blob: 4ba9ea8e4fac77c5642bd1342a768f7015e3a526 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
# esp spi 100
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ cmp eq reg 1 0x64000000 ]
# esp spi != 100
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ cmp neq reg 1 0x64000000 ]
# esp spi 111-222
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ cmp gte reg 1 0x6f000000 ]
[ cmp lte reg 1 0xde000000 ]
# esp spi != 111-222
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ cmp lt reg 1 0x6f000000 ]
[ cmp gt reg 1 0xde000000 ]
# esp spi { 100, 102}
set%d test-inet 3
set%d test-inet 0
element 64000000 : 0 [end] element 66000000 : 0 [end]
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ lookup reg 1 set set%d ]
# esp spi { 100-102}
set%d test-inet 7
set%d test-inet 0
element 00000000 : 1 [end] element 64000000 : 0 [end] element 67000000 : 1 [end]
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ lookup reg 1 set set%d ]
# esp sequence 22
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 4 => reg 1 ]
[ cmp eq reg 1 0x16000000 ]
# esp sequence 22-24
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 4 => reg 1 ]
[ cmp gte reg 1 0x16000000 ]
[ cmp lte reg 1 0x18000000 ]
# esp sequence != 22-24
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 4 => reg 1 ]
[ cmp lt reg 1 0x16000000 ]
[ cmp gt reg 1 0x18000000 ]
# esp sequence { 22, 24}
set%d test-inet 3
set%d test-inet 0
element 16000000 : 0 [end] element 18000000 : 0 [end]
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 4 => reg 1 ]
[ lookup reg 1 set set%d ]
# esp sequence { 22-25}
set%d test-inet 7
set%d test-inet 0
element 00000000 : 1 [end] element 16000000 : 0 [end] element 1a000000 : 1 [end]
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 4 => reg 1 ]
[ lookup reg 1 set set%d ]
|