diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-24 20:54:37 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-24 21:14:12 +0200 |
| commit | 54aa3de7b49a20a65e0fa0a36204bd387d4f40c9 (patch) | |
| tree | 5d1bcf1c9570b55a1a3a9c243df52e7ed7aef027 /tests/py/ip | |
| parent | d03bcb669c0c645190df9bd166f53380bcac7862 (diff) | |
Revert "tests: py: remove single-value-anon-set test cases"
This reverts commit d03bcb669c0c645190df9bd166f53380bcac7862.
Diffstat (limited to 'tests/py/ip')
| -rw-r--r-- | tests/py/ip/icmp.t | 14 | ||||
| -rw-r--r-- | tests/py/ip/icmp.t.json | 286 | ||||
| -rw-r--r-- | tests/py/ip/icmp.t.payload.ip | 142 | ||||
| -rw-r--r-- | tests/py/ip/ip.t | 12 | ||||
| -rw-r--r-- | tests/py/ip/ip.t.json | 240 | ||||
| -rw-r--r-- | tests/py/ip/ip.t.payload.bridge | 120 | ||||
| -rw-r--r-- | tests/py/ip/ip.t.payload.inet | 120 | ||||
| -rw-r--r-- | tests/py/ip/ip.t.payload.netdev | 124 |
8 files changed, 1056 insertions, 2 deletions
diff --git a/tests/py/ip/icmp.t b/tests/py/ip/icmp.t index 25c2a7d6..6c05fb9d 100644 --- a/tests/py/ip/icmp.t +++ b/tests/py/ip/icmp.t @@ -26,6 +26,8 @@ icmp code 111 accept;ok icmp code != 111 accept;ok icmp code 33-55;ok icmp code != 33-55;ok +icmp code { 33-55};ok +icmp code != { 33-55};ok icmp code { 2, 4, 54, 33, 56};ok;icmp code { prot-unreachable, 4, 33, 54, 56} icmp code != { prot-unreachable, 4, 33, 54, 56};ok @@ -33,6 +35,8 @@ icmp checksum 12343 accept;ok icmp checksum != 12343 accept;ok icmp checksum 11-343 accept;ok icmp checksum != 11-343 accept;ok +icmp checksum { 11-343} accept;ok +icmp checksum != { 11-343} accept;ok icmp checksum { 1111, 222, 343} accept;ok icmp checksum != { 1111, 222, 343} accept;ok @@ -41,6 +45,8 @@ icmp id 22;ok icmp id != 233;ok icmp id 33-45;ok icmp id != 33-45;ok +icmp id { 33-55};ok +icmp id != { 33-55};ok icmp id { 22, 34, 333};ok icmp id != { 22, 34, 333};ok @@ -50,15 +56,21 @@ icmp sequence 33-45;ok icmp sequence != 33-45;ok icmp sequence { 33, 55, 67, 88};ok icmp sequence != { 33, 55, 67, 88};ok +icmp sequence { 33-55};ok +icmp sequence != { 33-55};ok icmp mtu 33;ok icmp mtu 22-33;ok +icmp mtu { 22-33};ok +icmp mtu != { 22-33};ok icmp mtu 22;ok icmp mtu != 233;ok icmp mtu 33-45;ok icmp mtu != 33-45;ok icmp mtu { 33, 55, 67, 88};ok icmp mtu != { 33, 55, 67, 88};ok +icmp mtu { 33-55};ok +icmp mtu != { 33-55};ok icmp gateway 22;ok icmp gateway != 233;ok @@ -66,5 +78,7 @@ icmp gateway 33-45;ok icmp gateway != 33-45;ok icmp gateway { 33, 55, 67, 88};ok icmp gateway != { 33, 55, 67, 88};ok +icmp gateway { 33-55};ok +icmp gateway != { 33-55};ok icmp gateway != 34;ok icmp gateway != { 333, 334};ok diff --git a/tests/py/ip/icmp.t.json b/tests/py/ip/icmp.t.json index ed136cdf..4e172745 100644 --- a/tests/py/ip/icmp.t.json +++ b/tests/py/ip/icmp.t.json @@ -416,6 +416,46 @@ } ] +# icmp code { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp code != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "code", + "protocol": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # icmp code { 2, 4, 54, 33, 56} [ { @@ -544,6 +584,52 @@ } ] +# icmp checksum { 11-343} accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 11, 343 ] } + ] + } + } + }, + { + "accept": null + } +] + +# icmp checksum != { 11-343} accept +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "protocol": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 11, 343 ] } + ] + } + } + }, + { + "accept": null + } +] + # icmp checksum { 1111, 222, 343} accept [ { @@ -681,6 +767,46 @@ } ] +# icmp id { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp id != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # icmp id { 22, 34, 333} [ { @@ -839,6 +965,46 @@ } ] +# icmp sequence { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp sequence != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "sequence", + "protocol": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # icmp mtu 33 [ { @@ -873,6 +1039,46 @@ } ] +# icmp mtu { 22-33} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 22, 33 ] } + ] + } + } + } +] + +# icmp mtu != { 22-33} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "protocol": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 22, 33 ] } + ] + } + } + } +] + # icmp mtu 22 [ { @@ -987,6 +1193,46 @@ } ] +# icmp mtu { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp mtu != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "mtu", + "protocol": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # icmp gateway 22 [ { @@ -1101,6 +1347,46 @@ } ] +# icmp gateway { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "protocol": "icmp" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# icmp gateway != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "gateway", + "protocol": "icmp" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # icmp gateway != 34 [ { diff --git a/tests/py/ip/icmp.t.payload.ip b/tests/py/ip/icmp.t.payload.ip index b16533f5..27f22207 100644 --- a/tests/py/ip/icmp.t.payload.ip +++ b/tests/py/ip/icmp.t.payload.ip @@ -154,6 +154,26 @@ ip test-ip4 input [ payload load 1b @ transport header + 1 => reg 1 ] [ range neq reg 1 0x00000021 0x00000037 ] +# icmp code { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# icmp code != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp code { 2, 4, 54, 33, 56} __set%d test-ip4 3 __set%d test-ip4 0 @@ -207,6 +227,28 @@ ip test-ip4 input [ range neq reg 1 0x00000b00 0x00005701 ] [ immediate reg 0 accept ] +# icmp checksum { 11-343} accept +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __set%d ] + [ immediate reg 0 accept ] + +# icmp checksum != { 11-343} accept +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # icmp checksum { 1111, 222, 343} accept __set%d test-ip4 3 __set%d test-ip4 0 @@ -266,6 +308,26 @@ ip test-ip4 input [ payload load 2b @ transport header + 4 => reg 1 ] [ range neq reg 1 0x00002100 0x00002d00 ] +# icmp id { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# icmp id != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp id { 22, 34, 333} __set%d test-ip4 3 __set%d test-ip4 0 @@ -335,6 +397,26 @@ ip test-ip4 input [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# icmp sequence { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# icmp sequence != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp mtu 33 ip test-ip4 input [ meta load l4proto => reg 1 ] @@ -350,6 +432,26 @@ ip test-ip4 input [ cmp gte reg 1 0x00001600 ] [ cmp lte reg 1 0x00002100 ] +# icmp mtu { 22-33} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# icmp mtu != { 22-33} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp mtu 22 ip test-ip4 input [ meta load l4proto => reg 1 ] @@ -399,6 +501,26 @@ ip test-ip4 input [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# icmp mtu { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# icmp mtu != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp gateway 22 ip test-ip4 input [ meta load l4proto => reg 1 ] @@ -448,6 +570,26 @@ ip test-ip4 input [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# icmp gateway { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# icmp gateway != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp gateway != 34 ip test-ip4 input [ meta load l4proto => reg 1 ] diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t index a667680a..0421d01b 100644 --- a/tests/py/ip/ip.t +++ b/tests/py/ip/ip.t @@ -39,6 +39,8 @@ ip length 333-435;ok ip length != 333-453;ok ip length { 333, 553, 673, 838};ok ip length != { 333, 553, 673, 838};ok +ip length { 333-535};ok +ip length != { 333-535};ok ip id 22;ok ip id != 233;ok @@ -46,6 +48,8 @@ ip id 33-45;ok ip id != 33-45;ok ip id { 33, 55, 67, 88};ok ip id != { 33, 55, 67, 88};ok +ip id { 33-55};ok +ip id != { 33-55};ok ip frag-off 222 accept;ok ip frag-off != 233;ok @@ -53,6 +57,8 @@ ip frag-off 33-45;ok ip frag-off != 33-45;ok ip frag-off { 33, 55, 67, 88};ok ip frag-off != { 33, 55, 67, 88};ok +ip frag-off { 33-55};ok +ip frag-off != { 33-55};ok ip ttl 0 drop;ok ip ttl 233;ok @@ -60,6 +66,8 @@ ip ttl 33-55;ok ip ttl != 45-50;ok ip ttl {43, 53, 45 };ok ip ttl != {43, 53, 45 };ok +ip ttl { 33-55};ok +ip ttl != { 33-55};ok ip protocol tcp;ok;ip protocol 6 ip protocol != tcp;ok;ip protocol != 6 @@ -76,6 +84,8 @@ ip checksum 33-45;ok ip checksum != 33-45;ok ip checksum { 33, 55, 67, 88};ok ip checksum != { 33, 55, 67, 88};ok +ip checksum { 33-55};ok +ip checksum != { 33-55};ok ip saddr set {192.19.1.2, 191.1.22.1};fail @@ -89,6 +99,8 @@ ip daddr 10.0.0.0-10.255.255.255;ok ip daddr 172.16.0.0-172.31.255.255;ok ip daddr 192.168.3.1-192.168.4.250;ok ip daddr != 192.168.0.1-192.168.0.250;ok +ip daddr { 192.168.0.1-192.168.0.250};ok +ip daddr != { 192.168.0.1-192.168.0.250};ok ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok diff --git