From 6b29a5bebb957387fe1aac8fcbfd431e6be237f0 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Fri, 11 Dec 2015 11:10:14 +0100 Subject: tests/: rearrange tests directory Rearrange the directory to obtain a better organization of files and tests-suites. We end with a tree like this: tests | .--- py .--- shell .--- files This was suggested by Pablo. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- tests/regression/ip/chains.t | 15 - tests/regression/ip/dnat.t | 15 - tests/regression/ip/dnat.t.payload.ip | 69 ----- tests/regression/ip/dup.t | 6 - tests/regression/ip/dup.t.payload | 21 -- tests/regression/ip/ether.t | 8 - tests/regression/ip/ether.t.payload | 50 --- tests/regression/ip/icmp.t | 93 ------ tests/regression/ip/icmp.t.payload.ip | 463 ---------------------------- tests/regression/ip/ip.t | 117 ------- tests/regression/ip/ip.t.payload | 386 ----------------------- tests/regression/ip/ip.t.payload.inet | 506 ------------------------------- tests/regression/ip/masquerade.t | 25 -- tests/regression/ip/masquerade.t.payload | 127 -------- tests/regression/ip/redirect.t | 45 --- tests/regression/ip/redirect.t.payload | 201 ------------ tests/regression/ip/reject.t | 14 - tests/regression/ip/reject.t.payload | 32 -- tests/regression/ip/sets.t | 30 -- tests/regression/ip/sets.t.payload.inet | 16 - tests/regression/ip/sets.t.payload.ip | 12 - tests/regression/ip/snat.t | 12 - tests/regression/ip/snat.t.payload | 50 --- 23 files changed, 2313 deletions(-) delete mode 100644 tests/regression/ip/chains.t delete mode 100644 tests/regression/ip/dnat.t delete mode 100644 tests/regression/ip/dnat.t.payload.ip delete mode 100644 tests/regression/ip/dup.t delete mode 100644 tests/regression/ip/dup.t.payload delete mode 100644 tests/regression/ip/ether.t delete mode 100644 tests/regression/ip/ether.t.payload delete mode 100644 tests/regression/ip/icmp.t delete mode 100644 tests/regression/ip/icmp.t.payload.ip delete mode 100644 tests/regression/ip/ip.t delete mode 100644 tests/regression/ip/ip.t.payload delete mode 100644 tests/regression/ip/ip.t.payload.inet delete mode 100644 tests/regression/ip/masquerade.t delete mode 100644 tests/regression/ip/masquerade.t.payload delete mode 100644 tests/regression/ip/redirect.t delete mode 100644 tests/regression/ip/redirect.t.payload delete mode 100644 tests/regression/ip/reject.t delete mode 100644 tests/regression/ip/reject.t.payload delete mode 100644 tests/regression/ip/sets.t delete mode 100644 tests/regression/ip/sets.t.payload.inet delete mode 100644 tests/regression/ip/sets.t.payload.ip delete mode 100644 tests/regression/ip/snat.t delete mode 100644 tests/regression/ip/snat.t.payload (limited to 'tests/regression/ip') diff --git a/tests/regression/ip/chains.t b/tests/regression/ip/chains.t deleted file mode 100644 index 8edf62b5..00000000 --- a/tests/regression/ip/chains.t +++ /dev/null @@ -1,15 +0,0 @@ -*ip;test-ip4 - -# filter chains available are: input, output, forward, prerouting, postrouting -:filter-input;type filter hook input priority 0 -:filter-pre;type filter hook prerouting priority 0 -:filter-forw;type filter hook forward priority 0 -:filter-out;type filter hook output priority 0 -:filter-post;type filter hook postrouting priority 0 -# nat chains available are: input, output, prerouting, postrouting -:nat-input-t;type nat hook input priority 0 -:nat-pre-t;type nat hook prerouting priority 0 -:nat-out-t;type nat hook output priority 0 -:nat-post-t;type nat hook postrouting priority 0 -# route chain available are: output -:route-out-t;type route hook output priority 0 diff --git a/tests/regression/ip/dnat.t b/tests/regression/ip/dnat.t deleted file mode 100644 index cdb78116..00000000 --- a/tests/regression/ip/dnat.t +++ /dev/null @@ -1,15 +0,0 @@ -*ip;test-ip4 -:prerouting;type nat hook prerouting priority 0 - -iifname "eth0" tcp dport 80-90 dnat 192.168.3.2;ok -iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2;ok -iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2;ok - -dnat ct mark map { 0x00000014 : 1.2.3.4};ok -dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok diff --git a/tests/regression/ip/dnat.t.payload.ip b/tests/regression/ip/dnat.t.payload.ip deleted file mode 100644 index 026e8719..00000000 --- a/tests/regression/ip/dnat.t.payload.ip +++ /dev/null @@ -1,69 +0,0 @@ -# iifname "eth0" tcp dport 80-90 dnat 192.168.3.2 -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2 -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00005000 ] - [ cmp gt reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2 -set%d test-ip4 3 -set%d test-ip4 0 - element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2 -ip test-ip4 prerouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002200 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# dnat ct mark map { 0x00000014 : 1.2.3.4} -map%d test-ip4 b -map%d test-ip4 0 - element 00000014 : 04030201 0 [end] -ip test-ip4 prerouting - [ ct load mark => reg 1 ] - [ lookup reg 1 set map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - -# dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} -map%d test-ip4 b -map%d test-ip4 0 - element 00000014 01010101 : 04030201 0 [end] -ip test-ip4 output - [ ct load mark => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ lookup reg 1 set map%d dreg 1 ] - [ nat dnat ip addr_min reg 1 addr_max reg 0 ] - diff --git a/tests/regression/ip/dup.t b/tests/regression/ip/dup.t deleted file mode 100644 index 9320d546..00000000 --- a/tests/regression/ip/dup.t +++ /dev/null @@ -1,6 +0,0 @@ -*ip;test-ip4 -:input;type filter hook input priority 0 - -dup to 192.168.2.1;ok -dup to 192.168.2.1 device eth0;ok -dup to ip saddr map { 192.168.2.120 : 192.168.2.1 } device eth0;ok diff --git a/tests/regression/ip/dup.t.payload b/tests/regression/ip/dup.t.payload deleted file mode 100644 index 7928d5d5..00000000 --- a/tests/regression/ip/dup.t.payload +++ /dev/null @@ -1,21 +0,0 @@ -# dup to 192.168.2.1 -ip test-ip4 test - [ immediate reg 1 0x0102a8c0 ] - [ dup sreg_addr 1 ] - -# dup to 192.168.2.1 device eth0 -ip test-ip4 