summaryrefslogtreecommitdiffstats
path: root/tests/py/ip/ip.t
blob: 9ab15df63a3d699124e7513f73b5d8812ef86f04 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
:input;type filter hook input priority 0
:ingress;type filter hook ingress device lo priority 0

*ip;test-ip4;input
*inet;test-inet;input
*netdev;test-netdev;ingress

- ip version 2;ok

# bug ip hdrlength
- ip hdrlength 10;ok
- ip hdrlength != 5;ok
- ip hdrlength 5-8;ok
- ip hdrlength != 3-13;ok
- ip hdrlength {3, 5, 6, 8};ok
- ip hdrlength != {3, 5, 7, 8};ok
- ip hdrlength { 3-5};ok
- ip hdrlength != { 3-59};ok
# ip hdrlength 12
# <cmdline>:1:1-38: Error: Could not process rule: Invalid argument
# add rule ip test input ip hdrlength 12
# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
# <cmdline>:1:37-38: Error: Value 22 exceeds valid range 0-15
# add rule ip test input ip hdrlength 22

ip dscp cs1;ok
ip dscp != cs1;ok
ip dscp 0x38;ok;ip dscp cs7
ip dscp != 0x20;ok;ip dscp != cs4
ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef};ok
- ip dscp {0x08, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x00, 0x0a, 0x0c, 0x0e, 0x12, 0x14, 0x16, 0x1a, 0x1c, 0x1e, 0x22, 0x24, 0x26, 0x2e};ok
ip dscp != {cs0, cs3};ok

ip length 232;ok
ip length != 233;ok
ip length 333-435;ok
ip length != 333-453;ok
ip length { 333, 553, 673, 838};ok
ip length != { 333, 553, 673, 838};ok
ip length { 333-535};ok
ip length != { 333-535};ok

ip id 22;ok
ip id != 233;ok
ip id 33-45;ok
ip id != 33-45;ok
ip id { 33, 55, 67, 88};ok
ip id != { 33, 55, 67, 88};ok
ip id { 33-55};ok
ip id != { 33-55};ok

ip frag-off 222 accept;ok
ip frag-off != 233;ok
ip frag-off 33-45;ok
ip frag-off != 33-45;ok
ip frag-off { 33, 55, 67, 88};ok
ip frag-off != { 33, 55, 67, 88};ok
ip frag-off { 33-55};ok
ip frag-off != { 33-55};ok

ip ttl 0 drop;ok
ip ttl 233;ok
ip ttl 33-55;ok
ip ttl != 45-50;ok
ip ttl {43, 53, 45 };ok
ip ttl != {43, 53, 45 };ok
ip ttl { 33-55};ok
ip ttl != { 33-55};ok

ip protocol tcp;ok;ip protocol 6
ip protocol != tcp;ok;ip protocol != 6
ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept
ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol != { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept

ip protocol 255;ok
ip protocol 256;fail

ip checksum 13172 drop;ok
ip checksum 22;ok
ip checksum != 233;ok
ip checksum 33-45;ok
ip checksum != 33-45;ok
ip checksum { 33, 55, 67, 88};ok
ip checksum != { 33, 55, 67, 88};ok
ip checksum { 33-55};ok
ip checksum != { 33-55};ok

ip saddr set {192.19.1.2, 191.1.22.1};fail

ip saddr 192.168.2.0/24;ok
ip saddr != 192.168.2.0/24;ok
ip saddr 192.168.3.1 ip daddr 192.168.3.100;ok
ip saddr != 1.1.1.1;ok;ip saddr != 1.1.1.1
ip saddr 1.1.1.1;ok;ip saddr 1.1.1.1
ip daddr 192.168.0.1-192.168.0.250;ok
ip daddr 10.0.0.0-10.255.255.255;ok
ip daddr 172.16.0.0-172.31.255.255;ok
ip daddr 192.168.3.1-192.168.4.250;ok
ip daddr != 192.168.0.1-192.168.0.250;ok
ip daddr { 192.168.0.1-192.168.0.250};ok
ip daddr != { 192.168.0.1-192.168.0.250};ok
ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok
ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok

ip daddr 192.168.1.2-192.168.1.55;ok
ip daddr != 192.168.1.2-192.168.1.55;ok
ip saddr 192.168.1.3-192.168.33.55;ok
ip saddr != 192.168.1.3-192.168.33.55;ok

ip daddr 192.168.0.1;ok
ip daddr 192.168.0.1 drop;ok
ip daddr 192.168.0.2;ok

ip saddr \& 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1
ip saddr \& 0.0.0.255 \< 0.0.0.127;ok;ip saddr & 0.0.0.255 < 0.0.0.127

ip saddr \& 0xffff0000 == 0xffff0000;ok;ip saddr 255.255.0.0/16

ip version 4 ip hdrlength 5;ok
ip hdrlength 0;ok
ip hdrlength 15;ok
ip hdrlength 16;fail

# limit impact to lo
iif "lo" ip daddr set 127.0.0.1;ok
iif "lo" ip checksum set 0;ok
iif "lo" ip id set 0;ok
iif "lo" ip ecn set 1;ok;iif "lo" ip ecn set ect1
iif "lo" ip ecn set ce;ok

iif "lo" ip dscp set af23;ok
iif "lo" ip dscp set cs0;ok