b00 ] - [ cmp lte reg 1 0x00005701 ] - [ immediate reg 0 accept ] - -# icmp checksum != 11-343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00000b00 ] - [ cmp gt reg 1 0x00005701 ] - [ immediate reg 0 accept ] - -# icmp checksum { 11-343} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmp checksum { 1111, 222, 343} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmp id 1245 log -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x0000dd04 ] - [ log prefix (null) ] - -# icmp id 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# icmp id != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# icmp id 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmp id != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmp id { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp id { 22, 34, 333} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001600 : 0 [end] element 00002200 : 0 [end] element 00004d01 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp sequence 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# icmp sequence != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# icmp sequence 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmp sequence != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmp sequence { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp sequence { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp mtu 33 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00002100 ] - -# icmp mtu 22-33 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00001600 ] - [ cmp lte reg 1 0x00002100 ] - -# icmp mtu { 22-33} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp mtu 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# icmp mtu != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# icmp mtu 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmp mtu != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmp mtu { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp mtu { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp gateway 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# icmp gateway != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# icmp gateway 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# icmp gateway != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# icmp gateway { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp gateway { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp gateway != 34 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x22000000 ] - diff --git a/tests/regression/ip/ip.t b/tests/regression/ip/ip.t deleted file mode 100644 index 0339c2ac..00000000 --- a/tests/regression/ip/ip.t +++ /dev/null @@ -1,117 +0,0 @@ -*ip;test-ip4 -*inet;test-inet -:input;type filter hook input priority 0 - -- ip version 2;ok - -# bug ip hdrlength -- ip hdrlength 10;ok -- ip hdrlength != 5;ok -- ip hdrlength 5-8;ok -- ip hdrlength != 3-13;ok -- ip hdrlength {3, 5, 6, 8};ok -- ip hdrlength != {3, 5, 7, 8};ok -- ip hdrlength { 3-5};ok -- ip hdrlength != { 3-59};ok -# ip hdrlength 12 -# :1:1-38: Error: Could not process rule: Invalid argument -# add rule ip test input ip hdrlength 12 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -# :1:37-38: Error: Value 22 exceeds valid range 0-15 -# add rule ip test input ip hdrlength 22 - -- ip dscp CS1;ok -- ip dscp != CS1;ok -- ip dscp 0x38;ok -- ip dscp != 0x20;ok -- ip dscp {CS1, CS2, CS3, CS4, CS5, CS6, CS7, BE, AF11, AF12, AF13, AF21, AF22, AF23, AF31, AF32, AF33, AF41, AF42, AF43, EF};ok -- ip dscp {0x08, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x00, 0x0a, 0x0c, 0x0e, 0x12, 0x14, 0x16, 0x1a, 0x1c, 0x1e, 0x22, 0x24, 0x26, 0x2e};ok -- ip dscp != {CS0, CS3};ok - -ip length 232;ok -ip length != 233;ok -ip length 333-435;ok -ip length != 333-453;ok -ip length { 333, 553, 673, 838};ok -- ip length != { 333, 535, 637, 883};ok -ip length { 333-535};ok -- ip length != { 333-553};ok - -ip id 22;ok -ip id != 233;ok -ip id 33-45;ok -ip id != 33-45;ok -ip id { 33, 55, 67, 88};ok -- ip id != { 33, 55, 67, 88};ok -ip id { 33-55};ok -- ip id != { 33-55};ok - -ip frag-off 222 accept;ok -ip frag-off != 233;ok -ip frag-off 33-45;ok -ip frag-off != 33-45;ok -ip frag-off { 33, 55, 67, 88};ok -- ip frag-off != { 33, 55, 67, 88};ok -ip frag-off { 33-55};ok -- ip frag-off != { 33-55};ok - -ip ttl 0 drop;ok -ip ttl 233 log;ok -ip ttl 33-55;ok -ip ttl != 45-50;ok -ip ttl {43, 53, 45 };ok -- ip ttl != {46, 56, 93 };ok -# BUG: ip ttl != {46, 56, 93 };ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. -ip ttl { 33-55};ok -- ip ttl != { 33-55};ok - -ip protocol tcp log;ok;ip protocol 6 log -ip protocol != tcp log;ok;ip protocol != 6 log -ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept -- ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok - -ip checksum 13172 drop;ok -ip checksum 22;ok -ip checksum != 233;ok -ip checksum 33-45;ok -ip checksum != 33-45;ok -ip checksum { 33, 55, 67, 88};ok -- ip checksum != { 33, 55, 67, 88};ok -ip checksum { 33-55};ok -- ip checksum != { 33-55};ok - -ip saddr 192.168.2.0/24;ok -ip saddr != 192.168.2.0/24;ok -ip saddr 192.168.3.1 ip daddr 192.168.3.100;ok -ip saddr != 1.1.1.1 log prefix giuseppe;ok;ip saddr != 1.1.1.1 log prefix "giuseppe" -ip saddr 1.1.1.1 log prefix example group 1;ok;ip saddr 1.1.1.1 log prefix "example" group 1 -ip daddr 192.168.0.1-192.168.0.250;ok -ip daddr 10.0.0.0-10.255.255.255;ok -ip daddr 172.16.0.0-172.31.255.255;ok -ip daddr 192.168.3.1-192.168.4.250;ok -ip daddr != 192.168.0.1-192.168.0.250;ok -ip daddr { 192.168.0.1-192.168.0.250};ok -- ip daddr != { 192.168.0.1-192.168.0.250};ok -ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok -- ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok - -ip daddr 192.168.1.2-192.168.1.55;ok -ip daddr != 192.168.1.2-192.168.1.55;ok -ip saddr 192.168.1.3-192.168.33.55;ok -ip saddr != 192.168.1.3-192.168.33.55;ok - -ip daddr 192.168.0.1;ok -ip daddr 192.168.0.1 drop;ok -ip daddr 192.168.0.2 log;ok - -ip saddr \& 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1 -ip saddr \& 0.0.0.255 \< 0.0.0.127;ok;ip saddr & 0.0.0.255 < 0.0.0.127 - -ip saddr \& 0xffff0000 == 0xffff0000;ok;ip saddr 255.255.0.0/16 - -ip version 4 ip hdrlength 5;ok -ip hdrlength 0;ok -ip hdrlength 15;ok -ip hdrlength 16;fail diff --git a/tests/regression/ip/ip.t.payload b/tests/regression/ip/ip.t.payload deleted file mode 100644 index da2dc218..00000000 --- a/tests/regression/ip/ip.t.payload +++ /dev/null @@ -1,386 +0,0 @@ -# ip length 232 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000e800 ] - -# ip length != 233 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip length 333-435 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004d01 ] - [ cmp lte reg 1 0x0000b301 ] - -# ip length != 333-453 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp lt reg 1 0x00004d01 ] - [ cmp gt reg 1 0x0000c501 ] - -# ip length { 333, 553, 673, 838} -set%d test-ip4 3 -set%d test-ip4 0 - element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip length { 333-535} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id 22 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip id != 233 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip id 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip id != 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip id { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off 222 accept -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000de00 ] - [ immediate reg 0 accept ] - -# ip frag-off != 233 -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip frag-off 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip frag-off != 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip frag-off { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl 0 drop -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - [ immediate reg 0 drop ] - -# ip ttl 233 log -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - [ log prefix (null) ] - -# ip ttl 33-55 -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x00000037 ] - -# ip ttl != 45-50 -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp lt reg 1 0x0000002d ] - [ cmp gt reg 1 0x00000032 ] - -# ip ttl {43, 53, 45 } -set%d test-ip4 3 -set%d test-ip4 0 - element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip protocol tcp log -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol != tcp log -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip checksum 13172 drop -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00007433 ] - [ immediate reg 0 drop ] - -# ip checksum 22 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip checksum != 233 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip checksum 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip checksum != 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip saddr 192.168.2.0/24 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0002a8c0 ] - -# ip saddr != 192.168.2.0/24 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp neq reg 1 0x0002a8c0 ] - -# ip saddr 192.168.3.1 ip daddr 192.168.3.100 -ip test-ip4 input - [ payload load 8b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ] - -# ip saddr != 1.1.1.1 log prefix giuseppe -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp neq reg 1 0x01010101 ] - [ log prefix giuseppe ] - -# ip saddr 1.1.1.1 log prefix example group 1 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x01010101 ] - [ log prefix example group 1 snaplen 0 qthreshold 0] - -# ip daddr 192.168.0.1-192.168.0.250 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0100a8c0 ] - [ cmp lte reg 1 0xfa00a8c0 ] - -# ip daddr 10.0.0.0-10.255.255.255 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0xffffff0a ] - -# ip daddr 172.16.0.0-172.31.255.255 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x000010ac ] - [ cmp lte reg 1 0xffff1fac ] - -# ip daddr 192.168.3.1-192.168.4.250 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0103a8c0 ] - [ cmp lte reg 1 0xfa04a8c0 ] - -# ip daddr != 192.168.0.1-192.168.0.250 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0100a8c0 ] - [ cmp gt reg 1 0xfa00a8c0 ] - -# ip daddr { 192.168.0.1-192.168.0.250} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept -set%d test-ip4 3 -set%d test-ip4 0 - element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip daddr 192.168.1.2-192.168.1.55 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0201a8c0 ] - [ cmp lte reg 1 0x3701a8c0 ] - -# ip daddr != 192.168.1.2-192.168.1.55 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0201a8c0 ] - [ cmp gt reg 1 0x3701a8c0 ] - -# ip saddr 192.168.1.3-192.168.33.55 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp gte reg 1 0x0301a8c0 ] - [ cmp lte reg 1 0x3721a8c0 ] - -# ip saddr != 192.168.1.3-192.168.33.55 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp lt reg 1 0x0301a8c0 ] - [ cmp gt reg 1 0x3721a8c0 ] - -# ip daddr 192.168.0.1 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - -# ip daddr 192.168.0.1 drop -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - [ immediate reg 0 drop ] - -# ip daddr 192.168.0.2 log -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0200a8c0 ] - [ log prefix (null) ] - -# ip saddr \& 0xff == 1 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x01000000 ] - -# ip saddr \& 0.0.0.255 \< 0.0.0.127 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp lt reg 1 0x7f000000 ] - -# ip saddr \& 0xffff0000 == 0xffff0000 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000ffff ] - -# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} -set%d test-ip 3 -set%d test-ip 0 - element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] -ip test-ip input - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 1b @ network header + 9 => reg 10 ] - [ lookup reg 1 set set%d ] - -# ip version 4 ip hdrlength 5 -ip test-ip4 input - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000040 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000005 ] - -# ip hdrlength 0 -ip test-ip4 input - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# ip hdrlength 15 -ip test-ip4 input - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000f ] - diff --git a/tests/regression/ip/ip.t.payload.inet b/tests/regression/ip/ip.t.payload.inet deleted file mode 100644 index 35f73ff7..00000000 --- a/tests/regression/ip/ip.t.payload.inet +++ /dev/null @@ -1,506 +0,0 @@ -# ip length 232 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000e800 ] - -# ip length != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip length 333-435 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004d01 ] - [ cmp lte reg 1 0x0000b301 ] - -# ip length != 333-453 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp lt reg 1 0x00004d01 ] - [ cmp gt reg 1 0x0000c501 ] - -# ip length { 333, 553, 673, 838} -set%d test-inet 3 -set%d test-inet 0 - element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip length { 333-535} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id 22 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip id != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip id 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip id != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip id { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off 222 accept -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000de00 ] - [ immediate reg 0 accept ] - -# ip frag-off != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip frag-off 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip frag-off != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip frag-off { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl 0 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - [ immediate reg 0 drop ] - -# ip ttl 233 log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - [ log prefix (null) ] - -# ip ttl 33-55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x00000037 ] - -# ip ttl != 45-50 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp lt reg 1 0x0000002d ] - [ cmp gt reg 1 0x00000032 ] - -# ip ttl {43, 53, 45 } -set%d test-inet 3 -set%d test-inet 0 - element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip protocol tcp log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol != tcp log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept -set%d test-inet 3 -set%d test-inet 0 - element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip checksum 13172 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00007433 ] - [ immediate reg 0 drop ] - -# ip checksum 22 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip checksum != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip checksum 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip checksum != