tests: validate generated netlink instructions

compare netlink instructions generated by given nft command line with recorded version. Example: udp dport 80 accept in ip family should look like ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00005000 ] [ immediate reg 0 accept ] This is stored in udp.t.payload.ip Other suffixes: .payload.ip6 .payload.inet .payload ('any') The test script first looks for 'testname.t.payload.$family', if that doesn't exist 'testname.t.payload' is used. This allows for family independent test (e.g. meta), where we don't expect/have any family specific expressions. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2015-07-10 11:56:31 +0200
committer: Florian Westphal <fw@strlen.de> 2015-07-20 17:26:37 +0200
commit: 0abfb2b7e01ca07efe1be16a1a5bd8925340dc41 (patch)
tree: 0b4b3f892c990e66f4a01a5d5ba15d3a9c720d47 /tests/regression/ip/ip.t.payload
parent: efd09355038d53fdd3841ab5ccae1543c4967daf (diff)
1 files changed, 337 insertions, 0 deletions
diff --git a/tests/regression/ip/ip.t.payload b/tests/regression/ip/ip.t.payload
new file mode 100644
index 00000000..18db172a
--- /dev/null
+++ b/tests/regression/ip/ip.t.payload
@@ -0,0 +1,337 @@
+# ip length 232
+ip test-ip4 input
+  [ payload load 2b @ network header + 2 => reg 1 ]
+  [ cmp eq reg 1 0x0000e800 ]
+
+# ip length != 233
+ip test-ip4 input
+  [ payload load 2b @ network header + 2 => reg 1 ]
+  [ cmp neq reg 1 0x0000e900 ]
+
+# ip length 333-435
+ip test-ip4 input
+  [ payload load 2b @ network header + 2 => reg 1 ]
+  [ cmp gte reg 1 0x00004d01 ]
+  [ cmp lte reg 1 0x0000b301 ]
+
+# ip length != 333-453
+ip test-ip4 input
+  [ payload load 2b @ network header + 2 => reg 1 ]
+  [ cmp lt reg 1 0x00004d01 ]
+  [ cmp gt reg 1 0x0000c501 ]
+
+# ip length { 333, 553, 673, 838}
+set%d test-ip4 3
+set%d test-ip4 0
+	element 00004d01  : 0 [end]	element 00002902  : 0 [end]	element 0000a102  : 0 [end]	element 00004603  : 0 [end]
+ip test-ip4 input
+  [ payload load 2b @ network header + 2 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip length { 333-535}
+set%d test-ip4 7
+set%d test-ip4 0
+	element 00000000  : 1 [end]	element 00004d01  : 0 [end]	element 00001802  : 1 [end]
+ip test-ip4 input
+  [ payload load 2b @ network header + 2 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip id 22
+ip test-ip4 input
+  [ payload load 2b @ network header + 4 => reg 1 ]
+  [ cmp eq reg 1 0x00001600 ]
+
+# ip id != 233
+ip test-ip4 input
+  [ payload load 2b @ network header + 4 => reg 1 ]
+  [ cmp neq reg 1 0x0000e900 ]
+
+# ip id 33-45
+ip test-ip4 input
+  [ payload load 2b @ network header + 4 => reg 1 ]
+  [ cmp gte reg 1 0x00002100 ]
+  [ cmp lte reg 1 0x00002d00 ]
+
+# ip id != 33-45
+ip test-ip4 input
+  [ payload load 2b @ network header + 4 => reg 1 ]
+  [ cmp lt reg 1 0x00002100 ]
+  [ cmp gt reg 1 0x00002d00 ]
+
+# ip id { 33, 55, 67, 88}
+set%d test-ip4 3
+set%d test-ip4 0
+	element 00002100  : 0 [end]	element 00003700  : 0 [end]	element 00004300  : 0 [end]	element 00005800  : 0 [end]
+ip test-ip4 input
+  [ payload load 2b @ network header + 4 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip id { 33-55}
+set%d test-ip4 7
+set%d test-ip4 0
+	element 00000000  : 1 [end]	element 00002100  : 0 [end]	element 00003800  : 1 [end]
+ip test-ip4 input
+  [ payload load 2b @ network header + 4 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip frag-off 222 accept
+ip test-ip4 input
+  [ payload load 2b @ network header + 6 => reg 1 ]
+  [ cmp eq reg 1 0x0000de00 ]
+  [ immediate reg 0 accept ]
+
+# ip frag-off != 233
+ip test-ip4 input
+  [ payload load 2b @ network header + 6 => reg 1 ]
+  [ cmp neq reg 1 0x0000e900 ]
+
+# ip frag-off 33-45
+ip test-ip4 input
+  [ payload load 2b @ network header + 6 => reg 1 ]
