summaryrefslogtreecommitdiffstats
path: root/tests/py/any/tcpopt.t.json
Commit message (Collapse)AuthorAgeFilesLines
* tests: py: Fix some JSON equivalentsPhil Sutter13 days1-2/+2
| | | | | | | | | | | | Make sure they match the standard syntax input as much as possible. For some reason inet/tcp.t.json was using plain arrays in place of binary OR expressions in many cases. These arrays are interpreted as list expressions, which seems to be semantically identical but the goal here is to present an accurate equivalent to the rule in standard syntax. Signed-off-by: Phil Sutter <phil@nwl.cc>
* src: add tcp option reset supportFlorian Westphal2022-02-281-0/+35
| | | | | | | This allows to replace a tcp option with nops, similar to the TCPOPTSTRIP feature of iptables. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: py: add tcp subtype match test casesFlorian Westphal2021-12-011-0/+53
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: py: add test cases for md5sig, fastopen and mptcp mnemonicsFlorian Westphal2021-12-011-0/+45
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: remove KIND keywordFlorian Westphal2021-12-011-43/+20
| | | | | | | | | | | | | | | | tcp option <foo> kind ... never makes any sense, as "tcp option <foo>" already tells the kernel to look for the foo <kind>. "tcp option sack kind 5" matches if the sack option is present; its a more complicated form of the simpler "tcp option sack exists". "tcp option sack kind 1" (or any other value than 5) will never match. So remove this. Test cases are converted to "exists". Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: bogus assertion on undefined optionsPablo Neira Ayuso2021-08-111-0/+17
| | | | | | | | | | # nft add rule x y tcp option 6 exists # nft list ruleset nft: tcpopt.c:208: tcpopt_init_raw: Assertion `expr->exthdr.desc != NULL' failed. Aborted Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1557 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* json: tcp: add raw tcp option match supportFlorian Westphal2020-11-091-0/+34
| | | | | | | | | To similar change as in previous one, this time for the jason (de)serialization. Re-uses the raw payload match syntax, i.e. base,offset,length. Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: rename noop to nopFlorian Westphal2020-11-091-2/+2
| | | | | | | 'nop' is the tcp padding "option". "noop" is retained for compatibility on parser side. Signed-off-by: Florian Westphal <fw@strlen.de>
* parser: merge sack-perm/sack-permitted and maxseg/mssFlorian Westphal2020-11-091-4/+4
| | | | | | | | | | | | | | | | | | | | | | One was added by the tcp option parsing ocde, the other by synproxy. So we have: synproxy ... sack-perm synproxy ... mss and tcp option maxseg tcp option sack-permitted This kills the extra tokens on the scanner/parser side, so sack-perm and sack-permitted can both be used. Likewise, 'synproxy maxseg' and 'tcp option mss size 42' will work too. On the output side, the shorter form is now preferred, i.e. sack-perm and mss. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests/py: Move tcpopt.t to any/ directoryPhil Sutter2020-03-101-0/+461
Merge tcpopt.t files in ip, ip6 and inet into a common one, they were just marignally different. Signed-off-by: Phil Sutter <phil@nwl.cc>