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip checksum { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip checksum { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip saddr 192.168.2.0/24 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0002a8c0 ] - -# ip saddr != 192.168.2.0/24 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp neq reg 1 0x0002a8c0 ] - -# ip saddr 192.168.3.1 ip daddr 192.168.3.100 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 8b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ] - -# ip saddr != 1.1.1.1 log prefix giuseppe -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp neq reg 1 0x01010101 ] - [ log prefix giuseppe ] - -# ip saddr 1.1.1.1 log prefix example group 1 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x01010101 ] - [ log prefix example group 1 snaplen 0 qthreshold 0] - -# ip daddr 192.168.0.1-192.168.0.250 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0100a8c0 ] - [ cmp lte reg 1 0xfa00a8c0 ] - -# ip daddr 10.0.0.0-10.255.255.255 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0xffffff0a ] - -# ip daddr 172.16.0.0-172.31.255.255 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x000010ac ] - [ cmp lte reg 1 0xffff1fac ] - -# ip daddr 192.168.3.1-192.168.4.250 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0103a8c0 ] - [ cmp lte reg 1 0xfa04a8c0 ] - -# ip daddr != 192.168.0.1-192.168.0.250 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0100a8c0 ] - [ cmp gt reg 1 0xfa00a8c0 ] - -# ip daddr { 192.168.0.1-192.168.0.250} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept -set%d test-inet 3 -set%d test-inet 0 - element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip daddr 192.168.1.2-192.168.1.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0201a8c0 ] - [ cmp lte reg 1 0x3701a8c0 ] - -# ip daddr != 192.168.1.2-192.168.1.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0201a8c0 ] - [ cmp gt reg 1 0x3701a8c0 ] - -# ip saddr 192.168.1.3-192.168.33.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp gte reg 1 0x0301a8c0 ] - [ cmp lte reg 1 0x3721a8c0 ] - -# ip saddr != 192.168.1.3-192.168.33.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp lt reg 1 0x0301a8c0 ] - [ cmp gt reg 1 0x3721a8c0 ] - -# ip daddr 192.168.0.1 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - -# ip daddr 192.168.0.1 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - [ immediate reg 0 drop ] - -# ip daddr 192.168.0.2 log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0200a8c0 ] - [ log prefix (null) ] - -# ip saddr \& 0xff == 1 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x01000000 ] - -# ip saddr \& 0.0.0.255 \< 0.0.0.127 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp lt reg 1 0x7f000000 ] - -# ip saddr \& 0xffff0000 == 0xffff0000 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000ffff ] - -# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} -set%d test-ip 3 -set%d test-ip 0 - element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] -inet test-ip input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 1b @ network header + 9 => reg 10 ] - [ lookup reg 1 set set%d ] - -# ip version 4 ip hdrlength 5 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000040 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000005 ] - -# ip hdrlength 0 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# ip hdrlength 15 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000f ] - diff --git a/tests/regression/ip/masquerade.t b/tests/regression/ip/masquerade.t deleted file mode 100644 index 35001f37..00000000 --- a/tests/regression/ip/masquerade.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip;test-ip4 -:postrouting;type nat hook postrouting priority 0 - -# nf_nat flags combination -udp dport 53 masquerade;ok -udp dport 53 masquerade random;ok -udp dport 53 masquerade random,persistent;ok -udp dport 53 masquerade random,persistent,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent -udp dport 53 masquerade random,fully-random;ok -udp dport 53 masquerade random,fully-random,persistent;ok -udp dport 53 masquerade persistent;ok -udp dport 53 masquerade persistent,random;ok;udp dport 53 masquerade random,persistent -udp dport 53 masquerade persistent,random,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent -udp dport 53 masquerade persistent,fully-random;ok;udp dport 53 masquerade fully-random,persistent -udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerade random,fully-random,persistent - -# masquerade is a terminal statement -tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail -tcp sport 22 masquerade accept;fail -ip saddr 10.1.1.1 masquerade drop;fail - -# masquerade with sets -tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade;ok -ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 masquerade;ok -iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade;ok diff --git a/tests/regression/ip/masquerade.t.payload b/tests/regression/ip/masquerade.t.payload deleted file mode 100644 index 9390f0cf..00000000 --- a/tests/regression/ip/masquerade.t.payload +++ /dev/null @@ -1,127 +0,0 @@ -# udp dport 53 masquerade -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq ] - -# udp dport 53 masquerade random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x4 ] - -# udp dport 53 masquerade random,persistent -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0xc ] - -# udp dport 53 masquerade random,persistent,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade random,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x14 ] - -# udp dport 53 masquerade random,fully-random,persistent -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade persistent -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x8 ] - -# udp dport 53 masquerade persistent,random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0xc ] - -# udp dport 53 masquerade persistent,random,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade persistent,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x18 ] - -# udp dport 53 masquerade persistent,fully-random,random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade -set%d test-ip4 3 -set%d test-ip4 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ masq ] - -# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 masquerade -ip test-ip4 postrouting - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0x0403020a ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ counter pkts 0 bytes 0 ] - [ masq ] - -# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade -map%d test-ip4 b -map%d test-ip4 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - [ masq ] - diff --git a/tests/regression/ip/redirect.t b/tests/regression/ip/redirect.t deleted file mode 100644 index b7eecb74..00000000 --- a/tests/regression/ip/redirect.t +++ /dev/null @@ -1,45 +0,0 @@ -*ip;test-ip4 -:output;type nat hook output priority 0 - -# without arguments -udp dport 53 redirect;ok - -# nf_nat flags combination -udp dport 53 redirect random;ok -udp dport 53 redirect random,persistent;ok -udp dport 53 redirect random,persistent,fully-random;ok;udp dport 53 redirect random,fully-random,persistent -udp dport 53 redirect random,fully-random;ok -udp dport 53 redirect random,fully-random,persistent;ok -udp dport 53 redirect persistent;ok -udp dport 53 redirect persistent,random;ok;udp dport 53 redirect random,persistent -udp dport 53 redirect persistent,random,fully-random;ok;udp dport 53 redirect random,fully-random,persistent -udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-random,persistent -udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent - -# port specification -tcp dport 22 redirect to 22;ok -udp dport 1234 redirect to 4321;ok -ip daddr 172.16.0.1 udp dport 9998 redirect to 6515;ok -tcp dport 39128 redirect to 993;ok -redirect to 1234;fail -redirect to 12341111;fail - -# both port and nf_nat flags -tcp dport 9128 redirect to 993 random;ok -tcp dport 9128 redirect to 993 fully-random;ok -tcp dport 9128 redirect to 123 persistent;ok -tcp dport 9128 redirect to 123 random,persistent;ok - -# nf_nat flags is the last argument -udp dport 1234 redirect random to 123;fail -udp dport 21234 redirect persistent,fully-random to 431;fail - -# redirect is a terminal statement -tcp dport 22 redirect counter packets 0 bytes 0 accept;fail -tcp sport 22 redirect accept;fail -ip saddr 10.1.1.1 redirect drop;fail - -# redirect with sets -tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok -ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect;ok -iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok diff --git a/tests/regression/ip/redirect.t.payload b/tests/regression/ip/redirect.t.payload deleted file mode 100644 index ac718043..00000000 --- a/tests/regression/ip/redirect.t.payload +++ /dev/null @@ -1,201 +0,0 @@ -# udp dport 53 redirect -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir ] - -# udp dport 53 redirect random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x4 ] - -# udp dport 53 redirect random,persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0xc ] - -# udp dport 53 redirect random,persistent,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect random,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x14 ] - -# udp dport 53 redirect random,fully-random,persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x8 ] - -# udp dport 53 redirect persistent,random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0xc ] - -# udp dport 53 redirect persistent,random,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect persistent,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x18 ] - -# udp dport 53 redirect persistent,fully-random,random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# tcp dport 22 redirect to 22 -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ immediate reg 1 0x00001600 ] - [ redir proto_min reg 1 ] - -# udp dport 1234 redirect to 4321 -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 1 0x0000e110 ] - [ redir proto_min reg 1 ] - -# ip daddr 172.16.0.1 udp dport 9998 redirect to 6515 -ip test-ip4 output - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x010010ac ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00000e27 ] - [ immediate reg 1 0x00007319 ] - [ redir proto_min reg 1 ] - -# tcp dport 39128 redirect to 993 -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000d898 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 ] - -# tcp dport 9128 redirect to 993 random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x4 ] - -# tcp dport 9128 redirect to 993 fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x10 ] - -# tcp dport 9128 redirect to 123 persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x00007b00 ] - [ redir proto_min reg 1 flags 0x8 ] - -# tcp dport 9128 redirect to 123 random,persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x00007b00 ] - [ redir proto_min reg 1 flags 0xc ] - -# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect -set%d test-ip4 3 -set%d test-ip4 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ redir ] - -# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect -ip test-ip4 output - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0x0403020a ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ counter pkts 0 bytes 0 ] - [ redir ] - -# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect -map%d test-ip4 b -map%d test-ip4 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] -ip test-ip4 output - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - [ redir ] - diff --git a/tests/regression/ip/reject.t b/tests/regression/ip/reject.t deleted file mode 100644 index 70a63a0b..00000000 --- a/tests/regression/ip/reject.t +++ /dev/null @@ -1,14 +0,0 @@ -*ip;test-ip4 -:output;type filter hook output priority 0 - -reject;ok -reject with icmp type host-unreachable;ok -reject with icmp type net-unreachable;ok -reject with icmp type prot-unreachable;ok -reject with icmp type port-unreachable;ok;reject -reject with icmp type net-prohibited;ok -reject with icmp type host-prohibited;ok -reject with icmp type admin-prohibited;ok - -reject with icmp type no-route;fail -reject with icmpv6 type no-route;fail diff --git a/tests/regression/ip/reject.t.payload b/tests/regression/ip/reject.t.payload deleted file mode 100644 index d5e87665..00000000 --- a/tests/regression/ip/reject.t.payload +++ /dev/null @@ -1,32 +0,0 @@ -# reject -ip test-ip4 output - [ reject type 0 code 3 ] - -# reject with icmp type host-unreachable -ip test-ip4 output - [ reject type 0 code 1 ] - -# reject with icmp type net-unreachable -ip test-ip4 output - [ reject type 0 code 0 ] - -# reject with icmp type prot-unreachable -ip test-ip4 output - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -ip test-ip4 output - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -ip test-ip4 output - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -ip test-ip4 output - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -ip test-ip4 output - [ reject type 0 code 13 ] - diff --git a/tests/regression/ip/sets.t b/tests/regression/ip/sets.t deleted file mode 100644 index c199dbd2..00000000 --- a/tests/regression/ip/sets.t +++ /dev/null @@ -1,30 +0,0 @@ -*ip;test-ip4 -*inet;test-inet -:input;type filter hook input priority 0 - -!set_ipv4_add ipv4_addr;ok -!set_inet inet_proto;ok -!set_inet_serv inet_service;ok -!set_time time;ok - -!set1 ipv4_addr;ok -?set1 192.168.3.4;ok - -?set1 192.168.3.4;fail -?set1 192.168.3.5 192.168.3.6;ok -?set1 192.168.3.5 192.168.3.6;fail -?set1 192.168.3.8 192.168.3.9;ok -?set1 192.168.3.10 192.168.3.11;ok -?set1 1234:1234:1234:1234:1234:1234:1234:1234;fail -?set2 192.168.3.4;fail - -!set2 ipv4_addr;ok -?set2 192.168.3.4;ok -?set2 192.168.3.5 192.168.3.6;ok -?set2 192.168.3.5 192.168.3.6;fail -?set2 192.168.3.8 192.168.3.9;ok -?set2 192.168.3.10 192.168.3.11;ok - -ip saddr @set1 drop;ok -ip saddr @set2 drop;ok -ip saddr @set33 drop;fail diff --git a/tests/regression/ip/sets.t.payload.inet b/tests/regression/ip/sets.t.payload.inet deleted file mode 100644 index f8e97ccb..00000000 --- a/tests/regression/ip/sets.t.payload.inet +++ /dev/null @@ -1,16 +0,0 @@ -# ip saddr @set1 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set1 ] - [ immediate reg 0 drop ] - -# ip saddr @set2 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set2 ] - [ immediate reg 0 drop ] - diff --git a/tests/regression/ip/sets.t.payload.ip b/tests/regression/ip/sets.t.payload.ip deleted file mode 100644 index ece63d0e..00000000 --- a/tests/regression/ip/sets.t.payload.ip +++ /dev/null @@ -1,12 +0,0 @@ -# ip saddr @set1 drop -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set1 ] - [ immediate reg 0 drop ] - -# ip saddr @set2 drop -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set2 ] - [ immediate reg 0 drop ] - diff --git a/tests/regression/ip/snat.t b/tests/regression/ip/snat.t deleted file mode 100644 index 1caf7c76..00000000 --- a/tests/regression/ip/snat.t +++ /dev/null @@ -1,12 +0,0 @@ -*ip;test-ip4 -:postrouting;type nat hook postrouting priority 0 - -iifname "eth0" tcp dport 80-90 snat 192.168.3.2;ok -iifname "eth0" tcp dport != 80-90 snat 192.168.3.2;ok -iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -iifname "eth0" tcp dport != 23-34 snat 192.168.3.2;ok diff --git a/tests/regression/ip/snat.t.payload b/tests/regression/ip/snat.t.payload deleted file mode 100644 index 32ba4fa8..00000000 --- a/tests/regression/ip/snat.t.payload +++ /dev/null @@ -1,50 +0,0 @@ -# iifname "eth0" tcp dport 80-90 snat 192.168.3.2 -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 80-90 snat 192.168.3.2 -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00005000 ] - [ cmp gt reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2 -set%d test-ip4 3 -set%d test-ip4 0 - element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 23-34 snat 192.168.3.2 -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002200 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - diff --git a/tests/regression/ip6/chains.t b/tests/regression/ip6/chains.t deleted file mode 100644 index c1e41e47..00000000 --- a/tests/regression/ip6/chains.t +++ /dev/null @@ -1,17 +0,0 @@ -*ip6;test-ip6 - -# filter chains available are: input, output, forward, forward, prerouting and postrouting. -:filter-input;type filter hook input priority 0 -:filter-prer;type filter hook prerouting priority 0 -:filter-forw-t;type filter hook forward priority 0 -:filter-out-t;type filter hook output priority 0 -:filter-post-t;type filter hook postrouting priority 0 - -# nat chains available are: input, output, forward, prerouting and postrouting. -:nat-input;type nat hook input priority 0 -:nat-prerouting;type nat hook prerouting priority 0 -:nat-output;type nat hook output priority 0 -:nat-postrou;type nat hook postrouting priority 0 - -# route chain available is output. -:route-out;type route hook output priority 0 diff --git a/tests/regression/ip6/dnat.t b/tests/regression/ip6/dnat.t deleted file mode 100644 index 83412258..00000000 --- a/tests/regression/ip6/dnat.t +++ /dev/null @@ -1,5 +0,0 @@ -*ip6;test-ip6 -:prerouting;type nat hook prerouting priority 0 - -tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100;ok -tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok;tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::100 diff --git a/tests/regression/ip6/dnat.t.payload.ip6 b/tests/regression/ip6/dnat.t.payload.ip6 deleted file mode 100644 index 13c7a0e3..00000000 --- a/tests/regression/ip6/dnat.t.payload.ip6 +++ /dev/null @@ -1,25 +0,0 @@ -# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100 -ip6 test-ip6 prerouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] - [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] - [ immediate reg 3 0x00005000 ] - [ immediate reg 4 0x00006400 ] - [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] - -# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100 -ip6 test-ip6 prerouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] - [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] - [ immediate reg 3 0x00006400 ] - [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] - diff --git a/tests/regression/ip6/dst.t b/tests/regression/ip6/dst.t deleted file mode 100644 index 3207af76..00000000 --- a/tests/regression/ip6/dst.