tests/py/ip6/masquerade.t.payload.ip6


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

# udp dport 53 masquerade
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq ]

# udp dport 53 masquerade random
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq flags 0x4 ]

# udp dport 53 masquerade random,persistent
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq flags 0xc ]

# udp dport 53 masquerade random,persistent,fully-random
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq flags 0x1c ]

# udp dport 53 masquerade random,fully-random
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq flags 0x14 ]

# udp dport 53 masquerade random,fully-random,persistent
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq flags 0x1c ]

# udp dport 53 masquerade persistent
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq flags 0x8 ]

# udp dport 53 masquerade persistent,random
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq flags 0xc ]

# udp dport 53 masquerade persistent,random,fully-random
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq flags 0x1c ]

# udp dport 53 masquerade persistent,fully-random
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq flags 0x18 ]

# udp dport 53 masquerade persistent,fully-random,random
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ masq flags 0x1c ]

# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade
__set%d test-ip6 3
__set%d test-ip6 0
	element 0001	element 0002	element 0003	element 0004	element 0005	element 0006	element 0007	element 0008	element 0065	element 00ca	element 012f	element 03e9	element 07d2	element 0bbb
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x06 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ lookup reg 1 set __set%d ]
  [ masq ]

# ip6 daddr fe00::1-fe00::200 udp dport 53 counter masquerade
ip6 test-ip6 postrouting
  [ payload load 16b @ network header + 24 => reg 1 ]
  [ range eq reg 1 0xfe000000 0x00000000 0x00000000 0x00000001 0xfe000000 0x00000000 0x00000000 0x00000200 ]
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x11 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0035 ]
  [ counter pkts 0 bytes 0 ]
  [ masq ]

# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade
__map%d test-ip6 b
__map%d test-ip6 0
	element 0016 : drop	element 00de : drop
ip6 test-ip6 postrouting
  [ meta load iifname => reg 1 ]
  [ cmp eq reg 1 0x65746830 0x00000000 0x00000000 0x00000000 ]
  [ ct load state => reg 1 ]
  [ bitwise reg 1 = ( reg 1 & 0x0000000a ) ^ 0x00000000 ]
  [ cmp neq reg 1 0x00000000 ]
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x06 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ lookup reg 1 set __map%d dreg 0 ]
  [ masq ]

# meta l4proto 6 masquerade to :1024
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x06 ]
  [ immediate reg 1 0x0400 ]
  [ masq proto_min reg 1 flags 0x2 ]

# meta l4proto 6 masquerade to :1024-2048
ip6 test-ip6 postrouting
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x06 ]
  [ immediate reg 1 0x0400 ]
  [ immediate reg 2 0x0800 ]
  [ masq proto_min reg 1 proto_max reg 2 flags 0x2 ]