diff options
-rw-r--r-- | src/evaluate.c | 18 | ||||
-rw-r--r-- | tests/py/ip6/frag.t (renamed from tests/py/any/frag.t) | 4 | ||||
-rw-r--r-- | tests/py/ip6/frag.t.payload.ip6 (renamed from tests/py/any/frag.t.payload) | 56 |
3 files changed, 45 insertions, 33 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index a49cdd93..47a1f8ca 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -343,6 +343,21 @@ conflict_resolution_gen_dependency(struct eval_ctx *ctx, int protocol, return 0; } +/* + * Exthdr expression: check whether dependencies are fulfilled. + */ +static int expr_evaluate_exthdr(struct eval_ctx *ctx, struct expr **expr) +{ + const struct proto_desc *base; + + base = ctx->pctx.protocol[PROTO_BASE_NETWORK_HDR].desc; + if (base == &proto_ip6) + return expr_evaluate_primary(ctx, expr); + + return expr_error(ctx->msgs, *expr, + "exthdr can only be used with ipv6"); +} + /* dependency supersede. * * 'inet' is a 'phony' l2 dependeny used by NFPROTO_INET to fulfill network @@ -1320,8 +1335,9 @@ static int expr_evaluate(struct eval_ctx *ctx, struct expr **expr) return 0; case EXPR_VALUE: return expr_evaluate_value(ctx, expr); - case EXPR_VERDICT: case EXPR_EXTHDR: + return expr_evaluate_exthdr(ctx, expr); + case EXPR_VERDICT: case EXPR_META: return expr_evaluate_primary(ctx, expr); case EXPR_PAYLOAD: diff --git a/tests/py/any/frag.t b/tests/py/ip6/frag.t index 8b5e34ab..56801ed8 100644 --- a/tests/py/any/frag.t +++ b/tests/py/ip6/frag.t @@ -1,12 +1,8 @@ :output;type filter hook output priority 0 :ingress;type filter hook ingress device lo priority 0 -*ip;test-ip4;output *ip6;test-ip6;output *inet;test-inet;output -*arp;test-arp;output -*bridge;test-bridge;output -*netdev;test-netdev;ingress frag nexthdr tcp;ok;frag nexthdr 6 frag nexthdr != icmp;ok;frag nexthdr != 1 diff --git a/tests/py/any/frag.t.payload b/tests/py/ip6/frag.t.payload.ip6 index a91ab3fa..f2d04b6b 100644 --- a/tests/py/any/frag.t.payload +++ b/tests/py/ip6/frag.t.payload.ip6 @@ -1,109 +1,109 @@ # frag nexthdr tcp -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 0 => reg 1 ] [ cmp eq reg 1 0x00000006 ] # frag nexthdr != icmp -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 0 => reg 1 ] [ cmp neq reg 1 0x00000001 ] # frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp} -set%d test-ip4 3 -set%d test-ip4 0 +set%d test-ip6 3 +set%d test-ip6 0 element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 0 => reg 1 ] [ lookup reg 1 set set%d ] # frag nexthdr esp -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 0 => reg 1 ] [ cmp eq reg 1 0x00000032 ] # frag nexthdr ah -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 0 => reg 1 ] [ cmp eq reg 1 0x00000033 ] # frag reserved 22 -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 1 => reg 1 ] [ cmp eq reg 1 0x00000016 ] # frag reserved != 233 -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 1 => reg 1 ] [ cmp neq reg 1 0x000000e9 ] # frag reserved 33-45 -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 1 => reg 1 ] [ cmp gte reg 1 0x00000021 ] [ cmp lte reg 1 0x0000002d ] # frag reserved != 33-45 -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 1 => reg 1 ] [ cmp lt reg 1 0x00000021 ] [ cmp gt reg 1 0x0000002d ] # frag reserved { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 +set%d test-ip6 3 +set%d test-ip6 0 element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end] -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 1 => reg 1 ] [ lookup reg 1 set set%d ] # frag reserved { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 +set%d test-ip6 7 +set%d test-ip6 0 element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 1b @ 44 + 1 => reg 1 ] [ lookup reg 1 set set%d ] # frag id 1 -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 4b @ 44 + 4 => reg 1 ] [ cmp eq reg 1 0x01000000 ] # frag id 22 -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 4b @ 44 + 4 => reg 1 ] [ cmp eq reg 1 0x16000000 ] # frag id != 33 -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 4b @ 44 + 4 => reg 1 ] [ cmp neq reg 1 0x21000000 ] # frag id 33-45 -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 4b @ 44 + 4 => reg 1 ] [ cmp gte reg 1 0x21000000 ] [ cmp lte reg 1 0x2d000000 ] # frag id != 33-45 -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 4b @ 44 + 4 => reg 1 ] [ cmp lt reg 1 0x21000000 ] [ cmp gt reg 1 0x2d000000 ] # frag id { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 +set%d test-ip6 3 +set%d test-ip6 0 element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 4b @ 44 + 4 => reg 1 ] [ lookup reg 1 set set%d ] # frag id { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 +set%d test-ip6 7 +set%d test-ip6 0 element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 output +ip6 test-ip6 output [ exthdr load 4b @ 44 + 4 => reg 1 ] [ lookup reg 1 set set%d ] |