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -dst nexthdr 22;ok -dst nexthdr != 233;ok -dst nexthdr 33-45;ok -dst nexthdr != 33-45;ok -dst nexthdr { 33, 55, 67, 88};ok -- dst nexthdr != { 33, 55, 67, 88};ok -dst nexthdr { 33-55};ok -- dst nexthdr != { 33-55};ok -dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;dst nexthdr { 51, 50, 17, 136, 58, 6, 33, 132, 108} -- dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok -dst nexthdr icmp;ok;dst nexthdr 1 -dst nexthdr != icmp;ok;dst nexthdr != 1 - -dst hdrlength 22;ok -dst hdrlength != 233;ok -dst hdrlength 33-45;ok -dst hdrlength != 33-45;ok -dst hdrlength { 33, 55, 67, 88};ok -- dst hdrlength != { 33, 55, 67, 88};ok -dst hdrlength { 33-55};ok -- dst hdrlength != { 33-55};ok diff --git a/tests/regression/ip6/dst.t.payload.inet b/tests/regression/ip6/dst.t.payload.inet deleted file mode 100644 index 7a219f41..00000000 --- a/tests/regression/ip6/dst.t.payload.inet +++ /dev/null @@ -1,94 +0,0 @@ -# dst nexthdr 22 -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# dst nexthdr != 233 -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# dst nexthdr 33-45 -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# dst nexthdr != 33-45 -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# dst nexthdr { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} -set%d test-inet 3 -set%d test-inet 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr icmp -inet test-inet input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# dst nexthdr != icmp -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# dst hdrlength 22 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# dst hdrlength != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# dst hdrlength 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# dst hdrlength != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# dst hdrlength { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst hdrlength { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/dst.t.payload.ip6 b/tests/regression/ip6/dst.t.payload.ip6 deleted file mode 100644 index 3c778f93..00000000 --- a/tests/regression/ip6/dst.t.payload.ip6 +++ /dev/null @@ -1,95 +0,0 @@ -# dst nexthdr 22 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# dst nexthdr != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# dst nexthdr 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# dst nexthdr != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# dst nexthdr { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst nexthdr icmp -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# dst nexthdr != icmp -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# dst hdrlength 22 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# dst hdrlength != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# dst hdrlength 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# dst hdrlength != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# dst hdrlength { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# dst hdrlength { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 60 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - - diff --git a/tests/regression/ip6/dup.t b/tests/regression/ip6/dup.t deleted file mode 100644 index 34f302f2..00000000 --- a/tests/regression/ip6/dup.t +++ /dev/null @@ -1,6 +0,0 @@ -*ip6;test-ip6 -:input;type filter hook input priority 0 - -dup to abcd::1;ok -dup to abcd::1 device eth0;ok -dup to ip6 saddr map { abcd::1 : cafe::cafe } device eth0;ok diff --git a/tests/regression/ip6/dup.t.payload b/tests/regression/ip6/dup.t.payload deleted file mode 100644 index 1df414cd..00000000 --- a/tests/regression/ip6/dup.t.payload +++ /dev/null @@ -1,21 +0,0 @@ -# dup to abcd::1 -ip6 test test - [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ] - [ dup sreg_addr 1 ] - -# dup to abcd::1 device eth0 -ip6 test test - [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ] - [ immediate reg 2 0x00000002 ] - [ dup sreg_addr 1 sreg_dev 2 ] - -# dup to ip6 saddr map { abcd::1 : cafe::cafe } device eth0 -map%d test-ip6 b -map%d test-ip6 0 - element 0000cdab 00000000 00000000 01000000 : 0000feca 00000000 00000000 feca0000 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 1 ] - [ immediate reg 2 0x00000002 ] - [ dup sreg_addr 1 sreg_dev 2 ] - diff --git a/tests/regression/ip6/ether.t b/tests/regression/ip6/ether.t deleted file mode 100644 index 98be273f..00000000 --- a/tests/regression/ip6/ether.t +++ /dev/null @@ -1,8 +0,0 @@ -*ip6;test-ip6 - -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 accept -tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 -tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2;ok -ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept;ok diff --git a/tests/regression/ip6/ether.t.payload b/tests/regression/ip6/ether.t.payload deleted file mode 100644 index c7342cc0..00000000 --- a/tests/regression/ip6/ether.t.payload +++ /dev/null @@ -1,49 +0,0 @@ -# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] - -# ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept -ip6 test-ip6 input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ] - [ immediate reg 0 accept ] diff --git a/tests/regression/ip6/hbh.t b/tests/regression/ip6/hbh.t deleted file mode 100644 index 4e67c42a..00000000 --- a/tests/regression/ip6/hbh.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:filter-input;type filter hook input priority 0 - -hbh hdrlength 22;ok -hbh hdrlength != 233;ok -hbh hdrlength 33-45;ok -hbh hdrlength != 33-45;ok -hbh hdrlength {33, 55, 67, 88};ok -- hbh hdrlength != {33, 55, 67, 88};ok -hbh hdrlength { 33-55};ok -- hbh hdrlength != {33-55};ok - -hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;hbh nexthdr { 58, 136, 51, 50, 6, 17, 132, 33, 108} -- hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok -hbh nexthdr 22;ok -hbh nexthdr != 233;ok -hbh nexthdr 33-45;ok -hbh nexthdr != 33-45;ok -hbh nexthdr {33, 55, 67, 88};ok -- hbh nexthdr != {33, 55, 67, 88};ok -hbh nexthdr { 33-55};ok -- hbh nexthdr != {33-55};ok -hbh nexthdr ip;ok;hbh nexthdr 0 -hbh nexthdr != ip;ok;hbh nexthdr != 0 diff --git a/tests/regression/ip6/hbh.t.payload.inet b/tests/regression/ip6/hbh.t.payload.inet deleted file mode 100644 index 2b4c9c77..00000000 --- a/tests/regression/ip6/hbh.t.payload.inet +++ /dev/null @@ -1,94 +0,0 @@ -# hbh hdrlength 22 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# hbh hdrlength != 233 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# hbh hdrlength 33-45 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# hbh hdrlength != 33-45 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# hbh hdrlength {33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh hdrlength { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} -set%d test-inet 3 -set%d test-inet 0 - element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr 22 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# hbh nexthdr != 233 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# hbh nexthdr 33-45 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# hbh nexthdr != 33-45 -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# hbh nexthdr {33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr ip -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# hbh nexthdr != ip -inet test-inet filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - diff --git a/tests/regression/ip6/hbh.t.payload.ip6 b/tests/regression/ip6/hbh.t.payload.ip6 deleted file mode 100644 index a201ef56..00000000 --- a/tests/regression/ip6/hbh.t.payload.ip6 +++ /dev/null @@ -1,94 +0,0 @@ -# hbh hdrlength 22 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# hbh hdrlength != 233 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# hbh hdrlength 33-45 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# hbh hdrlength != 33-45 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# hbh hdrlength {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh hdrlength { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr 22 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# hbh nexthdr != 233 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# hbh nexthdr 33-45 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# hbh nexthdr != 33-45 -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# hbh nexthdr {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# hbh nexthdr ip -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - -# hbh nexthdr != ip -ip6 test-ip6 filter-input - [ exthdr load 1b @ 0 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000000 ] - diff --git a/tests/regression/ip6/icmpv6.t b/tests/regression/ip6/icmpv6.t deleted file mode 100644 index fca903f6..00000000 --- a/tests/regression/ip6/icmpv6.t +++ /dev/null @@ -1,96 +0,0 @@ -*ip6;test-ip6 -# BUG: There is a bug with icmpv6 and inet tables -# *inet;test-inet -:input;type filter hook input priority 0 - -icmpv6 type destination-unreachable accept;ok -icmpv6 type packet-too-big accept;ok -icmpv6 type time-exceeded accept;ok -icmpv6 type echo-request accept;ok -icmpv6 type echo-reply accept;ok -icmpv6 type mld-listener-query accept;ok -icmpv6 type mld-listener-report accept;ok -icmpv6 type mld-listener-reduction accept;ok -icmpv6 type nd-router-solicit accept;ok -icmpv6 type nd-router-advert accept;ok -icmpv6 type nd-neighbor-solicit accept;ok -icmpv6 type nd-neighbor-advert accept;ok -icmpv6 type nd-redirect accept;ok -icmpv6 type router-renumbering accept;ok -icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept;ok -icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept;ok -icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept;ok -- icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept;ok - -icmpv6 code 4;ok -icmpv6 code 3-66;ok -icmpv6 code {5, 6, 7} accept;ok -- icmpv6 code != {3, 66, 34};ok -icmpv6 code { 3-66};ok -- icmpv6 code != { 3-44};ok - -icmpv6 checksum 2222 log;ok -icmpv6 checksum != 2222 log;ok -icmpv6 checksum 222-226;ok -icmpv6 checksum != 2222 log;ok -icmpv6 checksum { 222, 226};ok -- icmpv6 checksum != { 222, 226};ok -icmpv6 checksum { 222-226};ok -- icmpv6 checksum != { 222-226};ok - -# BUG: icmpv6 parameter-problem, pptr, mtu, packet-too-big -# [ICMP6HDR_PPTR] = ICMP6HDR_FIELD("parameter-problem", icmp6_pptr), -# [ICMP6HDR_MTU] = ICMP6HDR_FIELD("packet-too-big", icmp6_mtu), -# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 35 -# :1:53-53: Error: syntax error, unexpected end of file -# add rule ip6 test6 input icmpv6 parameter-problem 35 -# ^ -# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem -# :1:26-31: Error: Value 58 exceeds valid range 0-0 -# add rule ip6 test6 input icmpv6 parameter-problem -# ^^^^^^ -# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 2-4 -# :1:54-54: Error: syntax error, unexpected end of file -# add rule ip6 test6 input icmpv6 parameter-problem 2-4 - -# BUG: packet-too-big -# $ sudo nft add rule ip6 test6 input icmpv6 packet-too-big 34 -# :1:50-50: Error: syntax error, unexpected end of file -# add rule ip6 test6 input icmpv6 packet-too-big 34 - -icmpv6 mtu 22;ok -icmpv6 mtu != 233;ok -icmpv6 mtu 33-45;ok -icmpv6 mtu != 33-45;ok -icmpv6 mtu {33, 55, 67, 88};ok -- icmpv6 mtu != {33, 55, 67, 88};ok -icmpv6 mtu {33-55};ok -- icmpv6 mtu != {33-55};ok - -- icmpv6 id 2;ok -- icmpv6 id != 233;ok -icmpv6 id 33-45;ok -icmpv6 id != 33-45;ok -icmpv6 id {33, 55, 67, 88};ok -- icmpv6 id != {33, 55, 67, 88};ok -icmpv6 id {33-55};ok -- icmpv6 id != {33-55};ok - -icmpv6 sequence 2;ok -icmpv6 sequence {3, 4, 5, 6, 7} accept;ok - -icmpv6 sequence {2, 4};ok -- icmpv6 sequence != {2, 4};ok -icmpv6 sequence 2-4;ok -icmpv6 sequence != 2-4;ok -icmpv6 sequence { 2-4};ok -- icmpv6 sequence != {2-4};ok - -- icmpv6 max-delay 22;ok -- icmpv6 max-delay != 233;ok -icmpv6 max-delay 33-45;ok -icmpv6 max-delay != 33-45;ok -icmpv6 max-delay {33, 55, 67, 88};ok -- icmpv6 max-delay != {33, 55, 67, 88};ok -icmpv6 max-delay {33-55};ok -- icmpv6 max-delay != {33-55};ok diff --git a/tests/regression/ip6/icmpv6.t.payload.ip6 b/tests/regression/ip6/icmpv6.t.payload.ip6 deleted file mode 100644 index 55af9d8d..00000000 --- a/tests/regression/ip6/icmpv6.t.payload.ip6 +++ /dev/null @@ -1,409 +0,0 @@ -# icmpv6 type destination-unreachable accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ immediate reg 0 accept ] - -# icmpv6 type packet-too-big accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ immediate reg 0 accept ] - -# icmpv6 type time-exceeded accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000003 ] - [ immediate reg 0 accept ] - -# icmpv6 type echo-request accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000080 ] - [ immediate reg 0 accept ] - -# icmpv6 type echo-reply accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000081 ] - [ immediate reg 0 accept ] - -# icmpv6 type mld-listener-query accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000082 ] - [ immediate reg 0 accept ] - -# icmpv6 type mld-listener-report accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000083 ] - [ immediate reg 0 accept ] - -# icmpv6 type mld-listener-reduction accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000084 ] - [ immediate reg 0 accept ] - -# icmpv6 type nd-router-solicit accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000085 ] - [ immediate reg 0 accept ] - -# icmpv6 type nd-router-advert accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000086 ] - [ immediate reg 0 accept ] - -# icmpv6 type nd-neighbor-solicit accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000087 ] - [ immediate reg 0 accept ] - -# icmpv6 type nd-neighbor-advert accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000088 ] - [ immediate reg 0 accept ] - -# icmpv6 type nd-redirect accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000089 ] - [ immediate reg 0 accept ] - -# icmpv6 type router-renumbering accept -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000008a ] - [ immediate reg 0 accept ] - -# icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 00000001 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 0000008a : 0 [end] element 00000084 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 00000082 : 0 [end] element 00000003 : 0 [end] element 00000086 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmpv6 code 4 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] - -# icmpv6 code 3-66 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000003 ] - [ cmp lte reg 1 0x00000042 ] - -# icmpv6 code {5, 6, 7} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmpv6 code { 3-66} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000003 : 0 [end] element 00000043 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 checksum 2222 log -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000ae08 ] - [ log prefix (null) ] - -# icmpv6 checksum != 2222 log -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000ae08 ] - [ log prefix (null) ] - -# icmpv6 checksum 222-226 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x0000de00 ] - [ cmp lte reg 1 0x0000e200 ] - -# icmpv6 checksum != 2222 log -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000ae08 ] - [ log prefix (null) ] - -# icmpv6 checksum { 222, 226} -set%d test-ip6 3 -set%d test-ip6 0 - element 0000de00 : 0 [end] element 0000e200 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 checksum { 222-226} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 0000de00 : 0 [end] element 0000e300 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 mtu 22 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# icmpv6 mtu != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# icmpv6 mtu 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# icmpv6 mtu != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# icmpv6 mtu {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 mtu {33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 id 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmpv6 id != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmpv6 id {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 id {33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 sequence 2 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000200 ] - -# icmpv6 sequence {3, 4, 5, 6, 7} accept -set%d test-ip6 3 -set%d test-ip6 0 - element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmpv6 sequence {2, 4} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000200 : 0 [end] element 00000400 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 sequence 2-4 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00000200 ] - [ cmp lte reg 1 0x00000400 ] - -# icmpv6 sequence != 2-4 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00000200 ] - [ cmp gt reg 1 0x00000400 ] - -# icmpv6 sequence { 2-4} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000200 : 0 [end] element 00000500 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 max-delay 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmpv6 max-delay != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmpv6 max-delay {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmpv6 max-delay {33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000003a ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/ip6.t b/tests/regression/ip6/ip6.t deleted file mode 100644 index d4c5c7e3..00000000 --- a/tests/regression/ip6/ip6.t +++ /dev/null @@ -1,143 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -# BUG: Problem with version, priority -# :1:1-38: Error: Could not process rule: Invalid argument -# add rule ip6 test6 input ip6 version 1 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -- ip6 version 6;ok -- ip6 priority 3;ok - -# $ sudo nft add rule ip6 test6 input ip6 priority 33 -# :1:39-40: Error: Value 33 exceeds valid range 0-15 -# $ sudo nft add rule ip6 test6 input ip6 priority 3 -# :1:1-39: Error: Could not process rule: Invalid argument -# add rule ip6 test6 input ip6 priority 3 -#^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -ip6 flowlabel 22;ok -ip6 flowlabel != 233;ok -- ip6 flowlabel 33-45;ok -- ip6 flowlabel != 33-45;ok -ip6 flowlabel { 33, 55, 67, 88};ok -# BUG ip6 flowlabel { 5046528, 2883584, 13522432 } -- ip6 flowlabel != { 33, 55, 67, 88};ok -ip6 flowlabel { 33-55};ok -- ip6 flowlabel != { 33-55};ok - -ip6 length 22;ok -ip6 length != 233;ok -ip6 length 33-45;ok -ip6 length != 33-45;ok -- ip6 length { 33, 55, 67, 88};ok -- ip6 length != {33, 55, 67, 88};ok -ip6 length { 33-55};ok -- ip6 length != { 33-55};ok - -ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log;ok;ip6 nexthdr { 132, 51, 108, 136, 17, 33, 6} log -ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;ip6 nexthdr { 6, 136, 108, 33, 50, 17, 132, 58, 51} -- ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok -ip6 nexthdr esp;ok;ip6 nexthdr 50 -ip6 nexthdr != esp;ok;ip6 nexthdr != 50 -ip6 nexthdr { 33-44};ok -- p6 nexthdr != { 33-44};ok -ip6 nexthdr 33-44;ok -ip6 nexthdr != 33-44;ok - -ip6 hoplimit 1 log;ok -ip6 hoplimit != 233;ok -ip6 hoplimit 33-45;ok -ip6 hoplimit != 33-45;ok -ip6 hoplimit {33, 55, 67, 88};ok -- ip6 hoplimit != {33, 55, 67, 88};ok -ip6 hoplimit {33-55};ok -- ip6 hoplimit != {33-55};ok - -# from src/scanner.l -# v680 (({hex4}:){7}{hex4}) -ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234;ok -# v670 ((:)(:{hex4}{7})) -ip6 saddr ::1234:1234:1234:1234:1234:1234:1234;ok;ip6 saddr 0:1234:1234:1234:1234:1234:1234:1234 -# v671 ((({hex4}:){1})(:{hex4}{6})) -ip6 saddr 1234::1234:1234:1234:1234:1234:1234;ok;ip6 saddr 1234:0:1234:1234:1234:1234:1234:1234 -# v672 ((({hex4}:){2})(:{hex4}{5})) -ip6 saddr 1234:1234::1234:1234:1234:1234:1234;ok;ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 -ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234;ok -# v673 ((({hex4}:){3})(:{hex4}{4})) -ip6 saddr 1234:1234:1234::1234:1234:1234:1234;ok;ip6 saddr 1234:1234:1234:0:1234:1234:1234:1234 -# v674 ((({hex4}:){4})(:{hex4}{3})) -ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234;ok -# v675 ((({hex4}:){5})(:{hex4}{2})) -ip6 saddr 1234:1234:1234:1234:1234::1234:1234;ok;ip6 saddr 1234:1234:1234:1234:1234:0:1234:1234 -# v676 ((({hex4}:){6})(:{hex4}{1})) -ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234;ok -# v677 ((({hex4}:){7})(:)) -ip6 saddr 1234:1234:1234:1234:1234:1234:1234::;ok;ip6 saddr 1234:1234:1234:1234:1234:1234:1234:0 -# v67 ({v670}|{v671}|{v672}|{v673}|{v674}|{v675}|{v676}|{v677}) -# v660 ((:)(:{hex4}{6})) -ip6 saddr ::1234:1234:1234:1234:1234:1234;ok -# v661 ((({hex4}:){1})(:{hex4}{5})) -ip6 saddr 1234::1234:1234:1234:1234:1234;ok -# v662 ((({hex4}:){2})(:{hex4}{4})) -ip6 saddr 1234:1234::1234:1234:1234:1234;ok -# v663 ((({hex4}:){3})(:{hex4}{3})) -ip6 saddr 1234:1234:1234::1234:1234:1234;ok -# v664 ((({hex4}:){4})(:{hex4}{2})) -ip6 saddr 1234:1234:1234:1234::1234:1234;ok -# v665 ((({hex4}:){5})(:{hex4}{1})) -ip6 saddr 1234:1234:1234:1234:1234::1234;ok -# v666 ((({hex4}:){6})(:)) -ip6 saddr 1234:1234:1234:1234:1234:1234::;ok -# v66 ({v660}|{v661}|{v662}|{v663}|{v664}|{v665}|{v666}) -# v650 ((:)(:{hex4}{5})) -ip6 saddr ::1234:1234:1234:1234:1234;ok -# v651 ((({hex4}:){1})(:{hex4}{4})) -ip6 saddr 1234::1234:1234:1234:1234;ok -# v652 ((({hex4}:){2})(:{hex4}{3})) -ip6 saddr 1234:1234::1234:1234:1234;ok -# v653 ((({hex4}:){3})(:{hex4}{2})) -ip6 saddr 1234:1234:1234::1234:1234;ok -# v654 ((({hex4}:){4})(:{hex4}{1})) -ip6 saddr 1234:1234:1234:1234::1234;ok -# v655 ((({hex4}:){5})(:)) -ip6 saddr 1234:1234:1234:1234:1234::;ok -# v65 ({v650}|{v651}|{v652}|{v653}|{v654}|{v655}) -# v640 ((:)(:{hex4}{4})) -ip6 saddr ::1234:1234:1234:1234;ok -# v641 ((({hex4}:){1})(:{hex4}{3})) -ip6 saddr 1234::1234:1234:1234;ok -# v642 ((({hex4}:){2})(:{hex4}{2})) -ip6 saddr 1234:1234::1234:1234;ok -# v643 ((({hex4}:){3})(:{hex4}{1})) -ip6 saddr 1234:1234:1234::1234;ok -# v644 ((({hex4}:){4})(:)) -ip6 saddr 1234:1234:1234:1234::;ok -# v64 ({v640}|{v641}|{v642}|{v643}|{v644}) -# v630 ((:)(:{hex4}{3})) -ip6 saddr ::1234:1234:1234;ok -# v631 ((({hex4}:){1})(:{hex4}{2})) -ip6 saddr 1234::1234:1234;ok -# v632 ((({hex4}:){2})(:{hex4}{1})) -ip6 saddr 1234:1234::1234;ok -# v633 ((({hex4}:){3})(:)) -ip6 saddr 1234:1234:1234::;ok -# v63 ({v630}|{v631}|{v632}|{v633}) -# v620 ((:)(:{hex4}{2})) -ip6 saddr ::1234:1234;ok;ip6 saddr ::18.52.18.52 -# v621 ((({hex4}:){1})(:{hex4}{1})) -ip6 saddr 1234::1234;ok -# v622 ((({hex4}:){2})(:)) -ip6 saddr 1234:1234::;ok -# v62 ({v620}|{v621}|{v622}) -# v610 ((:)(:{hex4}{1})) -ip6 saddr ::1234;ok -# v611 ((({hex4}:){1})(:)) -ip6 saddr 1234::;ok -# v61 ({v610}|{v611}) -# v60 (::) -ip6 saddr ::/64;ok - -- ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 };ok -ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234;ok;ip6 daddr != 0:1234:1234:1234:1234:1234:1234:1234-1234:1234:0:1234:1234:1234:1234:1234 diff --git a/tests/regression/ip6/ip6.t.payload.inet b/tests/regression/ip6/ip6.t.payload.inet deleted file mode 100644 index b4fd2779..00000000 --- a/tests/regression/ip6/ip6.t.payload.inet +++ /dev/null @@ -1,461 +0,0 @@ -# ip6 flowlabel 22 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 3b @ network header + 1 => reg 1 ] - [ cmp eq reg 1 0x00160000 ] - -# ip6 flowlabel != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 3b @ network header + 1 => reg 1 ] - [ cmp neq reg 1 0x00e90000 ] - -# ip6 flowlabel { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 3b @ network header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 flowlabel { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 3b @ network header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 length 22 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip6 length != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip6 length 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip6 length != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip6 length { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log -set%d test-inet 3 -set%d test-inet 0 - element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - [ log prefix (null) ] - -# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} -set%d test-inet 3 -set%d test-inet 0 - element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr esp -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# ip6 nexthdr != esp -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# ip6 nexthdr { 33-44} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr 33-44 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002c ] - -# ip6 nexthdr != 33-44 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002c ] - -# ip6 hoplimit 1 log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ log prefix (null) ] - -# ip6 hoplimit != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# ip6 hoplimit 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# ip6 hoplimit != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# ip6 hoplimit {33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 hoplimit {33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ] - -# ip6 saddr ::1234:1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ] - -# ip6 saddr ::1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ] - -# ip6 saddr ::1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ] - -# ip6 saddr ::1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ] - -# ip6 saddr ::1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ] - -# ip6 saddr ::1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:: -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ] - -# ip6 saddr ::/64 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] - -# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] - [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - diff --git a/tests/regression/ip6/ip6.t.payload.ip6 b/tests/regression/ip6/ip6.t.payload.ip6 deleted file mode 100644 index d355adae..00000000 --- a/tests/regression/ip6/ip6.t.payload.ip6 +++ /dev/null @@ -1,339 +0,0 @@ -# ip6 flowlabel 22 -ip6 test-ip6 input - [ payload load 3b @ network header + 1 => reg 1 ] - [ cmp eq reg 1 0x00160000 ] - -# ip6 flowlabel != 233 -ip6 test-ip6 input - [ payload load 3b @ network header + 1 => reg 1 ] - [ cmp neq reg 1 0x00e90000 ] - -# ip6 flowlabel { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end] -ip6 test-ip6 input - [ payload load 3b @ network header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 flowlabel { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00210000 : 0 [end] element 00380000 : 1 [end] -ip6 test-ip6 input - [ payload load 3b @ network header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 length 22 -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip6 length != 233 -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip6 length 33-45 -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip6 length != 33-45 -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip6 length { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log -set%d test-ip6 3 -set%d test-ip6 0 - element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - [ log prefix (null) ] - -# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr esp -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000032 ] - -# ip6 nexthdr != esp -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x00000032 ] - -# ip6 nexthdr { 33-44} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 0000002d : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 nexthdr 33-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002c ] - -# ip6 nexthdr != 33-44 -ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002c ] - -# ip6 hoplimit 1 log -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ log prefix (null) ] - -# ip6 hoplimit != 233 -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# ip6 hoplimit 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# ip6 hoplimit != 33-45 -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# ip6 hoplimit {33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 hoplimit {33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ payload load 1b @ network header + 7 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ] - -# ip6 saddr ::1234:1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234:1234::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ] - -# ip6 saddr ::1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234:1234::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ] - -# ip6 saddr ::1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ] - -# ip6 saddr 1234::1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234:1234::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234:1234::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ] - -# ip6 saddr ::1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ] - -# ip6 saddr 1234::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234:1234::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ] - -# ip6 saddr ::1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ] - -# ip6 saddr 1234::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ] - -# ip6 saddr ::1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ] - -# ip6 saddr 1234:: -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ] - -# ip6 saddr ::/64 -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] - [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ] - -# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234 -ip6 test-ip6 input - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp lt reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ] - [ cmp gt reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ] - diff --git a/tests/regression/ip6/masquerade.t b/tests/regression/ip6/masquerade.t deleted file mode 100644 index 4e6c086c..00000000 --- a/tests/regression/ip6/masquerade.