diff options
| author | Jeremy Sowden <jeremy@azazel.net> | 2024-11-19 00:18:28 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-12-04 15:35:55 +0100 |
| commit | 54bfc38c522babe709e951f1fd128ff725b36704 (patch) | |
| tree | 4432fccc08834428082c176fab42cbb3e880e819 /tests/py/ip6 | |
| parent | bc0311378285d41850e3508df905d75959ba4239 (diff) | |
src: allow binop expressions with variable right-hand operands
Hitherto, the kernel has required constant values for the `xor` and
`mask` attributes of boolean bitwise expressions. This has meant that
the right-hand operand of a boolean binop must be constant. Now the
kernel has support for AND, OR and XOR operations with right-hand
operands passed via registers, we can relax this restriction. Allow
non-constant right-hand operands if the left-hand operand is not
constant, e.g.:
ct mark & 0xffff0000 | meta mark & 0xffff
The kernel now supports performing AND, OR and XOR operations directly,
on one register and an immediate value or on two registers, so we need
to be able to generate and parse bitwise boolean expressions of this
form.
If a boolean operation has a constant RHS, we continue to send a
mask-and-xor expression to the kernel.
Add tests for {ct,meta} mark with variable RHS operands.
JSON support is also included.
This requires Linux kernel >= 6.13-rc.
[ Originally posted as patch 1/8 and 6/8 which has been collapsed and
simplified to focus on initial {ct,meta} mark support. Tests have
been extracted from 8/8 including a tests/py fix to payload output
due to incorrect output in original patchset. JSON support has been
extracted from patch 7/8 --pablo]
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip6')
| -rw-r--r-- | tests/py/ip6/ct.t | 1 | ||||
| -rw-r--r-- | tests/py/ip6/ct.t.json | 32 | ||||
| -rw-r--r-- | tests/py/ip6/ct.t.payload | 12 |
3 files changed, 45 insertions, 0 deletions
diff --git a/tests/py/ip6/ct.t b/tests/py/ip6/ct.t index c06fd6a0..1617c68b 100644 --- a/tests/py/ip6/ct.t +++ b/tests/py/ip6/ct.t @@ -7,3 +7,4 @@ ct mark set ip6 dscp << 26 | 0x10;ok ct mark set ip6 dscp | 0x04;ok ct mark set ip6 dscp | 0xff000000;ok ct mark set ip6 dscp & 0x0f << 2;ok;ct mark set ip6 dscp & 0x3c +ct mark set ct mark | ip6 dscp | 0x200 counter;ok;ct mark set ct mark | ip6 dscp | 0x00000200 counter diff --git a/tests/py/ip6/ct.t.json b/tests/py/ip6/ct.t.json index 7d8c88bb..2633c2b9 100644 --- a/tests/py/ip6/ct.t.json +++ b/tests/py/ip6/ct.t.json @@ -291,3 +291,35 @@ } } ] + +# ct mark set ct mark | ip6 dscp | 0x200 counter +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "ct": { + "key": "mark" + } + }, + { + "payload": { + "protocol": "ip6", + "field": "dscp" + } + }, + 512 + ] + } + } + }, + { + "counter": null + } +] diff --git a/tests/py/ip6/ct.t.payload b/tests/py/ip6/ct.t.payload index 944208f2..a7a56d4b 100644 --- a/tests/py/ip6/ct.t.payload +++ b/tests/py/ip6/ct.t.payload @@ -44,3 +44,15 @@ ip6 test-ip6 output [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ bitwise reg 1 = ( reg 1 & 0x0000003c ) ^ 0x00000000 ] [ ct set mark with reg 1 ] + +# ct mark set ct mark | ip6 dscp | 0x200 counter +ip6 test-ip6 output + [ ct load mark => reg 1 ] + [ payload load 2b @ network header + 0 => reg 2 ] + [ bitwise reg 2 = ( reg 2 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 2 = ntoh(reg 2, 2, 2) ] + [ bitwise reg 2 = ( reg 2 >> 0x00000006 ) ] + [ bitwise reg 1 = ( reg 1 | reg 2 ) ] + [ bitwise reg 1 = ( reg 1 & 0xfffffdff ) ^ 0x00000200 ] + [ ct set mark with reg 1 ] + [ counter pkts 0 bytes 0 ] |