+  [ cmp gte reg 1 0x00002100 ]
+  [ cmp lte reg 1 0x00002d00 ]
+
+# ip frag-off != 33-45
+ip test-ip4 input
+  [ payload load 2b @ network header + 6 => reg 1 ]
+  [ cmp lt reg 1 0x00002100 ]
+  [ cmp gt reg 1 0x00002d00 ]
+
+# ip frag-off { 33, 55, 67, 88}
+set%d test-ip4 3
+set%d test-ip4 0
+	element 00002100  : 0 [end]	element 00003700  : 0 [end]	element 00004300  : 0 [end]	element 00005800  : 0 [end]
+ip test-ip4 input
+  [ payload load 2b @ network header + 6 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip frag-off { 33-55}
+set%d test-ip4 7
+set%d test-ip4 0
+	element 00000000  : 1 [end]	element 00002100  : 0 [end]	element 00003800  : 1 [end]
+ip test-ip4 input
+  [ payload load 2b @ network header + 6 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip ttl 0 drop
+ip test-ip4 input
+  [ payload load 1b @ network header + 8 => reg 1 ]
+  [ cmp eq reg 1 0x00000000 ]
+  [ immediate reg 0 drop ]
+
+# ip ttl 233 log
+ip test-ip4 input
+  [ payload load 1b @ network header + 8 => reg 1 ]
+  [ cmp eq reg 1 0x000000e9 ]
+  [ log prefix (null) ]
+
+# ip ttl 33-55
+ip test-ip4 input
+  [ payload load 1b @ network header + 8 => reg 1 ]
+  [ cmp gte reg 1 0x00000021 ]
+  [ cmp lte reg 1 0x00000037 ]
+
+# ip ttl != 45-50
+ip test-ip4 input
+  [ payload load 1b @ network header + 8 => reg 1 ]
+  [ cmp lt reg 1 0x0000002d ]
+  [ cmp gt reg 1 0x00000032 ]
+
+# ip ttl {43, 53, 45 }
+set%d test-ip4 3
+set%d test-ip4 0
+	element 0000002b  : 0 [end]	element 00000035  : 0 [end]	element 0000002d  : 0 [end]
+ip test-ip4 input
+  [ payload load 1b @ network header + 8 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip ttl { 33-55}
+set%d test-ip4 7
+set%d test-ip4 0
+	element 00000000  : 1 [end]	element 00000021  : 0 [end]	element 00000038  : 1 [end]
+ip test-ip4 input
+  [ payload load 1b @ network header + 8 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip protocol tcp log
+ip test-ip4 input
+  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ cmp eq reg 1 0x00000006 ]
+  [ log prefix (null) ]
+
+# ip protocol != tcp log
+ip test-ip4 input
+  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ cmp neq reg 1 0x00000006 ]
+  [ log prefix (null) ]
+
+# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept
+set%d test-ip4 3
+set%d test-ip4 0
+	element 00000001  : 0 [end]	element 00000032  : 0 [end]	element 00000033  : 0 [end]	element 0000006c  : 0 [end]	element 00000011  : 0 [end]	element 00000088  : 0 [end]	element 00000006  : 0 [end]	element 00000021  : 0 [end]	element 00000084  : 0 [end]
+ip test-ip4 input
+  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+  [ immediate reg 0 accept ]
+
+# ip checksum 13172 drop
+ip test-ip4 input
+  [ payload load 2b @ network header + 10 => reg 1 ]
+  [ cmp eq reg 1 0x00007433 ]
+  [ immediate reg 0 drop ]
+
+# ip checksum 22
+ip test-ip4 input
+  [ payload load 2b @ network header + 10 => reg 1 ]
+  [ cmp eq reg 1 0x00001600 ]
+
+# ip checksum != 233
+ip test-ip4 input
+  [ payload load 2b @ network header + 10 => reg 1 ]
+  [ cmp neq reg 1 0x0000e900 ]
+
+# ip checksum 33-45
+ip test-ip4 input
+  [ payload load 2b @ network header + 10 => reg 1 ]
+  [ cmp gte reg 1 0x00002100 ]
+  [ cmp lte reg 1 0x00002d00 ]
+
+# ip checksum != 33-45
+ip test-ip4 input
+  [ payload load 2b @ network header + 10 => reg 1 ]
+  [ cmp lt reg 1 0x00002100 ]
+  [ cmp gt reg 1 0x00002d00 ]
+
+# ip checksum { 33, 55, 67, 88}
+set%d test-ip4 3
+set%d test-ip4 0
+	element 00002100  : 0 [end]	element 00003700  : 0 [end]	element 00004300  : 0 [end]	element 00005800  : 0 [end]
+ip test-ip4 input
+  [ payload load 2b @ network header + 10 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip checksum { 33-55}
+set%d test-ip4 7
+set%d test-ip4 0
