Signed-off-by: Anatole Denis <anatole@xxxxxxxxx> --- tests/py/ip/dnat.t | 6 +- tests/py/ip/dnat.t.payload.ip | 14 ++++ tests/py/ip/icmp.t | 42 ++++------- tests/py/ip/icmp.t.payload.ip | 152 ++++++++++++++++++++++++++++++++++++++ tests/py/ip/ip.t | 31 ++++---- tests/py/ip/ip.t.payload | 115 ++++++++++++++++++++++++++++ tests/py/ip/ip.t.payload.inet | 143 +++++++++++++++++++++++++++++++++++ tests/py/ip/ip.t.payload.netdev | 143 +++++++++++++++++++++++++++++++++++ tests/py/ip/sets.t | 3 + tests/py/ip/sets.t.payload.inet | 16 ++++ tests/py/ip/sets.t.payload.ip | 12 +++ tests/py/ip/sets.t.payload.netdev | 16 ++++ tests/py/ip/snat.t | 5 +- tests/py/ip/snat.t.payload | 14 ++++ 14 files changed, 659 insertions(+), 53 deletions(-) diff --git a/tests/py/ip/dnat.t b/tests/py/ip/dnat.t index d1ffdd7..da00106 100644 --- a/tests/py/ip/dnat.t +++ b/tests/py/ip/dnat.t @@ -5,11 +5,7 @@ iifname "eth0" tcp dport 80-90 dnat to 192.168.3.2;ok iifname "eth0" tcp dport != 80-90 dnat to 192.168.3.2;ok iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. - +iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2;ok iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2;ok dnat to ct mark map { 0x00000014 : 1.2.3.4};ok diff --git a/tests/py/ip/dnat.t.payload.ip b/tests/py/ip/dnat.t.payload.ip index 6caa2c1..6692699 100644 --- a/tests/py/ip/dnat.t.payload.ip +++ b/tests/py/ip/dnat.t.payload.ip @@ -35,6 +35,20 @@ ip test-ip4 prerouting [ immediate reg 1 0x0203a8c0 ] [ nat dnat ip addr_min reg 1 addr_max reg 0 ] +# iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] +ip test-ip4 prerouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + # iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2 ip test-ip4 prerouting [ meta load iifname => reg 1 ] diff --git a/tests/py/ip/icmp.t b/tests/py/ip/icmp.t index a6a4261..5a7ce7e 100644 --- a/tests/py/ip/icmp.t +++ b/tests/py/ip/icmp.t @@ -20,34 +20,25 @@ icmp type address-mask-reply accept;ok icmp type router-advertisement accept;ok icmp type router-solicitation accept;ok icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply, router-advertisement, router-solicitation} accept;ok -- icmp type != {echo-reply, destination-unreachable, source-quench};ok -# BUG: icmp type != {echo-reply, destination-unreachable, source-quench} -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +icmp type != {echo-reply, destination-unreachable, source-quench};ok icmp code 111 accept;ok icmp code != 111 accept;ok icmp code 33-55;ok icmp code != 33-55;ok icmp code { 33-55};ok -- icmp code != { 33-55};ok +icmp code != { 33-55};ok icmp code { 2, 4, 54, 33, 56};ok -- icmp code != { 2, 4, 54, 33, 56};ok -# $ sudo nft add rule ip test input icmp code != {2, 4, 54, 33, 56} -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +icmp code != { 2, 4, 54, 33, 56};ok icmp checksum 12343 accept;ok icmp checksum != 12343 accept;ok icmp checksum 11-343 accept;ok icmp checksum != 11-343 accept;ok icmp checksum { 11-343} accept;ok -- icmp checksum != { 11-343} accept;ok +icmp checksum != { 11-343} accept;ok icmp checksum { 1111, 222, 343} accept;ok -- icmp checksum != { 1111, 222, 343} accept;ok -# BUG: invalid expression type set -# icmp checksum != { 1111, 222, 343} accept;ok -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +icmp checksum != { 1111, 222, 343} accept;ok icmp id 1245 log;ok icmp id 22;ok @@ -55,42 +46,39 @@ icmp id != 233;ok icmp id 33-45;ok icmp id != 33-45;ok icmp id { 33-55};ok -- icmp id != { 33-55};ok +icmp id != { 33-55};ok icmp id { 22, 34, 333};ok -- icmp id != { 22, 34, 333};ok -# BUG: invalid expression type set -# icmp id != { 22, 34, 333} -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +icmp id != { 22, 34, 333};ok icmp sequence 22;ok icmp sequence != 233;ok icmp sequence 33-45;ok icmp sequence != 33-45;ok icmp sequence { 33, 55, 67, 88};ok -- icmp sequence != { 33, 55, 67, 88};ok +icmp sequence != { 33, 55, 67, 88};ok icmp sequence { 33-55};ok -- icmp sequence != { 33-55};ok +icmp sequence != { 33-55};ok icmp mtu 33;ok icmp mtu 22-33;ok icmp mtu { 22-33};ok -- icmp mtu != { 22-33};ok +icmp mtu != { 22-33};ok icmp mtu 22;ok