tests/py/inet/reject.t.payload.inet


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

# reject with icmp type host-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 1 ]

# reject with icmp type net-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 0 ]

# reject with icmp type prot-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 2 ]

# reject with icmp type port-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 3 ]

# reject with icmp type net-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 9 ]

# reject with icmp type host-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 10 ]

# reject with icmp type admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 13 ]

# reject with icmpv6 type no-route
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 0 ]

# reject with icmpv6 type admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 1 ]

# reject with icmpv6 type addr-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 3 ]

# reject with icmpv6 type port-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 4 ]

# mark 12345 reject with tcp reset
inet test-inet input
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ meta load mark => reg 1 ]
  [ cmp eq reg 1 0x00003039 ]
  [ reject type 1 code 0 ]

# reject
inet test-inet input
  [ reject type 2 code 1 ]

# meta nfproto ipv4 reject
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 3 ]

# meta nfproto ipv6 reject
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 4 ]

# reject with icmpx type host-unreachable
inet test-inet input
  [ reject type 2 code 2 ]

# reject with icmpx type no-route
inet test-inet input
  [ reject type 2 code 0 ]

# reject with icmpx type admin-prohibited
inet test-inet input
  [ reject type 2 code 3 ]

# reject with icmpx type port-unreachable
inet test-inet input
  [ reject type 2 code 1 ]

# meta nfproto ipv4 reject with icmp type host-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 1 ]

# meta nfproto ipv6 reject with icmpv6 type no-route
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 0 ]

# meta nfproto ipv4 reject with icmpx type admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 2 code 3 ]

# meta nfproto ipv6 reject with icmpx type admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 2 code 3 ]