tests/py/inet/sets.t.json


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

# ip saddr @set1 drop
[
    {
        "match": {
            "left": {
                "payload": {
                    "field": "saddr",
                    "protocol": "ip"
                }
            },
	    "op": "==",
            "right": "@set1"
        }
    },
    {
        "drop": null
    }
]

# ip6 daddr != @set2 accept
[
    {
        "match": {
            "left": {
                "payload": {
                    "field": "daddr",
                    "protocol": "ip6"
                }
            },
            "op": "!=",
            "right": "@set2"
        }
    },
    {
        "accept": null
    }
]

# ip saddr . ip daddr . tcp dport @set3 accept
[
    {
        "match": {
            "left": {
                "concat": [
                    {
                        "payload": {
                            "field": "saddr",
                            "protocol": "ip"
                        }
                    },
                    {
                        "payload": {
                            "field": "daddr",
                            "protocol": "ip"
                        }
                    },
                    {
                        "payload": {
                            "field": "dport",
                            "protocol": "tcp"
                        }
                    }
                ]
            },
            "op": "==",
            "right": "@set3"
        }
    },
    {
        "accept": null
    }
]

# ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept
[
    {
        "match": {
            "left": {
                "concat": [
                    {
                        "payload": {
                            "field": "daddr",
                            "protocol": "ip"
                        }
                    },
                    {
                        "payload": {
                            "field": "dport",
                            "protocol": "tcp"
                        }
                    }
                ]
            },
            "op": "==",
            "right": {
                "set": [
                    {
                        "concat": [
                            {
                                "prefix": {
                                    "addr": "10.0.0.0",
                                    "len": 8
                                }
                            },
                            {
                                "range": [
                                    10,
                                    23
                                ]
                            }
                        ]
                    },
                    {
                        "concat": [
                            {
                                "range": [
                                    "192.168.1.1",
                                    "192.168.3.8"
                                ]
                            },
                            {
                                "range": [
                                    80,
                                    443
                                ]
                            }
                        ]
                    }
                ]
            }
        }
    },
    {
        "accept": null
    }
]