icmp mtu != 233;ok icmp mtu 33-45;ok icmp mtu != 33-45;ok icmp mtu { 33, 55, 67, 88};ok -- icmp mtu != { 33, 55, 67, 88};ok +icmp mtu != { 33, 55, 67, 88};ok icmp mtu { 33-55};ok -- icmp mtu != { 33-55};ok +icmp mtu != { 33-55};ok icmp gateway 22;ok icmp gateway != 233;ok icmp gateway 33-45;ok icmp gateway != 33-45;ok icmp gateway { 33, 55, 67, 88};ok -- icmp gateway != { 33, 55, 67, 88};ok +icmp gateway != { 33, 55, 67, 88};ok icmp gateway { 33-55};ok -- icmp gateway != { 33-55};ok +icmp gateway != { 33-55};ok icmp gateway != 34;ok -- icmp gateway != { 333, 334};ok +icmp gateway != { 333, 334};ok diff --git a/tests/py/ip/icmp.t.payload.ip b/tests/py/ip/icmp.t.payload.ip index b740ff8..1130b98 100644 --- a/tests/py/ip/icmp.t.payload.ip +++ b/tests/py/ip/icmp.t.payload.ip @@ -113,6 +113,16 @@ ip test-ip4 input [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# icmp type != {echo-reply, destination-unreachable, source-quench} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000000 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 0 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp code 111 accept ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -154,6 +164,16 @@ ip test-ip4 input [ payload load 1b @ transport header + 1 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp code != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp code { 2, 4, 54, 33, 56} __set%d test-ip4 3 __set%d test-ip4 0 @@ -164,6 +184,16 @@ ip test-ip4 input [ payload load 1b @ transport header + 1 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp code != { 2, 4, 54, 33, 56} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000036 : 0 [end] element 00000021 : 0 [end] element 00000038 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 1b @ transport header + 1 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp checksum 12343 accept ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -208,6 +238,17 @@ ip test-ip4 input [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# icmp checksum != { 11-343} accept +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00000b00 : 0 [end] element 00005801 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # icmp checksum { 1111, 222, 343} accept __set%d test-ip4 3 __set%d test-ip4 0 @@ -219,6 +260,17 @@ ip test-ip4 input [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# icmp checksum != { 1111, 222, 343} accept +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00005704 : 0 [end] element 0000de00 : 0 [end] element 00005701 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # icmp id 1245 log ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -266,6 +318,16 @@ ip test-ip4 input [ payload load 2b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp id != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp id { 22, 34, 333} __set%d test-ip4 3 __set%d test-ip4 0 @@ -276,6 +338,16 @@ ip test-ip4 input [ payload load 2b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp id != { 22, 34, 333} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00001600 : 0 [end] element 00002200 : 0 [end] element 00004d01 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp sequence 22 ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -315,6 +387,16 @@ ip test-ip4 input [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp sequence != { 33, 55, 67, 88} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp sequence { 33-55} __set%d test-ip4 7 __set%d test-ip4 0 @@ -325,6 +407,16 @@ ip test-ip4 input [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp sequence != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp mtu 33 ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -350,6 +442,16 @@ ip test-ip4 input [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp mtu != { 22-33} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00001600 : 0 [end] element 00002200 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp mtu 22 ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -389,6 +491,16 @@ ip test-ip4 input [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp mtu != { 33, 55, 67, 88} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp mtu { 33-55} __set%d test-ip4 7 __set%d test-ip4 0 @@ -399,6 +511,16 @@ ip test-ip4 input [ payload load 2b @ transport header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp mtu != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ transport header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp gateway 22 ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -438,6 +560,16 @@ ip test-ip4 input [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp gateway != { 33, 55, 67, 88} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp gateway { 33-55} __set%d test-ip4 7 __set%d test-ip4 0 @@ -448,6 +580,16 @@ ip test-ip4 input [ payload load 4b @ transport header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] +# icmp gateway != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp gateway != 34 ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -455,6 +597,16 @@ ip test-ip4 input [ payload load 4b @ transport header + 4 => reg 1 ] [ cmp neq reg 1 0x22000000 ] +# icmp gateway != { 333, 334} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 4d010000 : 0 [end] element 4e010000 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ transport header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # icmp type router-advertisement accept ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t index 8ed2e99..f984646 100644 --- a/tests/py/ip/ip.t +++ b/tests/py/ip/ip.t @@ -29,51 +29,48 @@ ip dscp 0x38;ok;ip dscp cs7 ip dscp != 0x20;ok;ip dscp != cs4 ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef};ok - ip dscp {0x08, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x00, 0x0a, 0x0c, 0x0e, 0x12, 0x14, 0x16, 0x1a, 0x1c, 0x1e, 0x22, 0x24, 0x26, 0x2e};ok -- ip dscp != {CS0, CS3};ok +ip dscp != {cs0, cs3};ok ip length 232;ok ip length != 233;ok ip length 333-435;ok ip length != 333-453;ok ip length { 333, 553, 673, 838};ok -- ip length != { 333, 535, 637, 883};ok +ip length != { 333, 553, 673, 838};ok ip length { 333-535};ok -- ip length != { 333-553};ok +ip length != { 333-535};ok ip id 22;ok ip id != 233;ok ip id 33-45;ok ip id != 33-45;ok ip id { 33, 55, 67, 88};ok -- ip id != { 33, 55, 67, 88};ok +ip id != { 33, 55, 67, 88};ok ip id { 33-55};ok -- ip id != { 33-55};ok +ip id != { 33-55};ok ip frag-off 222 accept;ok ip frag-off != 233;ok ip frag-off 33-45;ok ip frag-off != 33-45;ok ip frag-off { 33, 55, 67, 88};ok -- ip frag-off != { 33, 55, 67, 88};ok +ip frag-off != { 33, 55, 67, 88};ok ip frag-off { 33-55};ok -- ip frag-off != { 33-55};ok +ip frag-off != { 33-55};ok ip ttl 0 drop;ok ip ttl 233;ok ip ttl 33-55;ok ip ttl != 45-50;ok ip ttl {43, 53, 45 };ok -- ip ttl != {46, 56, 93 };ok -# BUG: ip ttl != {46, 56, 93 };ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +ip ttl != {43, 53, 45 };ok ip ttl { 33-55};ok -- ip ttl != { 33-55};ok +ip ttl != { 33-55};ok ip protocol tcp;ok;ip protocol 6 ip protocol != tcp;ok;ip protocol != 6 ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept -- ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok +ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol != { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept ip protocol 255;ok ip protocol 256;fail @@ -84,9 +81,9 @@ ip checksum != 233;ok ip checksum 33-45;ok ip checksum != 33-45;ok ip checksum { 33, 55, 67, 88};ok -- ip checksum != { 33, 55, 67, 88};ok +ip checksum != { 33, 55, 67, 88};ok ip checksum { 33-55};ok -- ip checksum != { 33-55};ok +ip checksum != { 33-55};ok ip saddr 192.168.2.0/24;ok ip saddr != 192.168.2.0/24;ok @@ -99,9 +96,9 @@ ip daddr 172.16.0.0-172.31.255.255;ok ip daddr 192.168.3.1-192.168.4.250;ok ip daddr != 192.168.0.1-192.168.0.250;ok ip daddr { 192.168.0.1-192.168.0.250};ok -- ip daddr != { 192.168.0.1-192.168.0.250};ok +ip daddr != { 192.168.0.1-192.168.0.250};ok ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok -- ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok +ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok ip daddr 192.168.1.2-192.168.1.55;ok ip daddr != 192.168.1.2-192.168.1.55;ok diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload