blob: 0353b056bb66d6463a4a1e18a3ef2934e89f8f7d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
# esp spi 100
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ cmp eq reg 1 0x64000000 ]
# esp spi != 100
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ cmp neq reg 1 0x64000000 ]
# esp spi 111-222
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ cmp gte reg 1 0x6f000000 ]
[ cmp lte reg 1 0xde000000 ]
# esp spi != 111-222
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ range neq reg 1 0x6f000000 0xde000000 ]
# esp spi { 100, 102}
__set%d test-inet 3
__set%d test-inet 0
element 64000000 : 0 [end] element 66000000 : 0 [end]
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ lookup reg 1 set __set%d ]
# esp spi != { 100, 102}
__set%d test-inet 3
__set%d test-inet 0
element 64000000 : 0 [end] element 66000000 : 0 [end]
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 0 => reg 1 ]
[ lookup reg 1 set __set%d 0x1 ]
# esp sequence 22
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 4 => reg 1 ]
[ cmp eq reg 1 0x16000000 ]
# esp sequence 22-24
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 4 => reg 1 ]
[ cmp gte reg 1 0x16000000 ]
[ cmp lte reg 1 0x18000000 ]
# esp sequence != 22-24
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 4 => reg 1 ]
[ range neq reg 1 0x16000000 0x18000000 ]
# esp sequence { 22, 24}
__set%d test-inet 3
__set%d test-inet 0
element 16000000 : 0 [end] element 18000000 : 0 [end]
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 4 => reg 1 ]
[ lookup reg 1 set __set%d ]
# esp sequence != { 22, 24}
__set%d test-inet 3
__set%d test-inet 0
element 16000000 : 0 [end] element 18000000 : 0 [end]
inet test-inet input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
[ payload load 4b @ transport header + 4 => reg 1 ]
[ lookup reg 1 set __set%d 0x1 ]
|