summaryrefslogtreecommitdiffstats
path: root/tests/py/inet/tcp.t
blob: f51ebd36b503f0a2d37b47b4b79a4bc02859a332 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
:input;type filter hook input priority 0
:ingress;type filter hook ingress device lo priority 0
:egress;type filter hook egress device lo priority 0

*ip;test-ip4;input
*ip6;test-ip6;input
*inet;test-inet;input
*netdev;test-netdev;ingress,egress

tcp dport set {1, 2, 3};fail

tcp dport 22;ok
tcp dport != 233;ok
tcp dport 33-45;ok
tcp dport != 33-45;ok
tcp dport { 33, 55, 67, 88};ok
tcp dport != { 33, 55, 67, 88};ok
tcp dport {telnet, http, https} accept;ok;tcp dport { 443, 23, 80} accept
tcp dport vmap { 22 : accept, 23 : drop };ok
tcp dport vmap { 25:accept, 28:drop };ok
tcp dport { 22, 53, 80, 110 };ok
tcp dport != { 22, 53, 80, 110 };ok
# BUG: invalid expression type set
# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.

tcp sport 22;ok
tcp sport != 233;ok
tcp sport 33-45;ok
tcp sport != 33-45;ok
tcp sport { 33, 55, 67, 88};ok
tcp sport != { 33, 55, 67, 88};ok
tcp sport vmap { 25:accept, 28:drop };ok

tcp sport 8080 drop;ok
tcp sport 1024 tcp dport 22;ok
tcp sport 1024 tcp dport 22 tcp sequence 0;ok

tcp sequence 0 tcp sport 1024 tcp dport 22;ok
tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22;ok;tcp sequence 0 tcp sport { 1022, 1024} tcp dport 22

tcp sequence 22;ok
tcp sequence != 233;ok
tcp sequence 33-45;ok
tcp sequence != 33-45;ok
tcp sequence { 33, 55, 67, 88};ok
tcp sequence != { 33, 55, 67, 88};ok

tcp ackseq 42949672 drop;ok
tcp ackseq 22;ok
tcp ackseq != 233;ok
tcp ackseq 33-45;ok
tcp ackseq != 33-45;ok
tcp ackseq { 33, 55, 67, 88};ok
tcp ackseq != { 33, 55, 67, 88};ok

- tcp doff 22;ok
- tcp doff != 233;ok
- tcp doff 33-45;ok
- tcp doff != 33-45;ok
- tcp doff { 33, 55, 67, 88};ok
- tcp doff != { 33, 55, 67, 88};ok

# BUG reserved
# BUG: It is accepted but it is not shown then. tcp reserver

tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop;ok
tcp flags != { fin, urg, ecn, cwr} drop;ok
tcp flags cwr;ok
tcp flags != cwr;ok
tcp flags == syn;ok
tcp flags fin,syn / fin,syn;ok
tcp flags != syn / fin,syn;ok
tcp flags & syn != 0;ok;tcp flags syn
tcp flags & syn == 0;ok;tcp flags ! syn
tcp flags & (syn | ack) != 0;ok;tcp flags syn,ack
tcp flags & (syn | ack) == 0;ok;tcp flags ! syn,ack
# it should be possible to transform this to: tcp flags syn
tcp flags & syn == syn;ok
tcp flags & syn != syn;ok
tcp flags & (fin | syn | rst | ack) syn;ok;tcp flags syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | ack) == syn;ok;tcp flags syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | ack) != syn;ok;tcp flags != syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | ack) == (syn | ack);ok;tcp flags syn,ack / fin,syn,rst,ack
tcp flags & (fin | syn | rst | ack) != (syn | ack);ok;tcp flags != syn,ack / fin,syn,rst,ack
tcp flags & (syn | ack) == (syn | ack);ok;tcp flags syn,ack / syn,ack
tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff
tcp flags { syn, syn | ack };ok
tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack };ok
tcp flags ! fin,rst;ok
tcp flags & (fin | syn | rst | ack) ! syn;fail

tcp window 22222;ok
tcp window 22;ok
tcp window != 233;ok
tcp window 33-45;ok
tcp window != 33-45;ok
tcp window { 33, 55, 67, 88};ok
tcp window != { 33, 55, 67, 88};ok

tcp checksum 22;ok
tcp checksum != 233;ok
tcp checksum 33-45;ok
tcp checksum != 33-45;ok
tcp checksum { 33, 55, 67, 88};ok
tcp checksum != { 33, 55, 67, 88};ok

tcp urgptr 1234 accept;ok
tcp urgptr 22;ok
tcp urgptr != 233;ok
tcp urgptr 33-45;ok
tcp urgptr != 33-45;ok
tcp urgptr { 33, 55, 67, 88};ok
tcp urgptr != { 33, 55, 67, 88};ok

tcp doff 8;ok