summaryrefslogtreecommitdiffstats
path: root/tests/py/any/tcpopt.t
Commit message (Collapse)AuthorAgeFilesLines
* src: add tcp option reset supportFlorian Westphal2022-02-281-0/+6
| | | | | | | This allows to replace a tcp option with nops, similar to the TCPOPTSTRIP feature of iptables. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: py: add tcp subtype match test casesFlorian Westphal2021-12-011-0/+4
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: py: add test cases for md5sig, fastopen and mptcp mnemonicsFlorian Westphal2021-12-011-0/+4
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: remove KIND keywordFlorian Westphal2021-12-011-7/+6
| | | | | | | | | | | | | | | | tcp option <foo> kind ... never makes any sense, as "tcp option <foo>" already tells the kernel to look for the foo <kind>. "tcp option sack kind 5" matches if the sack option is present; its a more complicated form of the simpler "tcp option sack exists". "tcp option sack kind 1" (or any other value than 5) will never match. So remove this. Test cases are converted to "exists". Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: bogus assertion on undefined optionsPablo Neira Ayuso2021-08-111-0/+1
| | | | | | | | | | # nft add rule x y tcp option 6 exists # nft list ruleset nft: tcpopt.c:208: tcpopt_init_raw: Assertion `expr->exthdr.desc != NULL' failed. Aborted Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1557 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: Add a test sanitizer and fix its findingsPhil Sutter2021-02-041-1/+0
| | | | | | | | | | | | | | | | This is just basic housekeeping: - Remove duplicate tests in any of the *.t files - Remove explicit output if equal to command itself in *.t files - Remove duplicate payload records in any of the *.t.payload* files - Remove stale payload records (for which no commands exist in the respective *.t file - Remove duplicate/stale entries in any of the *.t.json files In some cases, tests were added instead of removing a stale payload record if it fit nicely into the sequence of tests. Signed-off-by: Phil Sutter <phil@nwl.cc>
* tcp: add raw tcp option match supportFlorian Westphal2020-11-091-0/+2
| | | | | | tcp option @42,16,4 (@kind,offset,length). Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: allow to check for presence of any tcp optionFlorian Westphal2020-11-091-0/+2
| | | | | | | | | | | | | nft currently doesn't allow to check for presence of arbitrary tcp options. Only known options where nft provides a template can be tested for. This allows to test for presence of raw protocol values as well. Example: tcp option 42 exists Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: rename noop to nopFlorian Westphal2020-11-091-1/+1
| | | | | | | 'nop' is the tcp padding "option". "noop" is retained for compatibility on parser side. Signed-off-by: Florian Westphal <fw@strlen.de>
* parser: merge sack-perm/sack-permitted and maxseg/mssFlorian Westphal2020-11-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | One was added by the tcp option parsing ocde, the other by synproxy. So we have: synproxy ... sack-perm synproxy ... mss and tcp option maxseg tcp option sack-permitted This kills the extra tokens on the scanner/parser side, so sack-perm and sack-permitted can both be used. Likewise, 'synproxy maxseg' and 'tcp option mss size 42' will work too. On the output side, the shorter form is now preferred, i.e. sack-perm and mss. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests/py: Move tcpopt.t to any/ directoryPhil Sutter2020-03-101-0/+45
Merge tcpopt.t files in ip, ip6 and inet into a common one, they were just marignally different. Signed-off-by: Phil Sutter <phil@nwl.cc>