tests/py/inet/reject.t.payload.inet


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

# reject with icmp host-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 1 ]

# reject with icmp net-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 0 ]

# reject with icmp prot-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 2 ]

# reject with icmp port-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 3 ]

# reject with icmp net-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 9 ]

# reject with icmp host-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 10 ]

# reject with icmp admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 13 ]

# reject with icmpv6 no-route
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 0 ]

# reject with icmpv6 admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 1 ]

# reject with icmpv6 addr-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 3 ]

# reject with icmpv6 port-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 4 ]

# mark 12345 reject with tcp reset
inet test-inet input
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ meta load mark => reg 1 ]
  [ cmp eq reg 1 0x00003039 ]
  [ reject type 1 code 0 ]

# reject
inet test-inet input
  [ reject type 2 code 1 ]

# meta nfproto ipv4 reject
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 3 ]

# meta nfproto ipv6 reject
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 4 ]

# reject with icmpx host-unreachable
inet test-inet input
  [ reject type 2 code 2 ]

# reject with icmpx no-route
inet test-inet input
  [ reject type 2 code 0 ]

# reject with icmpx admin-prohibited
inet test-inet input
  [ reject type 2 code 3 ]

# reject with icmpx port-unreachable
inet test-inet input
  [ reject type 2 code 1 ]

# reject with icmpx 3
inet test-inet input
  [ reject type 2 code 3 ]

# meta nfproto ipv4 reject with icmp host-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 1 ]

# meta nfproto ipv6 reject with icmpv6 no-route
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 0 ]

# meta nfproto ipv4 reject with icmpx admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 2 code 3 ]

# meta nfproto ipv6 reject with icmpx admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 2 code 3 ]