index fade387..5038628 100644 --- a/tests/py/ip/ip.t.payload +++ b/tests/py/ip/ip.t.payload @@ -31,6 +31,15 @@ ip test-ip4 input [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] +# ip dscp != {cs0, cs3} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000000 : 0 [end] element 00000060 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip length 232 ip test-ip4 input [ payload load 2b @ network header + 2 => reg 1 ] @@ -60,6 +69,14 @@ ip test-ip4 input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip length != { 333, 553, 673, 838} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip length { 333-535} __set%d test-ip4 7 __set%d test-ip4 0 @@ -68,6 +85,14 @@ ip test-ip4 input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip length != { 333-535} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip id 22 ip test-ip4 input [ payload load 2b @ network header + 4 => reg 1 ] @@ -97,6 +122,14 @@ ip test-ip4 input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip id != { 33, 55, 67, 88} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip id { 33-55} __set%d test-ip4 7 __set%d test-ip4 0 @@ -105,6 +138,14 @@ ip test-ip4 input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip id != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip frag-off 222 accept ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] @@ -135,6 +176,14 @@ ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip frag-off != { 33, 55, 67, 88} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip frag-off { 33-55} __set%d test-ip4 7 __set%d test-ip4 0 @@ -143,6 +192,14 @@ ip test-ip4 input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip frag-off != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip ttl 0 drop ip test-ip4 input [ payload load 1b @ network header + 8 => reg 1 ] @@ -173,6 +230,14 @@ ip test-ip4 input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip ttl != {43, 53, 45 } +__set%d test-ip4 3 +__set%d test-ip4 0 + element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip ttl { 33-55} __set%d test-ip4 7 __set%d test-ip4 0 @@ -181,6 +246,14 @@ ip test-ip4 input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip ttl != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip protocol tcp ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -200,6 +273,15 @@ ip test-ip4 input [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +ip test-ip4 input + [ payload load 1b @ network header + 9 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # ip protocol 255 ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] @@ -240,6 +322,14 @@ ip test-ip4 input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip checksum != { 33, 55, 67, 88} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip checksum { 33-55} __set%d test-ip4 7 __set%d test-ip4 0 @@ -248,6 +338,14 @@ ip test-ip4 input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip checksum != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +ip test-ip4 input + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip saddr 192.168.2.0/24 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] @@ -312,6 +410,14 @@ ip test-ip4 input [ payload load 4b @ network header + 16 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip daddr != { 192.168.0.1-192.168.0.250} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-ip4 3 __set%d test-ip4 0 @@ -321,6 +427,15 @@ ip test-ip4 input [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept +__set%d test-ip4 3 +__set%d test-ip4 0 + element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] +ip test-ip4 input + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # ip daddr 192.168.1.2-192.168.1.55 ip test-ip4 input [ payload load 4b @ network header + 16 => reg 1 ] diff --git a/tests/py/ip/ip.t.payload.inet b/tests/py/ip/ip.t.payload.inet index c9469d3..e658a0f 100644 --- a/tests/py/ip/ip.t.payload.inet +++ b/tests/py/ip/ip.t.payload.inet @@ -41,6 +41,17 @@ inet test-inet input [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] +# ip dscp != {cs0, cs3} +__set%d test-inet 3 +__set%d test-inet 0 + element 00000000 : 0 [end] element 00000060 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip length 232 inet test-inet input [ meta load nfproto => reg 1 ] @@ -80,6 +91,16 @@ inet test-inet input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip length != { 333, 553, 673, 838} +__set%d test-inet 3 +__set%d test-inet 0 + element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip length { 333-535} __set%d test-inet 7 __set%d test-inet 0 @@ -90,6 +111,16 @@ inet test-inet input [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip length != { 333-535} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip id 22 inet test-inet input [ meta load nfproto => reg 1 ] @@ -129,6 +160,16 @@ inet test-inet input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip id != { 33, 55, 67, 88} +__set%d test-inet 3 +__set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip id { 33-55} __set%d test-inet 7 __set%d test-inet 0 @@ -139,6 +180,16 @@ inet test-inet input [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip id != { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip frag-off 222 accept inet test-inet input [ meta load nfproto => reg 1 ] @@ -179,6 +230,16 @@ inet test-inet input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip frag-off != { 33, 55, 67, 88} +__set%d test-inet 3 +__set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip frag-off { 33-55} __set%d test-inet 7 __set%d test-inet 0 @@ -189,6 +250,16 @@ inet test-inet input [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip frag-off != { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip ttl 0 drop inet test-inet input [ meta load nfproto => reg 1 ] @@ -229,6 +300,16 @@ inet test-inet input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip ttl != {43, 53, 45 } +__set%d test-inet 3 +__set%d test-inet 0 + element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip ttl { 33-55} __set%d test-inet 7 __set%d test-inet 0 @@ -239,6 +320,16 @@ inet test-inet input [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip ttl != { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip protocol tcp inet test-inet input [ meta load nfproto => reg 1 ] @@ -264,6 +355,17 @@ inet test-inet input [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +__set%d test-inet 3 +__set%d test-inet 0 + element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # ip protocol 255 ip test-ip4 input [ meta load nfproto => reg 1 ] @@ -318,6 +420,16 @@ inet test-inet input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip checksum != { 33, 55, 67, 88} +__set%d test-inet 3 +__set%d test-inet 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip checksum { 33-55} __set%d test-inet 7 __set%d test-inet 0 @@ -328,6 +440,16 @@ inet test-inet input [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip checksum != { 33-55} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip saddr 192.168.2.0/24 inet test-inet input [ meta load nfproto => reg 1 ] @@ -414,6 +536,16 @@ inet test-inet input [ payload load 4b @ network header + 16 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip daddr != { 192.168.0.1-192.168.0.250} +__set%d test-inet 7 +__set%d test-inet 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-inet 3 __set%d test-inet 0 @@ -425,6 +557,17 @@ inet test-inet input [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept +__set%d test-inet 3 +__set%d test-inet 0 + element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # ip daddr 192.168.1.2-192.168.1.55 inet test-inet input [ meta load nfproto => reg 1 ] diff --git a/tests/py/ip/ip.t.payload.netdev b/tests/py/ip/ip.t.payload.netdev index 6f2c174..6df41cb 100644 --- a/tests/py/ip/ip.t.payload.netdev +++ b/tests/py/ip/ip.t.payload.netdev @@ -37,6 +37,16 @@ netdev test-netdev ingress [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip length != { 333, 553, 673, 838} +__set%d test-netdev 3 +__set%d test-netdev 0 + element 00004d01 : 0 [end] element 00002902 : 0 [end] element 0000a102 : 0 [end] element 00004603 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip length { 333-535} __set%d test-netdev 7 __set%d test-netdev 0 @@ -47,6 +57,16 @@ netdev test-netdev ingress [ payload load 2b @ network header + 2 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip length != { 333-535} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00004d01 : 0 [end] element 00001802 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip id 22 netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -86,6 +106,16 @@ netdev test-netdev ingress [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip id != { 33, 55, 67, 88} +__set%d test-netdev 3 +__set%d test-netdev 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip id { 33-55} __set%d test-netdev 7 __set%d test-netdev 0 @@ -96,6 +126,16 @@ netdev test-netdev ingress [ payload load 2b @ network header + 4 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip id != { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 4 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip frag-off 222 accept netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -136,6 +176,16 @@ netdev test-netdev ingress [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip frag-off != { 33, 55, 67, 88} +__set%d test-netdev 3 +__set%d test-netdev 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip frag-off { 33-55} __set%d test-netdev 7 __set%d test-netdev 0 @@ -146,6 +196,16 @@ netdev test-netdev ingress [ payload load 2b @ network header + 6 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip frag-off != { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 6 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip ttl 0 drop netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -179,6 +239,16 @@ netdev test-netdev ingress [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip ttl != {43, 53, 45 } +__set%d test-netdev 3 +__set%d test-netdev 0 + element 0000002b : 0 [end] element 00000035 : 0 [end] element 0000002d : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip ttl { 33-55} __set%d test-netdev 7 __set%d test-netdev 0 @@ -189,6 +259,16 @@ netdev test-netdev ingress [ payload load 1b @ network header + 8 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip ttl != { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 8 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept __set%d test-netdev 3 __set%d test-netdev 0 @@ -200,6 +280,17 @@ netdev test-netdev ingress [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept +__set%d test-netdev 3 +__set%d test-netdev 0 + element 00000001 : 0 [end] element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # ip protocol 255 ip test-ip4 input [ meta load protocol => reg 1 ] @@ -254,6 +345,16 @@ netdev test-netdev ingress [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip checksum != { 33, 55, 67, 88} +__set%d test-netdev 3 +__set%d test-netdev 0 + element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip checksum { 33-55} __set%d test-netdev 7 __set%d test-netdev 0 @@ -264,6 +365,16 @@ netdev test-netdev ingress [ payload load 2b @ network header + 10 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip checksum != { 33-55} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 00002100 : 0 [end] element 00003800 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 2b @ network header + 10 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip saddr 192.168.2.0/24 netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -343,6 +454,16 @@ netdev test-netdev ingress [ payload load 4b @ network header + 16 => reg 1 ] [ lookup reg 1 set __set%d ] +# ip daddr != { 192.168.0.1-192.168.0.250} +__set%d test-netdev 7 +__set%d test-netdev 0 + element 00000000 : 1 [end] element 0100a8c0 : 0 [end] element fb00a8c0 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept __set%d test-netdev 3 __set%d test-netdev 0 @@ -354,6 +475,17 @@ netdev test-netdev ingress [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept +__set%d test-netdev 3 +__set%d test-netdev 0 + element 0105a8c0 : 0 [end] element 0205a8c0 : 0 [end] element 0305a8c0 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # ip daddr 192.168.1.2-192.168.1.55 netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -640,6 +772,17 @@ netdev test-netdev ingress [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] [ lookup reg 1 set __set%d ] +# ip dscp != {cs0, cs3} +__set%d test-netdev 3 +__set%d test-netdev 0 + element 00000000 : 0 [end] element 00000060 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] + [ lookup reg 1 set __set%d 0x1 ] + # iif "lo" ip daddr set 127.0.0.1 netdev test-netdev ingress [ meta load iif => reg 1 ] diff --git a/tests/py/ip/sets.t b/tests/py/ip/sets.t index ee17d99..4cca02b 100644 --- a/tests/py/ip/sets.t +++ b/tests/py/ip/sets.t @@ -29,8 +29,11 @@ ?set2 192.168.3.10 192.168.3.11;ok ip saddr @set1 drop;ok +ip saddr != @set1 drop;ok ip saddr @set2 drop;ok +ip saddr != @set2 drop;ok ip saddr @set33 drop;fail +ip saddr != @set33 drop;fail !set3 type ipv4_addr flags interval;ok ?set3 192.168.0.0/16;ok diff --git a/tests/py/ip/sets.t.payload.inet b/tests/py/ip/sets.t.payload.inet index f8e97cc..6d8d6bc 100644 --- a/tests/py/ip/sets.t.payload.inet +++ b/tests/py/ip/sets.t.payload.inet @@ -6,6 +6,14 @@ inet test-inet input [ lookup reg 1 set set1 ] [ immediate reg 0 drop ] +# ip saddr != @set1 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set1 0x1 ] + [ immediate reg 0 drop ] + # ip saddr @set2 drop inet test-inet input [ meta load nfproto => reg 1 ] @@ -14,3 +22,11 @@ inet test-inet input [ lookup reg 1 set set2 ] [ immediate reg 0 drop ] +# ip saddr != @set2 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set2 0x1 ] + [ immediate reg 0 drop ] + diff --git a/tests/py/ip/sets.t.payload.ip b/tests/py/ip/sets.t.payload.ip index ece63d0..858a5e1 100644 --- a/tests/py/ip/sets.t.payload.ip +++ b/tests/py/ip/sets.t.payload.ip @@ -4,9 +4,21 @@ ip test-ip4 input [ lookup reg 1 set set1 ] [ immediate reg 0 drop ] +# ip saddr != @set1 drop +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set1 0x1 ] + [ immediate reg 0 drop ] + # ip saddr @set2 drop ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] [ lookup reg 1 set set2 ] [ immediate reg 0 drop ] +# ip saddr != @set2 drop +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set2 0x1 ] + [ immediate reg 0 drop ] + diff --git a/tests/py/ip/sets.t.payload.netdev b/tests/py/ip/sets.t.payload.netdev index 0e91afb..87d54a0 100644 --- a/tests/py/ip/sets.t.payload.netdev +++ b/tests/py/ip/sets.t.payload.netdev @@ -6,6 +6,14 @@ netdev test-netdev ingress [ lookup reg 1 set set1 ] [ immediate reg 0 drop ] +# ip saddr != @set1 drop +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set1 0x1 ] + [ immediate reg 0 drop ] + # ip saddr @set2 drop netdev test-netdev ingress [ meta load protocol => reg 1 ] @@ -14,3 +22,11 @@ netdev test-netdev ingress [ lookup reg 1 set set2 ] [ immediate reg 0 drop ] +# ip saddr != @set2 drop +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set2 0x1 ] + [ immediate reg 0 drop ] + diff --git a/tests/py/ip/snat.t b/tests/py/ip/snat.t index ec2df8c..7281bf5 100644 --- a/tests/py/ip/snat.t +++ b/tests/py/ip/snat.t @@ -5,9 +5,6 @@ iifname "eth0" tcp dport 80-90 snat to 192.168.3.2;ok iifname "eth0" tcp dport != 80-90 snat to 192.168.3.2;ok iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2;ok -- iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2;ok -# BUG: invalid expression type set -# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. +iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2;ok iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2;ok diff --git a/tests/py/ip/snat.t.payload b/tests/py/ip/snat.t.payload index 3d828a3..25a505c 100644 --- a/tests/py/ip/snat.t.payload +++ b/tests/py/ip/snat.t.payload @@ -35,6 +35,20 @@ ip test-ip4 postrouting [ immediate reg 1 0x0203a8c0 ] [ nat snat ip addr_min reg 1 addr_max reg 0 ] +# iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2 +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end] +ip test-ip4 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 1 0x0203a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 0 ] + # iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2 ip test-ip4 postrouting [ meta load iifname => reg 1 ] -- 2.11.0.rc2 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html