+	element 00000000  : 1 [end]	element 00002100  : 0 [end]	element 00003800  : 1 [end]
+ip test-ip4 input
+  [ payload load 2b @ network header + 10 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip saddr 192.168.2.0/24
+ip test-ip4 input
+  [ payload load 4b @ network header + 12 => reg 1 ]
+  [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
+  [ cmp eq reg 1 0x0002a8c0 ]
+
+# ip saddr != 192.168.2.0/24
+ip test-ip4 input
+  [ payload load 4b @ network header + 12 => reg 1 ]
+  [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
+  [ cmp neq reg 1 0x0002a8c0 ]
+
+# ip saddr 192.168.3.1 ip daddr 192.168.3.100
+ip test-ip4 input
+  [ payload load 8b @ network header + 12 => reg 1 ]
+  [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ]
+
+# ip saddr != 1.1.1.1 log prefix giuseppe
+ip test-ip4 input
+  [ payload load 4b @ network header + 12 => reg 1 ]
+  [ cmp neq reg 1 0x01010101 ]
+  [ log prefix giuseppe ]
+
+# ip saddr 1.1.1.1 log prefix example group 1
+ip test-ip4 input
+  [ payload load 4b @ network header + 12 => reg 1 ]
+  [ cmp eq reg 1 0x01010101 ]
+  [ log prefix example group 1 snaplen 0 qthreshold 0]
+
+# ip daddr 192.168.0.1-192.168.0.250
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ cmp gte reg 1 0x0100a8c0 ]
+  [ cmp lte reg 1 0xfa00a8c0 ]
+
+# ip daddr 10.0.0.0-10.255.255.255
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ cmp gte reg 1 0x0000000a ]
+  [ cmp lte reg 1 0xffffff0a ]
+
+# ip daddr 172.16.0.0-172.31.255.255
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ cmp gte reg 1 0x000010ac ]
+  [ cmp lte reg 1 0xffff1fac ]
+
+# ip daddr 192.168.3.1-192.168.4.250
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ cmp gte reg 1 0x0103a8c0 ]
+  [ cmp lte reg 1 0xfa04a8c0 ]
+
+# ip daddr != 192.168.0.1-192.168.0.250
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ cmp lt reg 1 0x0100a8c0 ]
+  [ cmp gt reg 1 0xfa00a8c0 ]
+
+# ip daddr { 192.168.0.1-192.168.0.250}
+set%d test-ip4 7
+set%d test-ip4 0
+	element 00000000  : 1 [end]	element 0100a8c0  : 0 [end]	element fb00a8c0  : 1 [end]
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+
+# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept
+set%d test-ip4 3
+set%d test-ip4 0
+	element 0105a8c0  : 0 [end]	element 0205a8c0  : 0 [end]	element 0305a8c0  : 0 [end]
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ lookup reg 1 set set%d ]
+  [ immediate reg 0 accept ]
+
+# ip daddr 192.168.1.2-192.168.1.55
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ cmp gte reg 1 0x0201a8c0 ]
+  [ cmp lte reg 1 0x3701a8c0 ]
+
+# ip daddr != 192.168.1.2-192.168.1.55
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ cmp lt reg 1 0x0201a8c0 ]
+  [ cmp gt reg 1 0x3701a8c0 ]
+
+# ip saddr 192.168.1.3-192.168.33.55
+ip test-ip4 input
+  [ payload load 4b @ network header + 12 => reg 1 ]
+  [ cmp gte reg 1 0x0301a8c0 ]
+  [ cmp lte reg 1 0x3721a8c0 ]
+
+# ip saddr != 192.168.1.3-192.168.33.55
+ip test-ip4 input
+  [ payload load 4b @ network header + 12 => reg 1 ]
+  [ cmp lt reg 1 0x0301a8c0 ]
+  [ cmp gt reg 1 0x3721a8c0 ]
+
+# ip daddr 192.168.0.1
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ cmp eq reg 1 0x0100a8c0 ]
+
+# ip daddr 192.168.0.1 drop
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ cmp eq reg 1 0x0100a8c0 ]
+  [ immediate reg 0 drop ]
+
+# ip daddr 192.168.0.2 log
+ip test-ip4 input
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ cmp eq reg 1 0x0200a8c0 ]
+  [ log prefix (null) ]
+
author	Florian Westphal <fw@strlen.de>	2015-07-10 11:56:31 +0200
committer	Florian Westphal <fw@strlen.de>	2015-07-20 17:26:37 +0200
commit	0abfb2b7e01ca07efe1be16a1a5bd8925340dc41 (patch)
tree	0b4b3f892c990e66f4a01a5d5ba15d3a9c720d47 /tests/regression/ip/ip.t.payload
parent	efd09355038d53fdd3841ab5ccae1543c4967daf (diff)