summaryrefslogtreecommitdiffstats
path: root/tests/py/bridge/reject.t.payload
blob: 7deb6fbf5facd0bddf30ba37127b1fafa2a83f2a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# reject with icmp type host-unreachable
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]
  [ reject type 0 code 1 ]

# reject with icmp type net-unreachable
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]
  [ reject type 0 code 0 ]

# reject with icmp type prot-unreachable
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]
  [ reject type 0 code 2 ]

# reject with icmp type port-unreachable
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]
  [ reject type 0 code 3 ]

# reject with icmp type net-prohibited
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]
  [ reject type 0 code 9 ]

# reject with icmp type host-prohibited
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]
  [ reject type 0 code 10 ]

# reject with icmp type admin-prohibited
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]
  [ reject type 0 code 13 ]

# reject with icmpv6 type no-route
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x0000dd86 ]
  [ reject type 0 code 0 ]

# reject with icmpv6 type admin-prohibited
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x0000dd86 ]
  [ reject type 0 code 1 ]

# reject with icmpv6 type addr-unreachable
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x0000dd86 ]
  [ reject type 0 code 3 ]

# reject with icmpv6 type port-unreachable
bridge test-bridge input
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x0000dd86 ]
  [ reject type 0 code 4 ]

# mark 12345 ip protocol tcp reject with tcp reset
bridge test-bridge input
  [ meta load mark => reg 1 ]
  [ cmp eq reg 1 0x00003039 ]
  [ meta load protocol => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]
  [ payload load 1b @ network header + 9 => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ reject type 1 code 0 ]

# reject
bridge test-bridge input
  [ reject type 2 code 1 ]

# ether type ip reject
bridge test-bridge input
  [ payload load 2b @ link header + 12 => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]
  [ reject type 0 code 3 ]

# ether type ip6 reject
bridge test-bridge input
  [ payload load 2b @ link header + 12 => reg 1 ]
  [ cmp eq reg 1 0x0000dd86 ]
  [ reject type 0 code 4 ]

# reject with icmpx type host-unreachable
bridge test-bridge input
  [ reject type 2 code 2 ]

# reject with icmpx type no-route
bridge test-bridge input
  [ reject type 2 code 0 ]

# reject with icmpx type admin-prohibited
bridge test-bridge input
  [ reject type 2 code 3 ]

# reject with icmpx type port-unreachable
bridge test-bridge input
  [ reject type 2 code 1 ]

# ether type ip reject with icmpx type admin-prohibited
bridge test-bridge input
  [ payload load 2b @ link header + 12 => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]
  [ reject type 2 code 3 ]

# ether type ip6 reject with icmpx type admin-prohibited
bridge test-bridge input
  [ payload load 2b @ link header + 12 => reg 1 ]
  [ cmp eq reg 1 0x0000dd86 ]
  [ reject type 2 code 3 ]

# ether type vlan reject
bridge
  [ payload load 2b @ link header + 12 => reg 1 ]
  [ cmp eq reg 1 0x00000081 ]
  [ reject type 2 code 1 ]

# ether type vlan reject with tcp reset
bridge
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 2b @ link header + 12 => reg 1 ]
  [ cmp eq reg 1 0x00000081 ]
  [ reject type 1 code 0 ]

# ether type vlan reject with icmpx type admin-prohibited
bridge
  [ payload load 2b @ link header + 12 => reg 1 ]
  [ cmp eq reg 1 0x00000081 ]
  [ reject type 2 code 3 ]