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip6;test-ip6 -:postrouting;type nat hook postrouting priority 0 - -# nf_nat flags combination -udp dport 53 masquerade;ok -udp dport 53 masquerade random;ok -udp dport 53 masquerade random,persistent;ok -udp dport 53 masquerade random,persistent,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent -udp dport 53 masquerade random,fully-random;ok -udp dport 53 masquerade random,fully-random,persistent;ok -udp dport 53 masquerade persistent;ok -udp dport 53 masquerade persistent,random;ok;udp dport 53 masquerade random,persistent -udp dport 53 masquerade persistent,random,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent -udp dport 53 masquerade persistent,fully-random;ok;udp dport 53 masquerade fully-random,persistent -udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerade random,fully-random,persistent - -# masquerade is a terminal statement -tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail -tcp sport 22 masquerade accept;fail -ip6 saddr ::1 masquerade drop;fail - -# masquerade with sets -tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade;ok -ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade;ok -iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade;ok diff --git a/tests/regression/ip6/masquerade.t.payload.ip6 b/tests/regression/ip6/masquerade.t.payload.ip6 deleted file mode 100644 index 2e8bf959..00000000 --- a/tests/regression/ip6/masquerade.t.payload.ip6 +++ /dev/null @@ -1,127 +0,0 @@ -# udp dport 53 masquerade -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq ] - -# udp dport 53 masquerade random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x4 ] - -# udp dport 53 masquerade random,persistent -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0xc ] - -# udp dport 53 masquerade random,persistent,fully-random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade random,fully-random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x14 ] - -# udp dport 53 masquerade random,fully-random,persistent -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade persistent -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x8 ] - -# udp dport 53 masquerade persistent,random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0xc ] - -# udp dport 53 masquerade persistent,random,fully-random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade persistent,fully-random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x18 ] - -# udp dport 53 masquerade persistent,fully-random,random -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade -set%d test-ip6 3 -set%d test-ip6 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ masq ] - -# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade -ip6 test-ip6 postrouting - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] - [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ counter pkts 0 bytes 0 ] - [ masq ] - -# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade -map%d test-ip6 b -map%d test-ip6 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] -ip6 test-ip6 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - [ masq ] - diff --git a/tests/regression/ip6/mh.t b/tests/regression/ip6/mh.t deleted file mode 100644 index cd652b39..00000000 --- a/tests/regression/ip6/mh.t +++ /dev/null @@ -1,49 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -mh nexthdr 1;ok -mh nexthdr != 1;ok -mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp };ok;mh nexthdr { 58, 17, 108, 6, 51, 136, 50, 132, 33} -- mh nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok -mh nexthdr icmp;ok;mh nexthdr 1 -mh nexthdr != icmp;ok;mh nexthdr != 1 -mh nexthdr 22;ok -mh nexthdr != 233;ok -mh nexthdr 33-45;ok -mh nexthdr != 33-45;ok -mh nexthdr { 33, 55, 67, 88 };ok -- mh nexthdr != { 33, 55, 67, 88 };ok -mh nexthdr { 33-55 };ok -- mh nexthdr != { 33-55 };ok - -mh hdrlength 22;ok -mh hdrlength != 233;ok -mh hdrlength 33-45;ok -mh hdrlength != 33-45;ok -mh hdrlength { 33, 55, 67, 88 };ok -- mh hdrlength != { 33, 55, 67, 88 };ok -mh hdrlength { 33-55 };ok -- mh hdrlength != { 33-55 };ok - -mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message};ok -mh type home-agent-switch-message;ok -mh type != home-agent-switch-message;ok - -mh reserved 22;ok -mh reserved != 233;ok -mh reserved 33-45;ok -mh reserved != 33-45;ok -mh reserved { 33, 55, 67, 88};ok -- mh reserved != {33, 55, 67, 88};ok -mh reserved { 33-55};ok -- mh reserved != { 33-55};ok - -mh checksum 22;ok -mh checksum != 233;ok -mh checksum 33-45;ok -mh checksum != 33-45;ok -mh checksum { 33, 55, 67, 88};ok -- mh checksum != { 33, 55, 67, 88};ok -mh checksum { 33-55};ok -- mh checksum != { 33-55};ok diff --git a/tests/regression/ip6/mh.t.payload.inet b/tests/regression/ip6/mh.t.payload.inet deleted file mode 100644 index 53a0ce08..00000000 --- a/tests/regression/ip6/mh.t.payload.inet +++ /dev/null @@ -1,198 +0,0 @@ -# mh nexthdr 1 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# mh nexthdr != 1 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } -set%d test-inet 3 -set%d test-inet 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh nexthdr icmp -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# mh nexthdr != icmp -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# mh nexthdr 22 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh nexthdr != 233 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh nexthdr 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh nexthdr != 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh nexthdr { 33, 55, 67, 88 } -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh nexthdr { 33-55 } -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh hdrlength 22 -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh hdrlength != 233 -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh hdrlength 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh hdrlength != 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh hdrlength { 33, 55, 67, 88 } -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh hdrlength { 33-55 } -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} -set%d test-inet 3 -set%d test-inet 0 - element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh type home-agent-switch-message -inet test-inet input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ cmp eq reg 1 0x0000000c ] - -# mh type != home-agent-switch-message -inet test-inet input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ cmp neq reg 1 0x0000000c ] - -# mh reserved 22 -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh reserved != 233 -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh reserved 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh reserved != 33-45 -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh reserved { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh reserved { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh checksum 22 -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# mh checksum != 233 -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# mh checksum 33-45 -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# mh checksum != 33-45 -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# mh checksum { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh checksum { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/mh.t.payload.ip6 b/tests/regression/ip6/mh.t.payload.ip6 deleted file mode 100644 index e903b74f..00000000 --- a/tests/regression/ip6/mh.t.payload.ip6 +++ /dev/null @@ -1,198 +0,0 @@ -# mh nexthdr 1 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# mh nexthdr != 1 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp } -set%d test-ip6 3 -set%d test-ip6 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh nexthdr icmp -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# mh nexthdr != icmp -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# mh nexthdr 22 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh nexthdr != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh nexthdr 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh nexthdr != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh nexthdr { 33, 55, 67, 88 } -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh nexthdr { 33-55 } -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh hdrlength 22 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh hdrlength != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh hdrlength 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh hdrlength != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh hdrlength { 33, 55, 67, 88 } -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh hdrlength { 33-55 } -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh type home-agent-switch-message -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ cmp eq reg 1 0x0000000c ] - -# mh type != home-agent-switch-message -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 2 => reg 1 ] - [ cmp neq reg 1 0x0000000c ] - -# mh reserved 22 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# mh reserved != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# mh reserved 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# mh reserved != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# mh reserved { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh reserved { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 135 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh checksum 22 -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# mh checksum != 233 -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# mh checksum 33-45 -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# mh checksum != 33-45 -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# mh checksum { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# mh checksum { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip6 test-ip6 input - [ exthdr load 2b @ 135 + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/redirect.t b/tests/regression/ip6/redirect.t deleted file mode 100644 index 31ffe8c9..00000000 --- a/tests/regression/ip6/redirect.t +++ /dev/null @@ -1,44 +0,0 @@ -*ip6;test-ip6 -:output;type nat hook output priority 0 - -# with no arguments -redirect;ok -udp dport 954 redirect;ok -ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect;ok - -# nf_nat flags combination -udp dport 53 redirect random;ok -udp dport 53 redirect random,persistent;ok -udp dport 53 redirect random,persistent,fully-random;ok;udp dport 53 redirect random,fully-random,persistent -udp dport 53 redirect random,fully-random;ok -udp dport 53 redirect random,fully-random,persistent;ok -udp dport 53 redirect persistent;ok -udp dport 53 redirect persistent,random;ok;udp dport 53 redirect random,persistent -udp dport 53 redirect persistent,random,fully-random;ok;udp dport 53 redirect random,fully-random,persistent -udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-random,persistent -udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent - -# port specification -udp dport 1234 redirect to 1234;ok -ip6 daddr fe00::cafe udp dport 9998 redirect to 6515;ok -tcp dport 39128 redirect to 993;ok -redirect to 1234;fail -redirect to 12341111;fail - -# both port and nf_nat flags -tcp dport 9128 redirect to 993 random;ok -tcp dport 9128 redirect to 993 fully-random,persistent;ok - -# nf_nat flags are the last argument -tcp dport 9128 redirect persistent to 123;fail -tcp dport 9128 redirect random,persistent to 123;fail - -# redirect is a terminal statement -tcp dport 22 redirect counter packets 0 bytes 0 accept;fail -tcp sport 22 redirect accept;fail -ip6 saddr ::1 redirect drop;fail - -# redirect with sets -tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok -ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect;ok -iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok diff --git a/tests/regression/ip6/redirect.t.payload.ip6 b/tests/regression/ip6/redirect.t.payload.ip6 deleted file mode 100644 index 3369a7a3..00000000 --- a/tests/regression/ip6/redirect.t.payload.ip6 +++ /dev/null @@ -1,185 +0,0 @@ -# redirect -ip6 test-ip6 output - [ redir ] - -# udp dport 954 redirect -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000ba03 ] - [ redir ] - -# ip6 saddr fe00::cafe counter packets 0 bytes 0 redirect -ip6 test-ip6 output - [ payload load 16b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ] - [ counter pkts 0 bytes 0 ] - [ redir ] - -# udp dport 53 redirect random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x4 ] - -# udp dport 53 redirect random,persistent -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0xc ] - -# udp dport 53 redirect random,persistent,fully-random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect random,fully-random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x14 ] - -# udp dport 53 redirect random,fully-random,persistent -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect persistent -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x8 ] - -# udp dport 53 redirect persistent,random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0xc ] - -# udp dport 53 redirect persistent,random,fully-random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect persistent,fully-random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x18 ] - -# udp dport 53 redirect persistent,fully-random,random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 1234 redirect to 1234 -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 1 0x0000d204 ] - [ redir proto_min reg 1 ] - -# ip6 daddr fe00::cafe udp dport 9998 redirect to 6515 -ip6 test-ip6 output - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00000e27 ] - [ immediate reg 1 0x00007319 ] - [ redir proto_min reg 1 ] - -# tcp dport 39128 redirect to 993 -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000d898 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 ] - -# tcp dport 9128 redirect to 993 random -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x4 ] - -# tcp dport 9128 redirect to 993 fully-random,persistent -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x18 ] - -# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect -set%d test-ip6 3 -set%d test-ip6 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ redir ] - -# ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect -ip6 test-ip6 output - [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] - [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ counter pkts 0 bytes 0 ] - [ redir ] - -# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect -map%d test-ip6 b -map%d test-ip6 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] -ip6 test-ip6 output - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - [ redir ] - diff --git a/tests/regression/ip6/reject.t b/tests/regression/ip6/reject.t deleted file mode 100644 index 60dec90e..00000000 --- a/tests/regression/ip6/reject.t +++ /dev/null @@ -1,12 +0,0 @@ -*ip6;test-ip6 -:output;type filter hook output priority 0 - -reject;ok -reject with icmpv6 type no-route;ok -reject with icmpv6 type admin-prohibited;ok -reject with icmpv6 type addr-unreachable;ok -reject with icmpv6 type port-unreachable;ok;reject -reject with tcp reset;ok;ip6 nexthdr 6 reject with tcp reset - -reject with icmpv6 type host-unreachable;fail -reject with icmp type host-unreachable;fail diff --git a/tests/regression/ip6/reject.t.payload.ip6 b/tests/regression/ip6/reject.t.payload.ip6 deleted file mode 100644 index aa0b9ff2..00000000 --- a/tests/regression/ip6/reject.t.payload.ip6 +++ /dev/null @@ -1,26 +0,0 @@ -# reject -ip6 test-ip6 output - [ reject type 0 code 4 ] - -# reject with icmpv6 type no-route -ip6 test-ip6 output - [ reject type 0 code 0 ] - -# reject with icmpv6 type admin-prohibited -ip6 test-ip6 output - [ reject type 0 code 1 ] - -# reject with icmpv6 type addr-unreachable -ip6 test-ip6 output - [ reject type 0 code 3 ] - -# reject with icmpv6 type port-unreachable -ip6 test-ip6 output - [ reject type 0 code 4 ] - -# reject with tcp reset -ip6 test-ip6 output - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ reject type 1 code 0 ] - diff --git a/tests/regression/ip6/rt.t b/tests/regression/ip6/rt.t deleted file mode 100644 index eca47ca8..00000000 --- a/tests/regression/ip6/rt.t +++ /dev/null @@ -1,45 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -rt nexthdr 1;ok -rt nexthdr != 1;ok -rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;rt nexthdr { 33, 136, 50, 132, 51, 17, 108, 6, 58} -- rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok -rt nexthdr icmp;ok;rt nexthdr 1 -rt nexthdr != icmp;ok;rt nexthdr != 1 -rt nexthdr 22;ok -rt nexthdr != 233;ok -rt nexthdr 33-45;ok -rt nexthdr != 33-45;ok -rt nexthdr { 33, 55, 67, 88};ok -- rt nexthdr != { 33, 55, 67, 88};ok -rt nexthdr { 33-55};ok;rt nexthdr { 33-55} -- rt nexthdr != { 33-55};ok - -rt hdrlength 22;ok -rt hdrlength != 233;ok -rt hdrlength 33-45;ok -rt hdrlength != 33-45;ok -rt hdrlength { 33, 55, 67, 88};ok -- rt hdrlength != { 33, 55, 67, 88};ok -rt hdrlength { 33-55};ok -- rt hdrlength != { 33-55};ok - -rt type 22;ok -rt type != 233;ok -rt type 33-45;ok -rt type != 33-45;ok -rt type { 33, 55, 67, 88};ok -- rt type != { 33, 55, 67, 88};ok -rt type { 33-55};ok -- rt type != { 33-55};ok - -rt seg-left 22;ok -rt seg-left != 233;ok -rt seg-left 33-45;ok -rt seg-left != 33-45;ok -rt seg-left { 33, 55, 67, 88};ok -- rt seg-left != { 33, 55, 67, 88};ok -rt seg-left { 33-55};ok -- rt seg-left != { 33-55};ok diff --git a/tests/regression/ip6/rt.t.payload.inet b/tests/regression/ip6/rt.t.payload.inet deleted file mode 100644 index 9dc51b97..00000000 --- a/tests/regression/ip6/rt.t.payload.inet +++ /dev/null @@ -1,180 +0,0 @@ -# rt nexthdr 1 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# rt nexthdr != 1 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} -set%d test-inet 3 -set%d test-inet 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt nexthdr icmp -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# rt nexthdr != icmp -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# rt nexthdr 22 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt nexthdr != 233 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt nexthdr 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt nexthdr != 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt nexthdr { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt nexthdr { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt hdrlength 22 -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt hdrlength != 233 -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt hdrlength 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt hdrlength != 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt hdrlength { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt hdrlength { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt type 22 -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt type != 233 -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt type 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt type != 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt type { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt type { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt seg-left 22 -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt seg-left != 233 -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt seg-left 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt seg-left != 33-45 -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt seg-left { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt seg-left { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/rt.t.payload.ip6 b/tests/regression/ip6/rt.t.payload.ip6 deleted file mode 100644 index f766ec0a..00000000 --- a/tests/regression/ip6/rt.t.payload.ip6 +++ /dev/null @@ -1,180 +0,0 @@ -# rt nexthdr 1 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# rt nexthdr != 1 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt nexthdr icmp -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - -# rt nexthdr != icmp -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x00000001 ] - -# rt nexthdr 22 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt nexthdr != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt nexthdr 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt nexthdr != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt nexthdr { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt nexthdr { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt hdrlength 22 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt hdrlength != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt hdrlength 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt hdrlength != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt hdrlength { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt hdrlength { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt type 22 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt type != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt type 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt type != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt type { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt type { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt seg-left 22 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp eq reg 1 0x00000016 ] - -# rt seg-left != 233 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp neq reg 1 0x000000e9 ] - -# rt seg-left 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x0000002d ] - -# rt seg-left != 33-45 -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x0000002d ] - -# rt seg-left { 33, 55, 67, 88} -set%d test-ip6 3 -set%d test-ip6 0 - element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - -# rt seg-left { 33-55} -set%d test-ip6 7 -set%d test-ip6 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip6 test-ip6 input - [ exthdr load 1b @ 43 + 3 => reg 1 ] - [ lookup reg 1 set set%d ] - diff --git a/tests/regression/ip6/sets.t b/tests/regression/ip6/sets.t deleted file mode 100644 index 4938929c..00000000 --- a/tests/regression/ip6/sets.t +++ /dev/null @@ -1,22 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -!set_ipv6_add1 ipv6_addr;ok -!set_inet1 inet_proto;ok -!set_inet inet_service;ok -!set_time time;ok - -?set2 192.168.3.4;fail -!set2 ipv6_addr;ok -?set2 1234:1234::1234:1234:1234:1234:1234;ok -?set2 1234:1234::1234:1234:1234:1234:1234;fail -?set2 1234::1234:1234:1234;ok -?set2 1234:1234:1234:1234:1234::1234:1234 1234:1234::123;ok -?set2 192.168.3.8 192.168.3.9;fail -?set2 1234:1234::1234:1234:1234:1234;ok -?set2 1234:1234::1234:1234:1234:1234;fail -?set2 1234:1234:1234::1234;ok - -ip6 saddr @set2 drop;ok -ip6 saddr @set33 drop;fail diff --git a/tests/regression/ip6/sets.t.payload b/tests/regression/ip6/sets.t.payload deleted file mode 100644 index e69de29b..00000000 diff --git a/tests/regression/ip6/sets.t.payload.inet b/tests/regression/ip6/sets.t.payload.inet deleted file mode 100644 index 27be86be..00000000 --- a/tests/regression/ip6/sets.t.payload.inet +++ /dev/null @@ -1,8 +0,0 @@ -# ip6 saddr @set2 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set2 ] - [ immediate reg 0 drop ] - diff --git a/tests/regression/ip6/sets.t.payload.ip6 b/tests/regression/ip6/sets.t.payload.ip6 deleted file mode 100644 index 0e51fd3e..00000000 --- a/tests/regression/ip6/sets.t.payload.ip6 +++ /dev/null @@ -1,6 +0,0 @@ -# ip6 saddr @set2 drop -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set2 ] - [ immediate reg 0 drop ] - diff --git a/tests/regression/ip6/snat.t b/tests/regression/ip6/snat.t deleted file mode 100644 index 37bf1a1d..00000000 --- a/tests/regression/ip6/snat.t +++ /dev/null @@ -1,5 +0,0 @@ -*ip6;test-ip6 -:postrouting;type nat hook postrouting priority 0 - -tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::80-100 -tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100;ok diff --git a/tests/regression/ip6/snat.t.payload.ip6 b/tests/regression/ip6/snat.t.payload.ip6 deleted file mode 100644 index 486bbb8b..00000000 --- a/tests/regression/ip6/snat.t.payload.ip6 +++ /dev/null @@ -1,25 +0,0 @@ -# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100 -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] - [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] - [ immediate reg 3 0x00005000 ] - [ immediate reg 4 0x00006400 ] - [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] - -# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100 -ip6 test-ip6 postrouting - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] - [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] - [ immediate reg 3 0x00006400 ] - [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] - diff --git a/tests/regression/ip6/vmap.t b/tests/regression/ip6/vmap.t deleted file mode 100644 index 301a28ae..00000000 --- a/tests/regression/ip6/vmap.t +++ /dev/null @@ -1,54 +0,0 @@ -*ip6;test-ip6 -*inet;test-inet -:input;type filter hook input priority 0 - -ip6 saddr vmap { abcd::3 : accept };ok -ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234:1234;fail - -# Ipv6 address combinations -# from src/scanner.l -ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 0:1234:1234:1234:1234:1234:1234:1234 : accept} -ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:0:1234:1234:1234:1234:1234:1234 : accept} -ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:0:1234:1234:1234:1234:1234 : accept} -ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:0:1234:1234:1234:1234 : accept} -ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:0:1234:1234:1234 : accept} -ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:0:1234:1234 : accept} -ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:0:1234 : accept} -ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:0 : accept} -ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept};ok -ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept};ok -ip6 saddr vmap { ::1234:1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234::1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234::1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234::1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:1234:: : accept};ok -ip6 saddr vmap { ::1234:1234:1234 : accept};ok -ip6 saddr vmap { 1234::1234:1234 : accept};ok -ip6 saddr vmap { 1234:1234::1234 : accept};ok -ip6 saddr vmap { 1234:1234:1234:: : accept};ok -ip6 saddr vmap { ::1234:1234 : accept};ok;ip6 saddr vmap { ::18.52.18.52 : accept} -ip6 saddr vmap { 1234::1234 : accept};ok -ip6 saddr vmap { 1234:1234:: : accept};ok -ip6 saddr vmap { ::1234 : accept};ok -ip6 saddr vmap { 1234:: : accept};ok -ip6 saddr vmap { ::/64 : accept};ok - -ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::aaaa : drop} -ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::bbbb : drop} -ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::cccc : drop} -ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::dddd: drop} - -# rule without comma: -filter-input ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:bbbb:::accept::adda : drop};fail diff --git a/tests/regression/ip6/vmap.t.payload.inet b/tests/regression/ip6/vmap.t.payload.inet deleted file mode 100644 index f0312bf3..00000000 --- a/tests/regression/ip6/vmap.t.payload.inet +++ /dev/null @@ -1,420 +0,0 @@ -# ip6 saddr vmap { abcd::3 : accept } -map%d test-inet b -map%d test-inet 0 - element 0000cdab 00000000 00000000 03000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34120000 34123412 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 34123412 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34120000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00003412 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34120000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00003412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 00003412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 34123412 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 34120000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00000000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00003412 34120000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00000000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00003412 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 34120000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 00000000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00000000 34120000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00003412 00000000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00000000 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00003412 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 00000000 34123412 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 00000000 34120000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00000000 00000000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00003412 00000000 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 00000000 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 00000000 34120000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 00000000 00000000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00000000 00000000 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00003412 00000000 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 00000000 00000000 34123412 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 00000000 00000000 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 34123412 00000000 00000000 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234 : accept} -map%d test-inet b -map%d test-inet 0 - element 00000000 00000000 00000000 34120000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:: : accept} -map%d test-inet b -map%d test-inet 0 - element 00003412 00000000 00000000 00000000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::/64 : accept} -map%d test-inet f -map%d test-inet 0 - element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} -map%d test-inet b -map%d test-inet 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - diff --git a/tests/regression/ip6/vmap.t.payload.ip6 b/tests/regression/ip6/vmap.t.payload.ip6 deleted file mode 100644 index 0701b9b3..00000000 --- a/tests/regression/ip6/vmap.t.payload.ip6 +++ /dev/null @@ -1,336 +0,0 @@ -# ip6 saddr vmap { abcd::3 : accept } -map%d test-ip6 b -map%d test-ip6 0 - element 0000cdab 00000000 00000000 03000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34120000 34123412 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 34123412 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34120000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00003412 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34120000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00003412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 00003412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 34123412 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 34120000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00000000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00003412 34120000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00000000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00003412 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 34120000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 00000000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00000000 34120000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00003412 00000000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00000000 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00003412 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 00000000 34123412 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 00000000 34120000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00000000 00000000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00003412 00000000 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 00000000 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 00000000 34120000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 00000000 00000000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00000000 00000000 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00003412 00000000 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234:1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 00000000 00000000 34123412 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 00000000 00000000 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 00000000 00000000 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::1234 : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00000000 00000000 00000000 34120000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { 1234:: : accept} -map%d test-ip6 b -map%d test-ip6 0 - element 00003412 00000000 00000000 00000000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap { ::/64 : accept} -map%d test-ip6 f -map%d test-ip6 0 - element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - -# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} -map%d test-ip6 b -map%d test-ip6 0 - element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] -ip6 test-ip6 input - [ payload load 16b @ network header + 8 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - diff --git a/tests/regression/nft-test.py b/tests/regression/nft-test.py deleted file mode 100755 index e68087f3..00000000 --- a/tests/regression/nft-test.py +++ /dev/null @@ -1,968 +0,0 @@ -#!/usr/bin/python -# -# (C) 2014 by Ana Rey Botello -# -# Based on iptables-test.py: -# (C) 2012 by Pablo Neira Ayuso " -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Thanks to the Outreach Program for Women (OPW) for sponsoring this test -# infrastructure. - -import sys -import os -import subprocess -import argparse -import signal - -TERMINAL_PATH = os.getcwd() -NFT_BIN = "src/nft" -TESTS_PATH = os.path.dirname(os.path.abspath(__file__)) -TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6"] -LOGFILE = "/tmp/nftables-test.log" -log_file = None -table_list = [] -chain_list = [] -all_set = dict() -signal_received = 0 - - -class Colors: - if sys.stdout.isatty(): - HEADER = '\033[95m' - GREEN = '\033[92m' - YELLOW = '\033[93m' - RED = '\033[91m' - ENDC = '\033[0m' - else: - HEADER = '' - GREEN = '' - YELLOW = '' - RED = '' - ENDC = '' - -def print_msg(reason, filename=None, lineno=None, color=None, errstr=None): - ''' - Prints a message with nice colors, indicating file and line number. - ''' - if filename and lineno: - print (filename + ": " + color + "ERROR:" + - Colors.ENDC + " line %d: %s" % (lineno + 1, reason)) - else: - print (color + "ERROR:" + Colors.ENDC + " %s" % (reason)) - -def print_error(reason, filename=None, lineno=None): - print_msg(reason, filename, lineno, Colors.RED, "ERROR:") - -def print_warning(reason, filename=None, lineno=None): - print_msg(reason, filename, lineno, Colors.YELLOW, "WARNING:") - - -def print_differences_warning(filename, lineno, rule1, rule2, cmd): - reason = "'" + rule1 + "' mismatches '" + rule2 + "'" - print filename + ": " + Colors.YELLOW + "WARNING: " + Colors.ENDC + \ - "line: " + str(lineno + 1) + ": '" + cmd + "': " + reason - - -def print_differences_error(filename, lineno, output, cmd): - reason = "Listing is broken." - print filename + ": " + Colors.RED + "ERROR: " + Colors.ENDC + \ - "line: " + str(lineno + 1) + ": '" + cmd + "': " + reason - - -def table_exist(table, filename, lineno): - ''' - Exists a table. - ''' - cmd = NFT_BIN + " list -nnn table " + table[0] + " " + table[1] - ret = execute_cmd(cmd, filename, lineno) - - return True if (ret == 0) else False - - -def table_flush(table, filename, lineno): - ''' - Flush a table. - ''' - cmd = NFT_BIN + " flush table " + str(table[0]) + " " + str(table[1]) - ret = execute_cmd(cmd, filename, lineno) - - return cmd - - -def table_create(table, filename, lineno): - ''' - Adds a table. - ''' - ## We check if table exists. - if table_exist(table, filename, lineno): - reason = "Table " + table[1] + " already exists" - print_error(reason, filename, lineno) - return -1 - - table_list.append(table) - - ## We add a new table - cmd = NFT_BIN + " add table " + table[0] + " " + table[1] - ret = execute_cmd(cmd, filename, lineno) - - if ret != 0: - reason = "Cannot add table " + table[1] - print_error(reason, filename, lineno) - table_list.remove(table) - return -1 - - ## We check if table was added correctly. - if not table_exist(table, filename, lineno): - table_list.remove(table) - reason = "I have just added the table " + table[1] + \ - " but it does not exist. Giving up!" - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def table_delete(table, filename=None, lineno=None): - ''' - Deletes a table. - ''' - table_info = " " + table[0] + " " + table[1] + " " - - if not table_exist(table, filename, lineno): - reason = "Table " + table[1] + \ - " does not exist but I added it before." - print_error(reason, filename, lineno) - return -1 - - cmd = NFT_BIN + " delete table" + table_info - ret = execute_cmd(cmd, filename, lineno) - if ret != 0: - reason = cmd + ": " \ - "I cannot delete table '" + table[1] + "'. Giving up! " - print_error(reason, filename, lineno) - return -1 - - if table_exist(table, filename, lineno): - reason = "I have just deleted the table " + table[1] + \ - " but the table still exists." - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def chain_exist(chain, table, filename, lineno): - ''' - Checks a chain - ''' - - table_info = " " + table[0] + " " + table[1] + " " - cmd = NFT_BIN + " list -nnn chain" + table_info + chain - ret = execute_cmd(cmd, filename, lineno) - - return True if (ret == 0) else False - - -def chain_create(chain, chain_type, chain_list, table, filename, lineno): - ''' - Adds a chain - ''' - - table_info = " " + table[0] + " " + table[1] + " " - - if chain_exist(chain, table, filename, lineno): - reason = "This chain '" + chain + "' exists in " + table[1] + "." + \ - "I cannot create two chains with same name." - print_error(reason, filename, lineno) - return -1 - - if chain_type: - cmd = NFT_BIN + " add chain" + table_info + chain + "\{ " + chain_type + "\; \}" - else: - cmd = NFT_BIN + " add chain" + table_info + chain - - ret = execute_cmd(cmd, filename, lineno) - if ret != 0: - reason = "I cannot create the chain '" + chain - print_error(reason, filename, lineno) - return -1 - - if not chain in chain_list: - chain_list.append(chain) - - if not chain_exist(chain, table, filename, lineno): - reason = "I have added the chain '" + chain + \ - "' but it does not exist in " + table[1] - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def chain_delete(chain, table, filename=None, lineno=None): - ''' - Flushes and deletes a chain. - ''' - - table_info = " " + table[0] + " " + table[1] + " " - - if not chain_exist(chain, table, filename, lineno): - reason = "The chain " + chain + " does not exists in " + table[1] + \ - ". I cannot delete it." - print_error(reason, filename, lineno) - return -1 - - cmd = NFT_BIN + " flush chain" + table_info + chain - ret = execute_cmd(cmd, filename, lineno) - if ret != 0: - reason = "I cannot flush this chain " + chain - print_error(reason, filename, lineno) - return -1 - - cmd = NFT_BIN + " delete chain" + table_info + chain - ret = execute_cmd(cmd, filename, lineno) - if ret != 0: - reason = cmd + "I cannot delete this chain. DD" - print_error(reason, filename, lineno) - return -1 - - if chain_exist(chain, table, filename, lineno): - reason = "The chain " + chain + " exists in " + table[1] + \ - ". I cannot delete this chain" - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def set_add(set_info, table_list, filename, lineno): - ''' - Adds a set. - ''' - - if not table_list: - reason = "Missing table to add rule" - print_error(reason, filename, lineno) - return -1 - - for table in table_list: - if set_exist(set_info[0], table, filename, lineno): - reason = "This set " + set_info + " exists in " + table[1] + \ - ". I cannot add it again" - print_error(reason, filename, lineno) - return -1 - - table_info = " " + table[0] + " " + table[1] + " " - set_text = " " + set_info[0] + " { type " + set_info[1] + " \;}" - cmd = NFT_BIN + " add set" + table_info + set_text - ret = execute_cmd(cmd, filename, lineno) - - if (ret == 0 and set_info[2].rstrip() == "fail") or \ - (ret != 0 and set_info[2].rstrip() == "ok"): - reason = cmd + ": " + "I cannot add the set " + set_info[0] - print_error(reason, filename, lineno) - return -1 - - if not set_exist(set_info[0], table, filename, lineno): - reason = "I have just added the set " + set_info[0] + \ - " to the table " + table[1] + " but it does not exist" - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def set_add_elements(set_element, set_name, set_all, state, table_list, - filename, lineno): - ''' - Adds elements to the set. - ''' - - if not table_list: - reason = "Missing table to add rules" - print_error(reason, filename, lineno) - return -1 - - for table in table_list: - # Check if set exists. - if (not set_exist(set_name, table, filename, lineno) or - not set_name in set_all) and state == "ok": - reason = "I cannot add an element to the set " + set_name + \ - " since it does not exist." - print_error(reason, filename, lineno) - return -1 - - table_info = " " + table[0] + " " + table[1] + " " - - element = "" - for e in set_element: - if not element: - element = e - else: - element = element + ", " + e - - set_text = set_name + " { " + element + " }" - cmd = NFT_BIN + " add element" + table_info + set_text - ret = execute_cmd(cmd, filename, lineno) - - if (state == "fail" and ret == 0) or (state == "ok" and ret != 0): - test_state = "This rule should have failed." - reason = cmd + ": " + test_state - print_error(reason, filename, lineno) - return -1 - - # Add element into a all_set. - if (ret == 0 and state == "ok"): - for e in set_element: - set_all[set_name].add(e) - - return 0 - - -def set_delete_elements(set_element, set_name, table, filename=None, - lineno=None): - ''' - Deletes elements in a set. - ''' - table_info = " " + table[0] + " " + table[1] + " " - - for element in set_element: - set_text = set_name + " {" + element + "}" - cmd = NFT_BIN + " delete element" + table_info + set_text - ret = execute_cmd(cmd, filename, lineno) - if ret != 0: - reason = "I cannot delete an element" + element + \ - " from the set '" + set_name - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def set_delete(all_set, table, filename=None, lineno=None): - ''' - Deletes set and its content. - ''' - - for set_name in all_set.keys(): - # Check if exists the set - if not set_exist(set_name, table, filename, lineno): - reason = "The set " + set_name + \ - " does not exist, I cannot delete it" - print_error(reason, filename, lineno) - return -1 - - # We delete all elements in the set - set_delete_elements(all_set[set_name], set_name, table, filename, - lineno) - - # We delete the set. - table_info = " " + table[0] + " " + table[1] + " " - cmd = NFT_BIN + " delete set " + table_info + " " + set_name - ret = execute_cmd(cmd, filename, lineno) - - # Check if the set still exists after I deleted it. - if ret != 0 or set_exist(set_name, table, filename, lineno): - reason = "Cannot remove the set " + set_name - print_error(reason, filename, lineno) - return -1 - - return 0 - - -def set_exist(set_name, table, filename, lineno): - ''' - Check if the set exists. - ''' - table_info = " " + table[0] + " " + table[1] + " " - cmd = NFT_BIN + " list -nnn set" + table_info + set_name - ret = execute_cmd(cmd, filename, lineno) - - return True if (ret == 0) else False - - -def set_check_element(rule1, rule2): - ''' - Check if element exists in anonymous sets. - ''' - ret = -1 - pos1 = rule1.find("{") - pos2 = rule2.find("{") - end1 = rule1.find("}") - end2 = rule2.find("}") - - if ((pos1 != -1) and (pos2 != -1) and (end1 != -1) and (end2 != -1)): - list1 = (rule1[pos1 + 1:end1].replace(" ", "")).split(",") - list2 = (rule2[pos2 + 1:end2].replace(" ", "")).split(",") - list1.sort() - list2.sort() - if (cmp(list1, list2) == 0): - ret = 0 - return ret - - -def output_clean(pre_output, chain): - pos_chain = pre_output[0].find(chain) - if pos_chain == -1: - return "" - output_intermediate = pre_output[0][pos_chain:] - brace_start = output_intermediate.find("{") - brace_end = output_intermediate.find("}") - pre_rule = output_intermediate[brace_start:brace_end] - if pre_rule[1:].find("{") > -1: # this rule has a set. - set = pre_rule[1:].replace("\t", "").replace("\n", "").strip() - set = set.split(";")[2].strip() + "}" - return set - else: - rule = pre_rule.split(";")[2].replace("\t", "").replace("\n", "").strip() - if len(rule) < 0: - return "" - return rule - -def payload_check_elems_to_set(elems): - newset = set() - - for n, line in enumerate(elems.split('[end]')): - e = line.strip() - if e in newset: - print_error("duplicate", e, n) - return newset - - newset.add(e) - - return newset - -def payload_check_set_elems(want, got): - - if want.find('element') < 0 or want.find('[end]') < 0: - return 0 - - if got.find('element') < 0 or got.find('[end]') < 0: - return 0 - - set_want = payload_check_elems_to_set(want) - set_got = payload_check_elems_to_set(got) - - return set_want == set_got - -def payload_check(payload_buffer, file, cmd): - - file.seek(0, 0) - - ret = False - i = 0 - - for lineno, want_line in enumerate(payload_buffer): - line = file.readline() - - if want_line == line: - i += 1 - continue - - if want_line.find('[') < 0 and line.find('[') < 0: - continue - if want_line.find(']') < 0 and line.find(']') < 0: - continue - - if payload_check_set_elems(want_line, line): - continue - - print_differences_warning(file.name, lineno, want_line.strip(), line.strip(), cmd); - return 0 - - return i > 0 - -def rule_add(rule, table_list, chain_list, filename, lineno, - force_all_family_option, filename_path): - ''' - Adds a rule - ''' - # TODO Check if a rule is added correctly. - ret = warning = error = unit_tests = 0 - - if not table_list or not chain_list: - reason = "Missing table or chain to add rule." - print_error(reason, filename, lineno) - return [-1, warning, error, unit_tests] - - payload_expected = [] - - for table in table_list: - try: - payload_log = open("%s.payload.