diff options
| author | Florian Westphal <fw@strlen.de> | 2015-07-10 11:56:31 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2015-07-20 17:26:37 +0200 |
| commit | 0abfb2b7e01ca07efe1be16a1a5bd8925340dc41 (patch) | |
| tree | 0b4b3f892c990e66f4a01a5d5ba15d3a9c720d47 /tests/regression/any/ct.t.payload | |
| parent | efd09355038d53fdd3841ab5ccae1543c4967daf (diff) | |
tests: validate generated netlink instructions
compare netlink instructions generated by given nft command line
with recorded version.
Example: udp dport 80 accept in ip family should look like
ip test-ip4 input
[ payload load 1b @ network header + 9 => reg 1 ]
[ cmp eq reg 1 0x00000011 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ cmp eq reg 1 0x00005000 ]
[ immediate reg 0 accept ]
This is stored in udp.t.payload.ip
Other suffixes:
.payload.ip6
.payload.inet
.payload ('any')
The test script first looks for 'testname.t.payload.$family', if that
doesn't exist 'testname.t.payload' is used.
This allows for family independent test (e.g. meta), where we don't
expect/have any family specific expressions.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/regression/any/ct.t.payload')
| -rw-r--r-- | tests/regression/any/ct.t.payload | 239 |
1 files changed, 239 insertions, 0 deletions
diff --git a/tests/regression/any/ct.t.payload b/tests/regression/any/ct.t.payload new file mode 100644 index 00000000..f77c2842 --- /dev/null +++ b/tests/regression/any/ct.t.payload @@ -0,0 +1,239 @@ +# ct state new,established, related, untracked +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000004e ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct state != related +ip test-ip4 output + [ ct load state => reg 1 ] + [ cmp neq reg 1 0x00000004 ] + +# ct state {new,established, related, untracked} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000008 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000040 : 0 [end] +ip test-ip4 output + [ ct load state => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct state invalid drop +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ immediate reg 0 drop ] + +# ct state established accept +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ immediate reg 0 accept ] + +# ct state 8 +ip test-ip4 output + [ ct load state => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000008 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct direction original +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# ct direction != original +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp neq reg 1 0x00000000 ] + +# ct direction reply +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + +# ct direction != reply +ip test-ip4 output + [ ct load direction => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# ct direction {reply, original} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000000 : 0 [end] +ip test-ip4 output + [ ct load direction => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct status expected +ip test-ip4 output + [ ct load status => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct status != expected +ip test-ip4 output + [ ct load status => reg 1 ] + [ cmp neq reg 1 0x00000001 ] + +# ct status seen-reply +ip test-ip4 output + [ ct load status => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct status != seen-reply +ip test-ip4 output + [ ct load status => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# ct status {expected, seen-reply, assured, confirmed, dying} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000008 : 0 [end] element 00000200 : 0 [end] +ip test-ip4 output + [ ct load status => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct mark 0 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp eq reg 1 0x00000000 ] + +# ct mark or 0x23 == 0x11 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xffffffdc ) ^ 0x00000023 ] + [ cmp eq reg 1 0x00000011 ] + +# ct mark or 0x3 != 0x1 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xfffffffc ) ^ 0x00000003 ] + [ cmp neq reg 1 0x00000001 ] + +# ct mark and 0x23 == 0x11 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000023 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000011 ] + +# ct mark and 0x3 != 0x1 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000001 ] + +# ct mark xor 0x23 == 0x11 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ct mark xor 0x3 != 0x1 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp neq reg 1 0x00000002 ] + +# ct mark 0x00000032 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp eq reg 1 0x00000032 ] + +# ct mark != 0x00000032 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ cmp neq reg 1 0x00000032 ] + +# ct mark 0x00000032-0x00000045 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x32000000 ] + [ cmp lte reg 1 0x45000000 ] + +# ct mark != 0x00000032-0x00000045 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x32000000 ] + [ cmp gt reg 1 0x45000000 ] + +# ct mark {0x32, 0x2222, 0x42de3} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000032 : 0 [end] element 00002222 : 0 [end] element 00042de3 : 0 [end] +ip test-ip4 output + [ ct load mark => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct mark set 0x11 xor 0x1331 +ip test-ip4 output + [ immediate reg 1 0x00001320 ] + [ ct set mark with reg 1 ] + +# ct mark set 0x11333 and 0x11 +ip test-ip4 output + [ immediate reg 1 0x00000011 ] + [ ct set mark with reg 1 ] + +# ct mark set 0x12 or 0x11 +ip test-ip4 output + [ immediate reg 1 0x00000013 ] + [ ct set mark with reg 1 ] + +# ct mark set 0x11 +ip test-ip4 output + [ immediate reg 1 0x00000011 ] + [ ct set mark with reg 1 ] + +# ct expiration 30 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ cmp eq reg 1 0x0000001e ] + +# ct expiration 22 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ cmp eq reg 1 0x00000016 ] + +# ct expiration != 233 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ cmp neq reg 1 0x000000e9 ] + +# ct expiration 33-45 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp gte reg 1 0x21000000 ] + [ cmp lte reg 1 0x2d000000 ] + +# ct expiration != 33-45 +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ cmp lt reg 1 0x21000000 ] + [ cmp gt reg 1 0x2d000000 ] + +# ct expiration {33, 55, 67, 88} +set%d test-ip4 3 +set%d test-ip4 0 + element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ lookup reg 1 set set%d ] + +# ct expiration {33-55} +set%d test-ip4 7 +set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set set%d ] + +# ct helper "ftp" +ip test-ip4 output + [ ct load helper => reg 1 ] + [ cmp eq reg 1 0x00707466 0x00000000 0x00000000 0x00000000 ] + |