a/tests/py/ip/ip.t.json b/tests/py/ip/ip.t.json index 42f936c1..3131ab79 100644 --- a/tests/py/ip/ip.t.json +++ b/tests/py/ip/ip.t.json @@ -270,6 +270,46 @@ } ] +# ip length { 333-535} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "protocol": "ip" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 333, 535 ] } + ] + } + } + } +] + +# ip length != { 333-535} +[ + { + "match": { + "left": { + "payload": { + "field": "length", + "protocol": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 333, 535 ] } + ] + } + } + } +] + # ip id 22 [ { @@ -384,6 +424,46 @@ } ] +# ip id { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "ip" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip id != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "id", + "protocol": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # ip frag-off 222 accept [ { @@ -501,6 +581,46 @@ } ] +# ip frag-off { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip frag-off != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "frag-off", + "protocol": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # ip ttl 0 drop [ { @@ -616,6 +736,46 @@ } ] +# ip ttl { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "ttl", + "protocol": "ip" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip ttl != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "ttl", + "protocol": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # ip protocol tcp [ { @@ -859,6 +1019,46 @@ } ] +# ip checksum { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "protocol": "ip" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# ip checksum != { 33-55} +[ + { + "match": { + "left": { + "payload": { + "field": "checksum", + "protocol": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # ip saddr 192.168.2.0/24 [ { @@ -1051,6 +1251,46 @@ } ] +# ip daddr { 192.168.0.1-192.168.0.250} +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ "192.168.0.1", "192.168.0.250" ] } + ] + } + } + } +] + +# ip daddr != { 192.168.0.1-192.168.0.250} +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ "192.168.0.1", "192.168.0.250" ] } + ] + } + } + } +] + # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept [ { diff --git a/tests/py/ip/ip.t.payload.bridge b/tests/py/ip/ip.t.payload.bridge index f4996fde..ad1d0aa8 100644 --- a/tests/py/ip/ip.t.payload.bridge +++ b/tests/py/ip/ip.t.payload.bridge @@ -113,6 +113,26 @@ bridge test-bridge input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip length { 333-535} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip length != { 333-535} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip id 22 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] @@ -162,6 +182,26 @@ bridge test-bridge input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip id { 33-55} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip id != { 33-55} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip frag-off 222 accept bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] @@ -212,6 +252,26 @@ bridge test-bridge input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip frag-off { 33-55} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip frag-off != { 33-55} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip ttl 0 drop bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] @@ -262,6 +322,26 @@ bridge test-bridge input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip ttl { 33-55} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip ttl != { 33-55} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip protocol tcp bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] @@ -362,6 +442,26 @@ bridge test-bridge input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip checksum { 33-55} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip checksum != { 33-55} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip saddr 192.168.2.0/24 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] @@ -440,6 +540,26 @@ bridge test-bridge input [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] +# ip daddr { 192.168.0.1-192.168.0.250} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip daddr != { 192.168.0.1-192.168.0.250} +__set%d test-bridge 7 size 3 +__set%d test-bridge 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-bridge 3 size 3 __set%d test-bridge 0 diff --git a/tests/py/ip/ip.t.payload.inet