test - [ immediate reg 1 0x0102a8c0 ] - [ immediate reg 2 0x00000002 ] - [ dup sreg_addr 1 sreg_dev 2 ] - -# dup to ip saddr map { 192.168.2.120 : 192.168.2.1 } device eth0 -map%d test-ip4 b -map%d test-ip4 0 - element 7802a8c0 : 0102a8c0 0 [end] -ip test-ip4 test - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set map%d dreg 1 ] - [ immediate reg 2 0x00000002 ] - [ dup sreg_addr 1 sreg_dev 2 ] - diff --git a/tests/regression/ip/ether.t b/tests/regression/ip/ether.t deleted file mode 100644 index 4d30f51c..00000000 --- a/tests/regression/ip/ether.t +++ /dev/null @@ -1,8 +0,0 @@ -*ip;test-ip - -:input;type filter hook input priority 0 - -tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 accept -tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok -tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok -ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok diff --git a/tests/regression/ip/ether.t.payload b/tests/regression/ip/ether.t.payload deleted file mode 100644 index 0d234dab..00000000 --- a/tests/regression/ip/ether.t.payload +++ /dev/null @@ -1,50 +0,0 @@ -# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept -ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ immediate reg 0 accept ] - -# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 -ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - -# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 -ip test-ip input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - -# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept -ip test-ip input - [ meta load iiftype => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 6b @ link header + 6 => reg 1 ] - [ cmp eq reg 1 0x0c540f00 0x00000411 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x04030201 ] - [ immediate reg 0 accept ] - diff --git a/tests/regression/ip/icmp.t b/tests/regression/ip/icmp.t deleted file mode 100644 index bd00f5ca..00000000 --- a/tests/regression/ip/icmp.t +++ /dev/null @@ -1,93 +0,0 @@ -*ip;test-ip4 -# BUG: There is a bug with icmp protocol and inet family. -# *inet;test-inet -:input;type filter hook input priority 0 - -icmp type echo-reply accept;ok -icmp type destination-unreachable accept;ok -icmp type source-quench accept;ok -icmp type redirect accept;ok -icmp type echo-request accept;ok -icmp type time-exceeded accept;ok -icmp type parameter-problem accept;ok -icmp type timestamp-request accept;ok -icmp type timestamp-reply accept;ok -icmp type info-request accept;ok -icmp type info-reply accept;ok -icmp type address-mask-request accept;ok -icmp type address-mask-reply accept;ok -icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept;ok -- icmp type != {echo-reply, destination-unreachable, source-quench};ok -# BUG: icmp type != {echo-reply, destination-unreachable, source-quench} -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp code 111 accept;ok -icmp code != 111 accept;ok -icmp code 33-55;ok -icmp code != 33-55;ok -icmp code { 33-55};ok -- icmp code != { 33-55};ok -icmp code { 2, 4, 54, 33, 56};ok -- icmp code != { 2, 4, 54, 33, 56};ok -# $ sudo nft add rule ip test input icmp code != {2, 4, 54, 33, 56} -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp checksum 12343 accept;ok -icmp checksum != 12343 accept;ok -icmp checksum 11-343 accept;ok -icmp checksum != 11-343 accept;ok -icmp checksum { 11-343} accept;ok -- icmp checksum != { 11-343} accept;ok -icmp checksum { 1111, 222, 343} accept;ok -- icmp checksum != { 1111, 222, 343} accept;ok -# BUG: invalid expression type set -# icmp checksum != { 1111, 222, 343} accept;ok -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp id 1245 log;ok -icmp id 22;ok -icmp id != 233;ok -icmp id 33-45;ok -icmp id != 33-45;ok -icmp id { 33-55};ok -- icmp id != { 33-55};ok -icmp id { 22, 34, 333};ok -- icmp id != { 22, 34, 333};ok -# BUG: invalid expression type set -# icmp id != { 22, 34, 333} -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -icmp sequence 22;ok -icmp sequence != 233;ok -icmp sequence 33-45;ok -icmp sequence != 33-45;ok -icmp sequence { 33, 55, 67, 88};ok -- icmp sequence != { 33, 55, 67, 88};ok -icmp sequence { 33-55};ok -- icmp sequence != { 33-55};ok - -icmp mtu 33;ok -icmp mtu 22-33;ok -icmp mtu { 22-33};ok -- icmp mtu != { 22-33};ok -icmp mtu 22;ok -icmp mtu != 233;ok -icmp mtu 33-45;ok -icmp mtu != 33-45;ok -icmp mtu { 33, 55, 67, 88};ok -- icmp mtu != { 33, 55, 67, 88};ok -icmp mtu { 33-55};ok -- icmp mtu != { 33-55};ok - -icmp gateway 22;ok -icmp gateway != 233;ok -icmp gateway 33-45;ok -icmp gateway != 33-45;ok -icmp gateway { 33, 55, 67, 88};ok -- icmp gateway != { 33, 55, 67, 88};ok -icmp gateway { 33-55};ok -- icmp gateway != { 33-55};ok -icmp gateway != 34;ok -- icmp gateway != { 333, 334};ok diff --git a/tests/regression/ip/icmp.t.payload.ip b/tests/regression/ip/icmp.t.payload.ip deleted file mode 100644 index a6071a65..00000000 --- a/tests/regression/ip/icmp.t.payload.ip +++ /dev/null @@ -1,463 +0,0 @@ -# icmp type echo-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - [ immediate reg 0 accept ] - -# icmp type destination-unreachable accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000003 ] - [ immediate reg 0 accept ] - -# icmp type source-quench accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] - [ immediate reg 0 accept ] - -# icmp type redirect accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000005 ] - [ immediate reg 0 accept ] - -# icmp type echo-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000008 ] - [ immediate reg 0 accept ] - -# icmp type time-exceeded accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000b ] - [ immediate reg 0 accept ] - -# icmp type parameter-problem accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000c ] - [ immediate reg 0 accept ] - -# icmp type timestamp-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000d ] - [ immediate reg 0 accept ] - -# icmp type timestamp-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000e ] - [ immediate reg 0 accept ] - -# icmp type info-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000000f ] - [ immediate reg 0 accept ] - -# icmp type info-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000010 ] - [ immediate reg 0 accept ] - -# icmp type address-mask-request accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ immediate reg 0 accept ] - -# icmp type address-mask-reply accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000012 ] - [ immediate reg 0 accept ] - -# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000000 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000008 : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end] element 0000000d : 0 [end] element 0000000e : 0 [end] element 0000000f : 0 [end] element 00000010 : 0 [end] element 00000011 : 0 [end] element 00000012 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 0 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmp code 111 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp eq reg 1 0x0000006f ] - [ immediate reg 0 accept ] - -# icmp code != 111 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp neq reg 1 0x0000006f ] - [ immediate reg 0 accept ] - -# icmp code 33-55 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x00000037 ] - -# icmp code != 33-55 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ cmp lt reg 1 0x00000021 ] - [ cmp gt reg 1 0x00000037 ] - -# icmp code { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp code { 2, 4, 54, 33, 56} -set%d test-ip4 3 -set%d test-ip4 0 - element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000036 : 0 [end] element 00000021 : 0 [end] element 00000038 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 1b @ transport header + 1 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp checksum 12343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003730 ] - [ immediate reg 0 accept ] - -# icmp checksum != 12343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp neq reg 1 0x00003730 ] - [ immediate reg 0 accept ] - -# icmp checksum 11-343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00000b00 ] - [ cmp lte reg 1 0x00005701 ] - [ immediate reg 0 accept ] - -# icmp checksum != 11-343 accept -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00000b00 ] - [ cmp gt reg 1 0x00005701 ] - [ immediate reg 0 accept ] - -# icmp checksum { 11-343} accept -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmp checksum { 1111, 222, 343} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# icmp id 1245 log -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x0000dd04 ] - [ log prefix (null) ] - -# icmp id 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# icmp id != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# icmp id 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmp id != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmp id { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp id { 22, 34, 333} -set%d test-ip4 3 -set%d test-ip4 0 - element 00001600 : 0 [end] element 00002200 : 0 [end] element 00004d01 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp sequence 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# icmp sequence != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# icmp sequence 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmp sequence != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmp sequence { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp sequence { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp mtu 33 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00002100 ] - -# icmp mtu 22-33 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00001600 ] - [ cmp lte reg 1 0x00002100 ] - -# icmp mtu { 22-33} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp mtu 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# icmp mtu != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# icmp mtu 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# icmp mtu != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# icmp mtu { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp mtu { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 2b @ transport header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp gateway 22 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp eq reg 1 0x16000000 ] - -# icmp gateway != 233 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0xe9000000 ] - -# icmp gateway 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp gte reg 1 0x21000000 ] - [ cmp lte reg 1 0x2d000000 ] - -# icmp gateway != 33-45 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp lt reg 1 0x21000000 ] - [ cmp gt reg 1 0x2d000000 ] - -# icmp gateway { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp gateway { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# icmp gateway != 34 -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000001 ] - [ payload load 4b @ transport header + 4 => reg 1 ] - [ cmp neq reg 1 0x22000000 ] - diff --git a/tests/regression/ip/ip.t b/tests/regression/ip/ip.t deleted file mode 100644 index 0339c2ac..00000000 --- a/tests/regression/ip/ip.t +++ /dev/null @@ -1,117 +0,0 @@ -*ip;test-ip4 -*inet;test-inet -:input;type filter hook input priority 0 - -- ip version 2;ok - -# bug ip hdrlength -- ip hdrlength 10;ok -- ip hdrlength != 5;ok -- ip hdrlength 5-8;ok -- ip hdrlength != 3-13;ok -- ip hdrlength {3, 5, 6, 8};ok -- ip hdrlength != {3, 5, 7, 8};ok -- ip hdrlength { 3-5};ok -- ip hdrlength != { 3-59};ok -# ip hdrlength 12 -# :1:1-38: Error: Could not process rule: Invalid argument -# add rule ip test input ip hdrlength 12 -# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -# :1:37-38: Error: Value 22 exceeds valid range 0-15 -# add rule ip test input ip hdrlength 22 - -- ip dscp CS1;ok -- ip dscp != CS1;ok -- ip dscp 0x38;ok -- ip dscp != 0x20;ok -- ip dscp {CS1, CS2, CS3, CS4, CS5, CS6, CS7, BE, AF11, AF12, AF13, AF21, AF22, AF23, AF31, AF32, AF33, AF41, AF42, AF43, EF};ok -- ip dscp {0x08, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x00, 0x0a, 0x0c, 0x0e, 0x12, 0x14, 0x16, 0x1a, 0x1c, 0x1e, 0x22, 0x24, 0x26, 0x2e};ok -- ip dscp != {CS0, CS3};ok - -ip length 232;ok -ip length != 233;ok -ip length 333-435;ok -ip length != 333-453;ok -ip length { 333, 553, 673, 838};ok -- ip length != { 333, 535, 637, 883};ok -ip length { 333-535};ok -- ip length != { 333-553};ok - -ip id 22;ok -ip id != 233;ok -ip id 33-45;ok -ip id != 33-45;ok -ip id { 33, 55, 67, 88};ok -- ip id != { 33, 55, 67, 88};ok -ip id { 33-55};ok -- ip id != { 33-55};ok - -ip frag-off 222 accept;ok -ip frag-off != 233;ok -ip frag-off 33-45;ok -ip frag-off != 33-45;ok -ip frag-off { 33, 55, 67, 88};ok -- ip frag-off != { 33, 55, 67, 88};ok -ip frag-off { 33-55};ok -- ip frag-off != { 33-55};ok - -ip ttl 0 drop;ok -ip ttl 233 log;ok -ip ttl 33-55;ok -ip ttl != 45-50;ok -ip ttl {43, 53, 45 };ok -- ip ttl != {46, 56, 93 };ok -# BUG: ip ttl != {46, 56, 93 };ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. -ip ttl { 33-55};ok -- ip ttl != { 33-55};ok - -ip protocol tcp log;ok;ip protocol 6 log -ip protocol != tcp log;ok;ip protocol != 6 log -ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept -- ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok - -ip checksum 13172 drop;ok -ip checksum 22;ok -ip checksum != 233;ok -ip checksum 33-45;ok -ip checksum != 33-45;ok -ip checksum { 33, 55, 67, 88};ok -- ip checksum != { 33, 55, 67, 88};ok -ip checksum { 33-55};ok -- ip checksum != { 33-55};ok - -ip saddr 192.168.2.0/24;ok -ip saddr != 192.168.2.0/24;ok -ip saddr 192.168.3.1 ip daddr 192.168.3.100;ok -ip saddr != 1.1.1.1 log prefix giuseppe;ok;ip saddr != 1.1.1.1 log prefix "giuseppe" -ip saddr 1.1.1.1 log prefix example group 1;ok;ip saddr 1.1.1.1 log prefix "example" group 1 -ip daddr 192.168.0.1-192.168.0.250;ok -ip daddr 10.0.0.0-10.255.255.255;ok -ip daddr 172.16.0.0-172.31.255.255;ok -ip daddr 192.168.3.1-192.168.4.250;ok -ip daddr != 192.168.0.1-192.168.0.250;ok -ip daddr { 192.168.0.1-192.168.0.250};ok -- ip daddr != { 192.168.0.1-192.168.0.250};ok -ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok -- ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok - -ip daddr 192.168.1.2-192.168.1.55;ok -ip daddr != 192.168.1.2-192.168.1.55;ok -ip saddr 192.168.1.3-192.168.33.55;ok -ip saddr != 192.168.1.3-192.168.33.55;ok - -ip daddr 192.168.0.1;ok -ip daddr 192.168.0.1 drop;ok -ip daddr 192.168.0.2 log;ok - -ip saddr \& 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1 -ip saddr \& 0.0.0.255 \< 0.0.0.127;ok;ip saddr & 0.0.0.255 < 0.0.0.127 - -ip saddr \& 0xffff0000 == 0xffff0000;ok;ip saddr 255.255.0.0/16 - -ip version 4 ip hdrlength 5;ok -ip hdrlength 0;ok -ip hdrlength 15;ok -ip hdrlength 16;fail diff --git a/tests/regression/ip/ip.t.payload b/tests/regression/ip/ip.t.payload deleted file mode 100644 index da2dc218..00000000 --- a/tests/regression/ip/ip.t.payload +++ /dev/null @@ -1,386 +0,0 @@ -# ip length 232 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000e800 ] - -# ip length != 233 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip length 333-435 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004d01 ] - [ cmp lte reg 1 0x0000b301 ] - -# ip length != 333-453 -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp lt reg 1 0x00004d01 ] - [ cmp gt reg 1 0x0000c501 ] - -# ip length { 333, 553, 673, 838} -set%d test-ip4 3 -set%d test-ip4 0 - element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip length { 333-535} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id 22 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip id != 233 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip id 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip id != 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip id { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off 222 accept -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000de00 ] - [ immediate reg 0 accept ] - -# ip frag-off != 233 -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip frag-off 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip frag-off != 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip frag-off { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl 0 drop -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - [ immediate reg 0 drop ] - -# ip ttl 233 log -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - [ log prefix (null) ] - -# ip ttl 33-55 -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x00000037 ] - -# ip ttl != 45-50 -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp lt reg 1 0x0000002d ] - [ cmp gt reg 1 0x00000032 ] - -# ip ttl {43, 53, 45 } -set%d test-ip4 3 -set%d test-ip4 0 - element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -ip test-ip4 input - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip protocol tcp log -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol != tcp log -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept -set%d test-ip4 3 -set%d test-ip4 0 - element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -ip test-ip4 input - [ payload load 1b @ network header + 9 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip checksum 13172 drop -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00007433 ] - [ immediate reg 0 drop ] - -# ip checksum 22 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip checksum != 233 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip checksum 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip checksum != 33-45 -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip checksum { 33, 55, 67, 88} -set%d test-ip4 3 -set%d test-ip4 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip checksum { 33-55} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -ip test-ip4 input - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip saddr 192.168.2.0/24 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0002a8c0 ] - -# ip saddr != 192.168.2.0/24 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp neq reg 1 0x0002a8c0 ] - -# ip saddr 192.168.3.1 ip daddr 192.168.3.100 -ip test-ip4 input - [ payload load 8b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ] - -# ip saddr != 1.1.1.1 log prefix giuseppe -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp neq reg 1 0x01010101 ] - [ log prefix giuseppe ] - -# ip saddr 1.1.1.1 log prefix example group 1 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x01010101 ] - [ log prefix example group 1 snaplen 0 qthreshold 0] - -# ip daddr 192.168.0.1-192.168.0.250 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0100a8c0 ] - [ cmp lte reg 1 0xfa00a8c0 ] - -# ip daddr 10.0.0.0-10.255.255.255 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0xffffff0a ] - -# ip daddr 172.16.0.0-172.31.255.255 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x000010ac ] - [ cmp lte reg 1 0xffff1fac ] - -# ip daddr 192.168.3.1-192.168.4.250 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0103a8c0 ] - [ cmp lte reg 1 0xfa04a8c0 ] - -# ip daddr != 192.168.0.1-192.168.0.250 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0100a8c0 ] - [ cmp gt reg 1 0xfa00a8c0 ] - -# ip daddr { 192.168.0.1-192.168.0.250} -set%d test-ip4 7 -set%d test-ip4 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept -set%d test-ip4 3 -set%d test-ip4 0 - element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip daddr 192.168.1.2-192.168.1.55 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0201a8c0 ] - [ cmp lte reg 1 0x3701a8c0 ] - -# ip daddr != 192.168.1.2-192.168.1.55 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0201a8c0 ] - [ cmp gt reg 1 0x3701a8c0 ] - -# ip saddr 192.168.1.3-192.168.33.55 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp gte reg 1 0x0301a8c0 ] - [ cmp lte reg 1 0x3721a8c0 ] - -# ip saddr != 192.168.1.3-192.168.33.55 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp lt reg 1 0x0301a8c0 ] - [ cmp gt reg 1 0x3721a8c0 ] - -# ip daddr 192.168.0.1 -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - -# ip daddr 192.168.0.1 drop -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - [ immediate reg 0 drop ] - -# ip daddr 192.168.0.2 log -ip test-ip4 input - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0200a8c0 ] - [ log prefix (null) ] - -# ip saddr \& 0xff == 1 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x01000000 ] - -# ip saddr \& 0.0.0.255 \< 0.0.0.127 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp lt reg 1 0x7f000000 ] - -# ip saddr \& 0xffff0000 == 0xffff0000 -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000ffff ] - -# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} -set%d test-ip 3 -set%d test-ip 0 - element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] -ip test-ip input - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 1b @ network header + 9 => reg 10 ] - [ lookup reg 1 set set%d ] - -# ip version 4 ip hdrlength 5 -ip test-ip4 input - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000040 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000005 ] - -# ip hdrlength 0 -ip test-ip4 input - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# ip hdrlength 15 -ip test-ip4 input - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000f ] - diff --git a/tests/regression/ip/ip.t.payload.inet b/tests/regression/ip/ip.t.payload.inet deleted file mode 100644 index 35f73ff7..00000000 --- a/tests/regression/ip/ip.t.payload.inet +++ /dev/null @@ -1,506 +0,0 @@ -# ip length 232 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000e800 ] - -# ip length != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip length 333-435 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp gte reg 1 0x00004d01 ] - [ cmp lte reg 1 0x0000b301 ] - -# ip length != 333-453 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ cmp lt reg 1 0x00004d01 ] - [ cmp gt reg 1 0x0000c501 ] - -# ip length { 333, 553, 673, 838} -set%d test-inet 3 -set%d test-inet 0 - element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip length { 333-535} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id 22 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip id != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip id 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip id != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip id { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip id { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 4 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off 222 accept -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x0000de00 ] - [ immediate reg 0 accept ] - -# ip frag-off != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip frag-off 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip frag-off != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip frag-off { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip frag-off { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 6 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl 0 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x00000000 ] - [ immediate reg 0 drop ] - -# ip ttl 233 log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp eq reg 1 0x000000e9 ] - [ log prefix (null) ] - -# ip ttl 33-55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp gte reg 1 0x00000021 ] - [ cmp lte reg 1 0x00000037 ] - -# ip ttl != 45-50 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ cmp lt reg 1 0x0000002d ] - [ cmp gt reg 1 0x00000032 ] - -# ip ttl {43, 53, 45 } -set%d test-inet 3 -set%d test-inet 0 - element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip ttl { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 8 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip protocol tcp log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol != tcp log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp neq reg 1 0x00000006 ] - [ log prefix (null) ] - -# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept -set%d test-inet 3 -set%d test-inet 0 - element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip checksum 13172 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00007433 ] - [ immediate reg 0 drop ] - -# ip checksum 22 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -# ip checksum != 233 