diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2023-03-17 10:16:48 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-03-28 10:26:34 +0200 |
commit | 8221d86e616bdd5e9828c3eefb7cfb9abc3d211a (patch) | |
tree | ca2efe4991e9948aeac944d7be8282b5d8653c99 /tests | |
parent | 6696599e104098b61e45f99d161275883885b199 (diff) |
tests: py: add test-cases for ct and packet mark payload expressions
Add new test-cases to verify that defining a rule that sets the ct or
packet mark to a value derived from a payload works correctly.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/py/ip/ct.t | 2 | ||||
-rw-r--r-- | tests/py/ip/ct.t.json | 58 | ||||
-rw-r--r-- | tests/py/ip/ct.t.payload | 18 | ||||
-rw-r--r-- | tests/py/ip/meta.t | 3 | ||||
-rw-r--r-- | tests/py/ip/meta.t.json | 58 | ||||
-rw-r--r-- | tests/py/ip/meta.t.payload | 17 | ||||
-rw-r--r-- | tests/py/ip6/ct.t | 6 | ||||
-rw-r--r-- | tests/py/ip6/ct.t.json | 221 | ||||
-rw-r--r-- | tests/py/ip6/ct.t.payload | 19 | ||||
-rw-r--r-- | tests/py/ip6/meta.t | 3 | ||||
-rw-r--r-- | tests/py/ip6/meta.t.json | 58 | ||||
-rw-r--r-- | tests/py/ip6/meta.t.payload | 20 |
12 files changed, 483 insertions, 0 deletions
diff --git a/tests/py/ip/ct.t b/tests/py/ip/ct.t index a387863e..eea9fd4e 100644 --- a/tests/py/ip/ct.t +++ b/tests/py/ip/ct.t @@ -28,3 +28,5 @@ meta mark set ct original saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x00000 meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e };ok ct original saddr . meta mark { 1.1.1.1 . 0x00000014 };fail ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 };ok +ct mark set ip dscp << 2 | 0x10;ok +ct mark set ip dscp << 26 | 0x10;ok diff --git a/tests/py/ip/ct.t.json b/tests/py/ip/ct.t.json index 3288413f..e739b5f6 100644 --- a/tests/py/ip/ct.t.json +++ b/tests/py/ip/ct.t.json @@ -325,3 +325,61 @@ } } ] + +# ct mark set ip dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] diff --git a/tests/py/ip/ct.t.payload b/tests/py/ip/ct.t.payload index 49f06a84..45dba339 100644 --- a/tests/py/ip/ct.t.payload +++ b/tests/py/ip/ct.t.payload @@ -84,3 +84,21 @@ ip [ ct load src_ip => reg 1 , dir original ] [ meta load mark => reg 9 ] [ lookup reg 1 set __set%d ] + +# ct mark set ip dscp << 2 | 0x10 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp << 26 | 0x10 +ip + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] diff --git a/tests/py/ip/meta.t b/tests/py/ip/meta.t index 85eaf54c..a88a6145 100644 --- a/tests/py/ip/meta.t +++ b/tests/py/ip/meta.t @@ -17,3 +17,6 @@ meta sdif "lo" accept;ok meta sdifname != "vrf1" accept;ok meta mark set ip dscp;ok + +meta mark set ip dscp << 2 | 0x10;ok +meta mark set ip dscp << 26 | 0x10;ok diff --git a/tests/py/ip/meta.t.json b/tests/py/ip/meta.t.json index a93d7e78..25936dba 100644 --- a/tests/py/ip/meta.t.json +++ b/tests/py/ip/meta.t.json @@ -176,3 +176,61 @@ } ] +# meta mark set ip dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + + +# meta mark set ip dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] diff --git a/tests/py/ip/meta.t.payload b/tests/py/ip/meta.t.payload index 1aa8d003..880ac5d6 100644 --- a/tests/py/ip/meta.t.payload +++ b/tests/py/ip/meta.t.payload @@ -59,3 +59,20 @@ ip test-ip4 input [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] [ meta set mark with reg 1 ] +# meta mark set ip dscp << 2 | 0x10 +ip test-ip4 input + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ meta set mark with reg 1 ] + +# meta mark set ip dscp << 26 | 0x10 +ip + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ meta set mark with reg 1 ] diff --git a/tests/py/ip6/ct.t b/tests/py/ip6/ct.t new file mode 100644 index 00000000..da69b7a9 --- /dev/null +++ b/tests/py/ip6/ct.t @@ -0,0 +1,6 @@ +:output;type filter hook output priority 0 + +*ip6;test-ip6;output + +ct mark set ip6 dscp << 2 | 0x10;ok +ct mark set ip6 dscp << 26 | 0x10;ok diff --git a/tests/py/ip6/ct.t.json b/tests/py/ip6/ct.t.json new file mode 100644 index 00000000..7579a65e --- /dev/null +++ b/tests/py/ip6/ct.t.json @@ -0,0 +1,221 @@ +# ct mark set ip6 dscp lshift 2 or 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp lshift 26 or 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp | 0x04 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 4 + ] + } + } + } +] + +# ct mark set ip6 dscp | 0xff000000 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 4278190080 + ] + } + } + } +] + +# ct mark set ip6 dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip6 dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] diff --git a/tests/py/ip6/ct.t.payload b/tests/py/ip6/ct.t.payload new file mode 100644 index 00000000..00768dae --- /dev/null +++ b/tests/py/ip6/ct.t.payload @@ -0,0 +1,19 @@ +# ct mark set ip6 dscp << 2 | 0x10 +ip6 test-ip6 output + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ byteorder reg 1 = ntoh(reg 1, 2, 1) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] + +# ct mark set ip6 dscp << 26 | 0x10 +ip6 test-ip6 output + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ byteorder reg 1 = ntoh(reg 1, 2, 1) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] diff --git a/tests/py/ip6/meta.t b/tests/py/ip6/meta.t index 471e1481..c177b081 100644 --- a/tests/py/ip6/meta.t +++ b/tests/py/ip6/meta.t @@ -14,3 +14,6 @@ meta protocol ip6 udp dport 67;ok;udp dport 67 meta sdif "lo" accept;ok meta sdifname != "vrf1" accept;ok + +meta mark set ip6 dscp << 2 | 0x10;ok +meta mark set ip6 dscp << 26 | 0x10;ok diff --git a/tests/py/ip6/meta.t.json b/tests/py/ip6/meta.t.json index 351320d7..5bd8b07b 100644 --- a/tests/py/ip6/meta.t.json +++ b/tests/py/ip6/meta.t.json @@ -194,3 +194,61 @@ } } ] + +# meta mark set ip6 dscp lshift 2 or 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# meta mark set ip6 dscp lshift 26 or 0x10 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] diff --git a/tests/py/ip6/meta.t.payload b/tests/py/ip6/meta.t.payload index 0e3db6ba..f0507dc4 100644 --- a/tests/py/ip6/meta.t.payload +++ b/tests/py/ip6/meta.t.payload @@ -60,3 +60,23 @@ ip6 test-ip6 input [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00004300 ] + +# meta mark set ip6 dscp << 2 | 0x10 +ip6 test-ip6 input + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ byteorder reg 1 = ntoh(reg 1, 2, 1) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ meta set mark with reg 1 ] + +# meta mark set ip6 dscp << 26 | 0x10 +ip6 test-ip6 input + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ byteorder reg 1 = ntoh(reg 1, 2, 1) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ meta set mark with reg 1 ] |