%s" % (filename_path, table[0])) - except (IOError): - payload_log = open("%s.payload" % filename_path) - - if rule[1].strip() == "ok": - try: - payload_expected.index(rule[0]) - except (ValueError): - payload_expected = payload_find_expected(payload_log, rule[0]) - - if payload_expected == []: - print_error("did not find payload information for rule '%s'" % rule[0], payload_log.name, 1) - - for chain in chain_list: - unit_tests += 1 - table_flush(table, filename, lineno) - table_info = " " + table[0] + " " + table[1] + " " - cmd = NFT_BIN + " add rule" + table_info + chain + " " + rule[0] - - payload_log = os.tmpfile(); - - cmd = NFT_BIN + " add rule --debug=netlink" + table_info + chain + " " + rule[0] - ret = execute_cmd(cmd, filename, lineno, payload_log) - - state = rule[1].rstrip() - if (ret == 0 and state == "fail") or (ret != 0 and state == "ok"): - if state == "fail": - test_state = "This rule should have failed." - else: - test_state = "This rule should not have failed." - reason = cmd + ": " + test_state - print_error(reason, filename, lineno) - ret = -1 - error += 1 - if not force_all_family_option: - return [ret, warning, error, unit_tests] - - if (state == "fail" and ret != 0): - ret = 0 - continue - - if ret == 0: - # Check for matching payload - if state == "ok" and not payload_check(payload_expected, payload_log, cmd): - error += 1 - gotf = open("%s.payload.got" % filename_path, 'a') - payload_log.seek(0, 0) - gotf.write("# %s\n" % rule[0]) - while True: - line = payload_log.readline() - if line == "": - break - gotf.write(line) - gotf.close() - print_warning("Wrote payload for rule %s" % rule[0], gotf.name, 1) - - # Check output of nft - process = subprocess.Popen([NFT_BIN, '-nnn', 'list', 'table'] + table, - shell=False, stdout=subprocess.PIPE, - preexec_fn=preexec) - pre_output = process.communicate() - output = pre_output[0].split(";") - if len(output) < 2: - reason = cmd + ": Listing is broken." - print_error(reason, filename, lineno) - ret = -1 - error += 1 - if not force_all_family_option: - return [ret, warning, error, unit_tests] - else: - rule_output = output_clean(pre_output, chain) - if (len(rule) == 3): - teoric_exit = rule[2] - else: - teoric_exit = rule[0] - - if (rule_output.rstrip() != teoric_exit.rstrip()): - if (rule[0].find("{") != -1): # anonymous sets - if (set_check_element(teoric_exit, rule_output) != 0): - warning += 1 - print_differences_warning(filename, lineno, - rule[0], rule_output, - cmd) - if not force_all_family_option: - return [ret, warning, error, unit_tests] - else: - if len(rule_output) <= 0: - error += 1 - print_differences_error(filename, lineno, - rule_output, cmd) - if not force_all_family_option: - return [ret, warning, error, unit_tests] - - warning += 1 - print_differences_warning(filename, lineno, - teoric_exit.rstrip(), rule_output, - cmd) - - if not force_all_family_option: - return [ret, warning, error, unit_tests] - - return [ret, warning, error, unit_tests] - - -def preexec(): - os.setpgrp() # Don't forward signals. - - -def cleanup_on_exit(): - for table in table_list: - for chain in chain_list: - ret = chain_delete(chain, table, "", "") - if all_set: - ret = set_delete(all_set, table) - ret = table_delete(table) - - -def signal_handler(signal, frame): - global signal_received - signal_received = 1 - - -def execute_cmd(cmd, filename, lineno, stdout_log = False): - ''' - Executes a command, checks for segfaults and returns the command exit - code. - - :param cmd: string with the command to be executed - :param filename: name of the file tested (used for print_error purposes) - :param lineno: line number being tested (used for print_error purposes) - ''' - global log_file - print >> log_file, "command: %s" % cmd - if debug_option: - print cmd - - if not stdout_log: - stdout_log = log_file - - ret = subprocess.call(cmd, shell=True, universal_newlines=True, - stderr=log_file, stdout=stdout_log, - preexec_fn=preexec) - log_file.flush() - - if ret == -11: - reason = "command segfaults: " + cmd - print_error(reason, filename, lineno) - - return ret - - -def print_result(filename, tests, warning, error): - return str(filename) + ": " + str(tests) + " unit tests, " + \ - str(error) + " error, " + str(warning) + " warning" - - -def print_result_all(filename, tests, warning, error, unit_tests): - return str(filename) + ": " + str(tests) + " unit tests, " +\ - str(unit_tests) + " total test executed, " + \ - str(error) + " error, " + \ - str(warning) + " warning" - - -def table_process(table_line, filename, lineno): - if ";" in table_line: - table_info = table_line.split(";") - else: - table_info.append("ip") - table_info.append(table_line) - - return table_create(table_info, filename, lineno) - - -def chain_process(chain_line, filename, lineno): - chain_name = chain_line[0] - chain_type = "" - for table in table_list: - if len(chain_line) > 1: - chain_type = chain_line[1] - ret = chain_create(chain_name, chain_type, chain_list, table, - filename, lineno) - if ret != 0: - return -1 - return ret - - -def set_process(set_line, filename, lineno): - set_info = [] - set_name = "".join(set_line[0].rstrip()[1:]) - set_info.append(set_name) - set_type = set_line[1].split(";")[0] - set_state = set_line[1].split(";")[1] # ok or fail - set_info.append(set_type) - set_info.append(set_state) - ret = set_add(set_info, table_list, filename, lineno) - if ret == 0: - all_set[set_name] = set() - - return ret - - -def set_element_process(element_line, filename, lineno): - rule_state = element_line[1] - set_name = element_line[0].split(" ")[0] - set_element = element_line[0].split(" ") - set_element.remove(set_name) - return set_add_elements(set_element, set_name, all_set, rule_state, - table_list, filename, lineno) - -def payload_find_expected(payload_log, rule): - ''' - Find the netlink payload that should be generated by given rule in payload_log - - :param payload_log: open file handle of the payload data - :param rule: nft rule we are going to add - ''' - found = 0 - pos = 0 - payload_buffer = [] - - while True: - line = payload_log.readline() - if not line: - break - - if line[0] == "#": # rule start - rule_line = line.strip()[2:] - - if rule_line == rule.strip(): - found = 1 - continue - - if found == 1: - payload_buffer.append(line) - if line.isspace(): - return payload_buffer - - payload_log.seek(0, 0) - return payload_buffer - -def run_test_file(filename, force_all_family_option, specific_file): - ''' - Runs a test file - - :param filename: name of the file with the test rules - ''' - - if specific_file: - filename_path = os.path.join(TERMINAL_PATH, filename) - else: - filename_path = os.path.join(TESTS_PATH, filename) - - f = open(filename_path) - tests = passed = total_unit_run = total_warning = total_error = 0 - table = "" - total_test_passed = True - - for lineno, line in enumerate(f): - if signal_received == 1: - print "\nSignal received. Cleaning up and Exitting..." - cleanup_on_exit() - sys.exit(0) - - if line.isspace(): - continue - - if line[0] == "#": # Command-line - continue - - if line[0] == '*': # Table - table_line = line.rstrip()[1:] - ret = table_process(table_line, filename, lineno) - if (ret != 0): - total_test_passed = False - break - continue - - if line[0] == ":": # Chain - chain_line = line.rstrip()[1:].split(";") - ret = chain_process(chain_line, filename, lineno) - if ret != 0: - total_test_passed = False - break - continue - - if line[0] == "!": # Adds this set - set_line = line.rstrip()[0:].split(" ") - ret = set_process(set_line, filename, lineno) - tests += 1 - if ret == -1: - total_test_passed = False - continue - passed += 1 - continue - - if line[0] == "?": # Adds elements in a set - element_line = line.rstrip()[1:].split(";") - ret = set_element_process(element_line, filename, lineno) - tests += 1 - if ret == -1: - total_test_passed = False - continue - - passed += 1 - continue - - # Rule - rule = line.split(';') # rule[1] Ok or FAIL - if len(rule) == 1 or len(rule) > 3 or rule[1].rstrip() not in {"ok", "fail"}: - reason = "Skipping malformed rule test. (" + line.rstrip('\n') + ")" - print_warning(reason, filename, lineno) - continue - - if line[0] == "-": # Run omitted lines - if need_fix_option: - rule[0] = rule[0].rstrip()[1:].strip() - else: - continue - elif need_fix_option: - continue - - result = rule_add(rule, table_list, chain_list, filename, lineno, - force_all_family_option, filename_path) - tests += 1 - ret = result[0] - warning = result[1] - total_warning += warning - total_error += result[2] - total_unit_run += result[3] - - if ret != 0: - total_test_passed = False - continue - - if warning == 0: # All ok. - passed += 1 - - # Delete rules, sets, chains and tables - for table in table_list: - # We delete chains - for chain in chain_list: - ret = chain_delete(chain, table, filename, lineno) - if ret != 0: - total_test_passed = False - - # We delete sets. - if all_set: - ret = set_delete(all_set, table, filename, lineno) - if ret != 0: - total_test_passed = False - reason = "There is a problem when we delete a set" - print_error(reason, filename, lineno) - - # We delete tables. - ret = table_delete(table, filename, lineno) - - if ret != 0: - total_test_passed = False - - if specific_file: - if force_all_family_option: - print print_result_all(filename, tests, total_warning, total_error, - total_unit_run) - else: - print print_result(filename, tests, total_warning, total_error) - else: - if (tests == passed and tests > 0): - print filename + ": " + Colors.GREEN + "OK" + Colors.ENDC - - f.close() - del table_list[:] - del chain_list[:] - all_set.clear() - - return [tests, passed, total_warning, total_error, total_unit_run] - - -def main(): - parser = argparse.ArgumentParser(description='Run nft tests', - version='1.0') - - parser.add_argument('filename', nargs='?', - metavar='path/to/file.t', - help='Run only this test') - - parser.add_argument('-d', '--debug', action='store_true', - dest='debug', - help='enable debugging mode') - - parser.add_argument('-e', '--need-fix', action='store_true', - dest='need_fix_line', - help='run rules that need a fix') - - parser.add_argument('-f', '--force-family', action='store_true', - dest='force_all_family', - help='keep testing all families on error') - - args = parser.parse_args() - global debug_option, need_fix_option - debug_option = args.debug - need_fix_option = args.need_fix_line - force_all_family_option = args.force_all_family - specific_file = False - - signal.signal(signal.SIGINT, signal_handler) - signal.signal(signal.SIGTERM, signal_handler) - - if os.getuid() != 0: - print "You need to be root to run this, sorry" - return - - # Change working directory to repository root - os.chdir(TESTS_PATH + "/../..") - - if not os.path.isfile(NFT_BIN): - print "The nft binary does not exist. You need to build the project." - return - - test_files = files_ok = run_total = 0 - tests = passed = warnings = errors = 0 - global log_file - try: - log_file = open(LOGFILE, 'w') - except IOError: - print "Cannot open log file %s" % LOGFILE - return - - file_list = [] - if args.filename: - file_list = [args.filename] - specific_file = True - else: - for directory in TESTS_DIRECTORY: - path = os.path.join(TESTS_PATH, directory) - for root, dirs, files in os.walk(path): - for f in files: - if f.endswith(".t"): - file_list.append(os.path.join(directory, f)) - - for filename in file_list: - result = run_test_file(filename, force_all_family_option, specific_file) - file_tests = result[0] - file_passed = result[1] - file_warnings = result[2] - file_errors = result[3] - file_unit_run = result[4] - - test_files += 1 - - if file_warnings == 0 and file_tests == file_passed: - files_ok += 1 - if file_tests: - tests += file_tests - passed += file_passed - errors += file_errors - warnings += file_warnings - if force_all_family_option: - run_total += file_unit_run - - if test_files == 0: - print "No test files to run" - else: - if not specific_file: - if force_all_family_option: - print ("%d test files, %d files passed, %d unit tests, %d total executed, %d error, %d warning" % - (test_files, files_ok, tests, run_total, errors, warnings)) - else: - print ("%d test files, %d files passed, %d unit tests, %d error, %d warning" % - (test_files, files_ok, tests, errors, warnings)) - -if __name__ == '__main__': - main() diff --git a/tests/set b/tests/set deleted file mode 100644 index 3c040b0a..00000000 --- a/tests/set +++ /dev/null @@ -1,14 +0,0 @@ -#! nft -f - -add table filter -add chain filter output { type filter hook output priority 0 ; } - -# set: IP addresses -add rule filter output ip daddr { \ - 192.168.0.1, \ - 192.168.0.2, \ - 192.168.0.3, \ -} - -# set: tcp ports -add rule filter output tcp dport { 22, 23 } counter diff --git a/tests/stmt-log b/tests/stmt-log deleted file mode 100644 index 2ae7aae6..00000000 --- a/tests/stmt-log +++ /dev/null @@ -1,6 +0,0 @@ -#! nft -f - -add table ip filter -add chain ip filter output { type filter hook output priority 0; } - -add rule ip filter output log saddr "prefix" group 0 counter diff --git a/tests/symbolic-define.1 b/tests/symbolic-define.1 deleted file mode 100644 index 712ef715..00000000 --- a/tests/symbolic-define.1 +++ /dev/null @@ -1,7 +0,0 @@ -#! nft -f - -# error: variable use before definition -define var2 = $var1 -define var1 = eth0 - -filter input iif $var2 diff --git a/tests/symbolic-define.2 b/tests/symbolic-define.2 deleted file mode 100644 index cd3c23c3..00000000 --- a/tests/symbolic-define.2 +++ /dev/null @@ -1,7 +0,0 @@ -#! nft -f - -# error: redefinition of an existing variable -define var1 = eth0 -define var1 = eth0 - -filter input iif $var1 diff --git a/tests/symbolic-define.3 b/tests/symbolic-define.3 deleted file mode 100644 index ba224df7..00000000 --- a/tests/symbolic-define.3 +++ /dev/null @@ -1,6 +0,0 @@ -#! nft -f - -# error: recursive definition of a variable -define var1 = $var1 - -filter input iif $var1 diff --git a/tests/verdict-maps b/tests/verdict-maps deleted file mode 100644 index c1630ce3..00000000 --- a/tests/verdict-maps +++ /dev/null @@ -1,20 +0,0 @@ -#! nft -f -# - -add table ip filter -add chain ip filter input { type filter hook input priority 0; } - -add chain ip filter chain1 -add filter chain1 counter - -add chain ip filter chain2 -add filter chain2 counter - -add chain ip filter chain3 -add filter chain3 counter - -add filter input ip saddr vmap { \ - 10.0.0.0/24 : jump chain1, \ - 10.0.0.0/8 : jump chain2, \ - 8.8.8.8 : jump chain3 \ -} -- cgit v1.2.3