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp neq reg 1 0x0000e900 ] - -# ip checksum 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp gte reg 1 0x00002100 ] - [ cmp lte reg 1 0x00002d00 ] - -# ip checksum != 33-45 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ cmp lt reg 1 0x00002100 ] - [ cmp gt reg 1 0x00002d00 ] - -# ip checksum { 33, 55, 67, 88} -set%d test-inet 3 -set%d test-inet 0 - element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip checksum { 33-55} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 2b @ network header + 10 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip saddr 192.168.2.0/24 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0002a8c0 ] - -# ip saddr != 192.168.2.0/24 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] - [ cmp neq reg 1 0x0002a8c0 ] - -# ip saddr 192.168.3.1 ip daddr 192.168.3.100 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 8b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ] - -# ip saddr != 1.1.1.1 log prefix giuseppe -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp neq reg 1 0x01010101 ] - [ log prefix giuseppe ] - -# ip saddr 1.1.1.1 log prefix example group 1 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp eq reg 1 0x01010101 ] - [ log prefix example group 1 snaplen 0 qthreshold 0] - -# ip daddr 192.168.0.1-192.168.0.250 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0100a8c0 ] - [ cmp lte reg 1 0xfa00a8c0 ] - -# ip daddr 10.0.0.0-10.255.255.255 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0xffffff0a ] - -# ip daddr 172.16.0.0-172.31.255.255 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x000010ac ] - [ cmp lte reg 1 0xffff1fac ] - -# ip daddr 192.168.3.1-192.168.4.250 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0103a8c0 ] - [ cmp lte reg 1 0xfa04a8c0 ] - -# ip daddr != 192.168.0.1-192.168.0.250 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0100a8c0 ] - [ cmp gt reg 1 0xfa00a8c0 ] - -# ip daddr { 192.168.0.1-192.168.0.250} -set%d test-inet 7 -set%d test-inet 0 - element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - -# ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept -set%d test-inet 3 -set%d test-inet 0 - element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 0 accept ] - -# ip daddr 192.168.1.2-192.168.1.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0201a8c0 ] - [ cmp lte reg 1 0x3701a8c0 ] - -# ip daddr != 192.168.1.2-192.168.1.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp lt reg 1 0x0201a8c0 ] - [ cmp gt reg 1 0x3701a8c0 ] - -# ip saddr 192.168.1.3-192.168.33.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp gte reg 1 0x0301a8c0 ] - [ cmp lte reg 1 0x3721a8c0 ] - -# ip saddr != 192.168.1.3-192.168.33.55 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ cmp lt reg 1 0x0301a8c0 ] - [ cmp gt reg 1 0x3721a8c0 ] - -# ip daddr 192.168.0.1 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - -# ip daddr 192.168.0.1 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0100a8c0 ] - [ immediate reg 0 drop ] - -# ip daddr 192.168.0.2 log -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0200a8c0 ] - [ log prefix (null) ] - -# ip saddr \& 0xff == 1 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x01000000 ] - -# ip saddr \& 0.0.0.255 \< 0.0.0.127 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] - [ cmp lt reg 1 0x7f000000 ] - -# ip saddr \& 0xffff0000 == 0xffff0000 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000ffff ] - -# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp} -set%d test-ip 3 -set%d test-ip 0 - element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end] -inet test-ip input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ payload load 4b @ network header + 16 => reg 9 ] - [ payload load 1b @ network header + 9 => reg 10 ] - [ lookup reg 1 set set%d ] - -# ip version 4 ip hdrlength 5 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000040 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000005 ] - -# ip hdrlength 0 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x00000000 ] - -# ip hdrlength 15 -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 1b @ network header + 0 => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0000000f ] - diff --git a/tests/regression/ip/masquerade.t b/tests/regression/ip/masquerade.t deleted file mode 100644 index 35001f37..00000000 --- a/tests/regression/ip/masquerade.t +++ /dev/null @@ -1,25 +0,0 @@ -*ip;test-ip4 -:postrouting;type nat hook postrouting priority 0 - -# nf_nat flags combination -udp dport 53 masquerade;ok -udp dport 53 masquerade random;ok -udp dport 53 masquerade random,persistent;ok -udp dport 53 masquerade random,persistent,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent -udp dport 53 masquerade random,fully-random;ok -udp dport 53 masquerade random,fully-random,persistent;ok -udp dport 53 masquerade persistent;ok -udp dport 53 masquerade persistent,random;ok;udp dport 53 masquerade random,persistent -udp dport 53 masquerade persistent,random,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent -udp dport 53 masquerade persistent,fully-random;ok;udp dport 53 masquerade fully-random,persistent -udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerade random,fully-random,persistent - -# masquerade is a terminal statement -tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail -tcp sport 22 masquerade accept;fail -ip saddr 10.1.1.1 masquerade drop;fail - -# masquerade with sets -tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade;ok -ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 masquerade;ok -iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade;ok diff --git a/tests/regression/ip/masquerade.t.payload b/tests/regression/ip/masquerade.t.payload deleted file mode 100644 index 9390f0cf..00000000 --- a/tests/regression/ip/masquerade.t.payload +++ /dev/null @@ -1,127 +0,0 @@ -# udp dport 53 masquerade -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq ] - -# udp dport 53 masquerade random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x4 ] - -# udp dport 53 masquerade random,persistent -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0xc ] - -# udp dport 53 masquerade random,persistent,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade random,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x14 ] - -# udp dport 53 masquerade random,fully-random,persistent -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade persistent -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x8 ] - -# udp dport 53 masquerade persistent,random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0xc ] - -# udp dport 53 masquerade persistent,random,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# udp dport 53 masquerade persistent,fully-random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x18 ] - -# udp dport 53 masquerade persistent,fully-random,random -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ masq flags 0x1c ] - -# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade -set%d test-ip4 3 -set%d test-ip4 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] -ip test-ip4 postrouting - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ masq ] - -# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 masquerade -ip test-ip4 postrouting - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0x0403020a ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ counter pkts 0 bytes 0 ] - [ masq ] - -# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade -map%d test-ip4 b -map%d test-ip4 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - [ masq ] - diff --git a/tests/regression/ip/redirect.t b/tests/regression/ip/redirect.t deleted file mode 100644 index b7eecb74..00000000 --- a/tests/regression/ip/redirect.t +++ /dev/null @@ -1,45 +0,0 @@ -*ip;test-ip4 -:output;type nat hook output priority 0 - -# without arguments -udp dport 53 redirect;ok - -# nf_nat flags combination -udp dport 53 redirect random;ok -udp dport 53 redirect random,persistent;ok -udp dport 53 redirect random,persistent,fully-random;ok;udp dport 53 redirect random,fully-random,persistent -udp dport 53 redirect random,fully-random;ok -udp dport 53 redirect random,fully-random,persistent;ok -udp dport 53 redirect persistent;ok -udp dport 53 redirect persistent,random;ok;udp dport 53 redirect random,persistent -udp dport 53 redirect persistent,random,fully-random;ok;udp dport 53 redirect random,fully-random,persistent -udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-random,persistent -udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent - -# port specification -tcp dport 22 redirect to 22;ok -udp dport 1234 redirect to 4321;ok -ip daddr 172.16.0.1 udp dport 9998 redirect to 6515;ok -tcp dport 39128 redirect to 993;ok -redirect to 1234;fail -redirect to 12341111;fail - -# both port and nf_nat flags -tcp dport 9128 redirect to 993 random;ok -tcp dport 9128 redirect to 993 fully-random;ok -tcp dport 9128 redirect to 123 persistent;ok -tcp dport 9128 redirect to 123 random,persistent;ok - -# nf_nat flags is the last argument -udp dport 1234 redirect random to 123;fail -udp dport 21234 redirect persistent,fully-random to 431;fail - -# redirect is a terminal statement -tcp dport 22 redirect counter packets 0 bytes 0 accept;fail -tcp sport 22 redirect accept;fail -ip saddr 10.1.1.1 redirect drop;fail - -# redirect with sets -tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok -ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect;ok -iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok diff --git a/tests/regression/ip/redirect.t.payload b/tests/regression/ip/redirect.t.payload deleted file mode 100644 index ac718043..00000000 --- a/tests/regression/ip/redirect.t.payload +++ /dev/null @@ -1,201 +0,0 @@ -# udp dport 53 redirect -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir ] - -# udp dport 53 redirect random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x4 ] - -# udp dport 53 redirect random,persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0xc ] - -# udp dport 53 redirect random,persistent,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect random,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x14 ] - -# udp dport 53 redirect random,fully-random,persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x8 ] - -# udp dport 53 redirect persistent,random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0xc ] - -# udp dport 53 redirect persistent,random,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# udp dport 53 redirect persistent,fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x18 ] - -# udp dport 53 redirect persistent,fully-random,random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ redir flags 0x1c ] - -# tcp dport 22 redirect to 22 -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - [ immediate reg 1 0x00001600 ] - [ redir proto_min reg 1 ] - -# udp dport 1234 redirect to 4321 -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000d204 ] - [ immediate reg 1 0x0000e110 ] - [ redir proto_min reg 1 ] - -# ip daddr 172.16.0.1 udp dport 9998 redirect to 6515 -ip test-ip4 output - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x010010ac ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00000e27 ] - [ immediate reg 1 0x00007319 ] - [ redir proto_min reg 1 ] - -# tcp dport 39128 redirect to 993 -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000d898 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 ] - -# tcp dport 9128 redirect to 993 random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x4 ] - -# tcp dport 9128 redirect to 993 fully-random -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x0000e103 ] - [ redir proto_min reg 1 flags 0x10 ] - -# tcp dport 9128 redirect to 123 persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x00007b00 ] - [ redir proto_min reg 1 flags 0x8 ] - -# tcp dport 9128 redirect to 123 random,persistent -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x0000a823 ] - [ immediate reg 1 0x00007b00 ] - [ redir proto_min reg 1 flags 0xc ] - -# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect -set%d test-ip4 3 -set%d test-ip4 0 - element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] -ip test-ip4 output - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ redir ] - -# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect -ip test-ip4 output - [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp gte reg 1 0x0000000a ] - [ cmp lte reg 1 0x0403020a ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000011 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00003500 ] - [ counter pkts 0 bytes 0 ] - [ redir ] - -# iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect -map%d test-ip4 b -map%d test-ip4 0 - element 00001600 : 0 [end] element 0000de00 : 0 [end] -ip test-ip4 output - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ ct load state => reg 1 ] - [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] - [ cmp neq reg 1 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set map%d dreg 0 ] - [ redir ] - diff --git a/tests/regression/ip/reject.t b/tests/regression/ip/reject.t deleted file mode 100644 index 70a63a0b..00000000 --- a/tests/regression/ip/reject.t +++ /dev/null @@ -1,14 +0,0 @@ -*ip;test-ip4 -:output;type filter hook output priority 0 - -reject;ok -reject with icmp type host-unreachable;ok -reject with icmp type net-unreachable;ok -reject with icmp type prot-unreachable;ok -reject with icmp type port-unreachable;ok;reject -reject with icmp type net-prohibited;ok -reject with icmp type host-prohibited;ok -reject with icmp type admin-prohibited;ok - -reject with icmp type no-route;fail -reject with icmpv6 type no-route;fail diff --git a/tests/regression/ip/reject.t.payload b/tests/regression/ip/reject.t.payload deleted file mode 100644 index d5e87665..00000000 --- a/tests/regression/ip/reject.t.payload +++ /dev/null @@ -1,32 +0,0 @@ -# reject -ip test-ip4 output - [ reject type 0 code 3 ] - -# reject with icmp type host-unreachable -ip test-ip4 output - [ reject type 0 code 1 ] - -# reject with icmp type net-unreachable -ip test-ip4 output - [ reject type 0 code 0 ] - -# reject with icmp type prot-unreachable -ip test-ip4 output - [ reject type 0 code 2 ] - -# reject with icmp type port-unreachable -ip test-ip4 output - [ reject type 0 code 3 ] - -# reject with icmp type net-prohibited -ip test-ip4 output - [ reject type 0 code 9 ] - -# reject with icmp type host-prohibited -ip test-ip4 output - [ reject type 0 code 10 ] - -# reject with icmp type admin-prohibited -ip test-ip4 output - [ reject type 0 code 13 ] - diff --git a/tests/regression/ip/sets.t b/tests/regression/ip/sets.t deleted file mode 100644 index c199dbd2..00000000 --- a/tests/regression/ip/sets.t +++ /dev/null @@ -1,30 +0,0 @@ -*ip;test-ip4 -*inet;test-inet -:input;type filter hook input priority 0 - -!set_ipv4_add ipv4_addr;ok -!set_inet inet_proto;ok -!set_inet_serv inet_service;ok -!set_time time;ok - -!set1 ipv4_addr;ok -?set1 192.168.3.4;ok - -?set1 192.168.3.4;fail -?set1 192.168.3.5 192.168.3.6;ok -?set1 192.168.3.5 192.168.3.6;fail -?set1 192.168.3.8 192.168.3.9;ok -?set1 192.168.3.10 192.168.3.11;ok -?set1 1234:1234:1234:1234:1234:1234:1234:1234;fail -?set2 192.168.3.4;fail - -!set2 ipv4_addr;ok -?set2 192.168.3.4;ok -?set2 192.168.3.5 192.168.3.6;ok -?set2 192.168.3.5 192.168.3.6;fail -?set2 192.168.3.8 192.168.3.9;ok -?set2 192.168.3.10 192.168.3.11;ok - -ip saddr @set1 drop;ok -ip saddr @set2 drop;ok -ip saddr @set33 drop;fail diff --git a/tests/regression/ip/sets.t.payload.inet b/tests/regression/ip/sets.t.payload.inet deleted file mode 100644 index f8e97ccb..00000000 --- a/tests/regression/ip/sets.t.payload.inet +++ /dev/null @@ -1,16 +0,0 @@ -# ip saddr @set1 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set1 ] - [ immediate reg 0 drop ] - -# ip saddr @set2 drop -inet test-inet input - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x00000002 ] - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set2 ] - [ immediate reg 0 drop ] - diff --git a/tests/regression/ip/sets.t.payload.ip b/tests/regression/ip/sets.t.payload.ip deleted file mode 100644 index ece63d0e..00000000 --- a/tests/regression/ip/sets.t.payload.ip +++ /dev/null @@ -1,12 +0,0 @@ -# ip saddr @set1 drop -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set1 ] - [ immediate reg 0 drop ] - -# ip saddr @set2 drop -ip test-ip4 input - [ payload load 4b @ network header + 12 => reg 1 ] - [ lookup reg 1 set set2 ] - [ immediate reg 0 drop ] - diff --git a/tests/regression/ip/snat.t b/tests/regression/ip/snat.t deleted file mode 100644 index 1caf7c76..00000000 --- a/tests/regression/ip/snat.t +++ /dev/null @@ -1,12 +0,0 @@ -*ip;test-ip4 -:postrouting;type nat hook postrouting priority 0 - -iifname "eth0" tcp dport 80-90 snat 192.168.3.2;ok -iifname "eth0" tcp dport != 80-90 snat 192.168.3.2;ok -iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - -iifname "eth0" tcp dport != 23-34 snat 192.168.3.2;ok diff --git a/tests/regression/ip/snat.t.payload b/tests/regression/ip/snat.t.payload deleted file mode 100644 index 32ba4fa8..00000000 --- a/tests/regression/ip/snat.t.payload +++ /dev/null @@ -1,50 +0,0 @@ -# iifname "eth0" tcp dport 80-90 snat 192.168.3.2 -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp gte reg 1 0x00005000 ] - [ cmp lte reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 80-90 snat 192.168.3.2 -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00005000 ] - [ cmp gt reg 1 0x00005a00 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2 -set%d test-ip4 3 -set%d test-ip4 0 - element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ lookup reg 1 set set%d ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - -# iifname "eth0" tcp dport != 23-34 snat 192.168.3.2 -ip test-ip4 postrouting - [ meta load iifname => reg 1 ] - [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] - [ payload load 1b @ network header + 9 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp lt reg 1 0x00001700 ] - [ cmp gt reg 1 0x00002200 ] - [ immediate reg 1 0x0203a8c0 ] - [ nat snat ip addr_min reg 1 addr_max reg 0 ] - -- cgit v1.2.3