1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
# hbh hdrlength 22
inet test-inet filter-input
[ exthdr load 1b @ 0 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000016 ]
# hbh hdrlength != 233
inet test-inet filter-input
[ exthdr load 1b @ 0 + 1 => reg 1 ]
[ cmp neq reg 1 0x000000e9 ]
# hbh hdrlength 33-45
inet test-inet filter-input
[ exthdr load 1b @ 0 + 1 => reg 1 ]
[ cmp gte reg 1 0x00000021 ]
[ cmp lte reg 1 0x0000002d ]
# hbh hdrlength != 33-45
inet test-inet filter-input
[ exthdr load 1b @ 0 + 1 => reg 1 ]
[ cmp lt reg 1 0x00000021 ]
[ cmp gt reg 1 0x0000002d ]
# hbh hdrlength {33, 55, 67, 88}
set%d test-inet 3
set%d test-inet 0
element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
inet test-inet filter-input
[ exthdr load 1b @ 0 + 1 => reg 1 ]
[ lookup reg 1 set set%d ]
# hbh hdrlength { 33-55}
set%d test-inet 7
set%d test-inet 0
element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
inet test-inet filter-input
[ exthdr load 1b @ 0 + 1 => reg 1 ]
[ lookup reg 1 set set%d ]
# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
set%d test-inet 3
set%d test-inet 0
element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
inet test-inet filter-input
[ exthdr load 1b @ 0 + 0 => reg 1 ]
[ lookup reg 1 set set%d ]
# hbh nexthdr 22
inet test-inet filter-input
[ exthdr load 1b @ 0 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000016 ]
# hbh nexthdr != 233
inet test-inet filter-input
[ exthdr load 1b @ 0 + 0 => reg 1 ]
[ cmp neq reg 1 0x000000e9 ]
# hbh nexthdr 33-45
inet test-inet filter-input
[ exthdr load 1b @ 0 + 0 => reg 1 ]
[ cmp gte reg 1 0x00000021 ]
[ cmp lte reg 1 0x0000002d ]
# hbh nexthdr != 33-45
inet test-inet filter-input
[ exthdr load 1b @ 0 + 0 => reg 1 ]
[ cmp lt reg 1 0x00000021 ]
[ cmp gt reg 1 0x0000002d ]
# hbh nexthdr {33, 55, 67, 88}
set%d test-inet 3
set%d test-inet 0
element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
inet test-inet filter-input
[ exthdr load 1b @ 0 + 0 => reg 1 ]
[ lookup reg 1 set set%d ]
# hbh nexthdr { 33-55}
set%d test-inet 7
set%d test-inet 0
element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end]
inet test-inet filter-input
[ exthdr load 1b @ 0 + 0 => reg 1 ]
[ lookup reg 1 set set%d ]
# hbh nexthdr ip
inet test-inet filter-input
[ exthdr load 1b @ 0 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000000 ]
# hbh nexthdr != ip
inet test-inet filter-input
[ exthdr load 1b @ 0 + 0 => reg 1 ]
[ cmp neq reg 1 0x00000000 ]
|