b/tests/py/ip/ip.t.payload.inet index e68888cb..b9cb28a2 100644 --- a/tests/py/ip/ip.t.payload.inet +++ b/tests/py/ip/ip.t.payload.inet @@ -113,6 +113,26 @@ inet test-inet input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip length { 333-535} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip length != { 333-535} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip id 22 inet test-inet input [ meta load nfproto => reg 1 ] @@ -162,6 +182,26 @@ inet test-inet input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip id { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip id != { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip frag-off 222 accept inet test-inet input [ meta load nfproto => reg 1 ] @@ -212,6 +252,26 @@ inet test-inet input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip frag-off { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip frag-off != { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip ttl 0 drop inet test-inet input [ meta load nfproto => reg 1 ] @@ -262,6 +322,26 @@ inet test-inet input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip ttl { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip ttl != { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip protocol tcp inet test-inet input [ meta load nfproto => reg 1 ] @@ -362,6 +442,26 @@ inet test-inet input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip checksum { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip checksum != { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip saddr 192.168.2.0/24 inet test-inet input [ meta load nfproto => reg 1 ] @@ -440,6 +540,26 @@ inet test-inet input [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] +# ip daddr { 192.168.0.1-192.168.0.250} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip daddr != { 192.168.0.1-192.168.0.250} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-inet 3 __set%d test-inet 0 diff --git a/tests/py/ip/ip.t.payload.netdev b/tests/py/ip/ip.t.payload.netdev index bab6fd5c..588e5ca2 100644 --- a/tests/py/ip/ip.t.payload.netdev +++ b/tests/py/ip/ip.t.payload.netdev @@ -47,6 +47,26 @@ netdev test-netdev ingress [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip length { 333-535} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip length != { 333-535} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip id 22 netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -96,6 +116,26 @@ netdev test-netdev ingress [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip id { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip id != { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip frag-off 222 accept netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -112,7 +152,7 @@ netdev test-netdev ingress [ cmp neq reg 1 0x0000e900 ] # ip frag-off 33-45 -netdev test-netdev ingress +netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] @@ -120,7 +160,7 @@ netdev test-netdev ingress [ cmp lte reg 1 0x00002d00 ] # ip frag-off != 33-45 -netdev test-netdev ingress +netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ payload load 2b @ network header + 6 => reg 1 ] @@ -146,6 +186,26 @@ netdev test-netdev ingress [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip frag-off { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip frag-off != { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip ttl 0 drop netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -189,6 +249,26 @@ netdev test-netdev ingress [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip ttl { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip ttl != { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept __set%d test-netdev 3 __set%d test-netdev 0 @@ -275,6 +355,26 @@ netdev test-netdev ingress [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ip checksum { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip checksum != { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip saddr 192.168.2.0/24 netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -346,6 +446,26 @@ netdev test-netdev ingress [ payload load 4b @ network header + 16 => reg 1 ] [ range neq reg 1 0x0100a8c0 0xfa00a8c0 ] +# ip daddr { 192.168.0.1-192.168.0.250} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d ] + +# ip daddr != { 192.168.0.1-192.168.0.250} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-netdev 3 __set%d test-netdev 0 |