diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:08:37 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:08:37 +0000 |
| commit | 971e619d8602fa52b1bfcb3ea65b7ab96be85318 (patch) | |
| tree | 26feb2498c72b796e07b86349d17f544046de279 /tests/py/any/ct.t.json | |
| parent | Initial commit. (diff) | |
| download | nftables-971e619d8602fa52b1bfcb3ea65b7ab96be85318.tar.xz nftables-971e619d8602fa52b1bfcb3ea65b7ab96be85318.zip | |
Adding upstream version 1.0.9.upstream/1.0.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/py/any/ct.t.json')
| -rw-r--r-- | tests/py/any/ct.t.json | 1523 |
1 files changed, 1523 insertions, 0 deletions
diff --git a/tests/py/any/ct.t.json b/tests/py/any/ct.t.json new file mode 100644 index 0000000..a2a0602 --- /dev/null +++ b/tests/py/any/ct.t.json @@ -0,0 +1,1523 @@ +# ct state new,established, related, untracked +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "in", + "right": [ + "new", + "established", + "related", + "untracked" + ] + } + } +] + +# ct state != related +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "!=", + "right": "related" + } + } +] + +# ct state {new,established, related, untracked} +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "in", + "right": { + "set": [ + "new", + "established", + "related", + "untracked" + ] + } + } + } +] + +# ct state != {new,established, related, untracked} +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "!=", + "right": { + "set": [ + "new", + "established", + "related", + "untracked" + ] + } + } + } +] + +# ct state invalid drop +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "in", + "right": "invalid" + } + }, + { + "drop": null + } +] + +# ct state established accept +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "in", + "right": "established" + } + }, + { + "accept": null + } +] + +# ct state 8 +[ + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "in", + "right": 8 + } + } +] + +# ct direction original +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "op": "==", + "right": "original" + } + } +] + +# ct direction != original +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "op": "!=", + "right": "original" + } + } +] + +# ct direction reply +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "op": "==", + "right": "reply" + } + } +] + +# ct direction != reply +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "op": "!=", + "right": "reply" + } + } +] + +# ct direction {reply, original} +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "op": "in", + "right": { + "set": [ + "reply", + "original" + ] + } + } + } +] + +# ct direction != {reply, original} +[ + { + "match": { + "left": { + "ct": { + "key": "direction" + } + }, + "op": "!=", + "right": { + "set": [ + "reply", + "original" + ] + } + } + } +] + +# ct status expected +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "in", + "right": "expected" + } + } +] + +# ct status != expected +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "!=", + "right": "expected" + } + } +] + +# ct status seen-reply +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "in", + "right": "seen-reply" + } + } +] + +# ct status != seen-reply +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "!=", + "right": "seen-reply" + } + } +] + +# ct status {expected, seen-reply, assured, confirmed, dying} +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "==", + "right": { + "set": [ + "expected", + "seen-reply", + "assured", + "confirmed", + "dying" + ] + } + } + } +] + +# ct status != {expected, seen-reply, assured, confirmed, dying} +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "!=", + "right": { + "set": [ + "expected", + "seen-reply", + "assured", + "confirmed", + "dying" + ] + } + } + } +] + +# ct status expected,seen-reply,assured,confirmed,snat,dnat,dying +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "in", + "right": [ + "expected", + "seen-reply", + "assured", + "confirmed", + "snat", + "dnat", + "dying" + ] + } + } +] + +# ct status snat +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "in", + "right": "snat" + } + } +] + +# ct status dnat +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "in", + "right": "dnat" + } + } +] + +# ct status ! dnat +[ + { + "match": { + "left": { + "ct": { + "key": "status" + } + }, + "op": "!", + "right": "dnat" + } + } +] + +# ct mark 0 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "==", + "right": 0 + } + } +] + +# ct mark or 0x23 == 0x11 +[ + { + "match": { + "left": { + "|": [ + { + "ct": { + "key": "mark" + } + }, + "0x23" + ] + }, + "op": "==", + "right": "0x11" + } + } +] + +# ct mark or 0x3 != 0x1 +[ + { + "match": { + "left": { + "|": [ + { + "ct": { + "key": "mark" + } + }, + "0x3" + ] + }, + "op": "!=", + "right": "0x1" + } + } +] + +# ct mark and 0x23 == 0x11 +[ + { + "match": { + "left": { + "&": [ + { + "ct": { + "key": "mark" + } + }, + "0x23" + ] + }, + "op": "==", + "right": "0x11" + } + } +] + +# ct mark and 0x3 != 0x1 +[ + { + "match": { + "left": { + "&": [ + { + "ct": { + "key": "mark" + } + }, + "0x3" + ] + }, + "op": "!=", + "right": "0x1" + } + } +] + +# ct mark xor 0x23 == 0x11 +[ + { + "match": { + "left": { + "^": [ + { + "ct": { + "key": "mark" + } + }, + "0x23" + ] + }, + "op": "==", + "right": "0x11" + } + } +] + +# ct mark xor 0x3 != 0x1 +[ + { + "match": { + "left": { + "^": [ + { + "ct": { + "key": "mark" + } + }, + "0x3" + ] + }, + "op": "!=", + "right": "0x1" + } + } +] + +# ct mark set ct mark or 0x00000001 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "ct": { + "key": "mark" + } + }, + 1 + ] + } + } + } +] + +# ct mark 0x00000032 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "==", + "right": "0x00000032" + } + } +] + +# ct mark != 0x00000032 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "!=", + "right": "0x00000032" + } + } +] + +# ct mark 0x00000032-0x00000045 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "==", + "right": { + "range": [ "0x00000032", "0x00000045" ] + } + } + } +] + +# ct mark != 0x00000032-0x00000045 +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "!=", + "right": { + "range": [ "0x00000032", "0x00000045" ] + } + } + } +] + +# ct mark {0x32, 0x2222, 0x42de3} +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "in", + "right": { + "set": [ + "0x32", + "0x2222", + "0x42de3" + ] + } + } + } +] + +# ct mark {0x32-0x2222, 0x4444-0x42de3} +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "in", + "right": { + "set": [ + { + "range": [ "0x32", "0x2222" ] + }, + { + "range": [ "0x4444", "0x42de3" ] + } + ] + } + } + } +] + +# ct mark != {0x32, 0x2222, 0x42de3} +[ + { + "match": { + "left": { + "ct": { + "key": "mark" + } + }, + "op": "!=", + "right": { + "set": [ + "0x32", + "0x2222", + "0x42de3" + ] + } + } + } +] + +# ct mark set 0x11 xor 0x1331 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { "^": [ "0x11", "0x1331" ] } + } + } +] + +# ct mark set 0x11333 and 0x11 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { "&": [ "0x11333", "0x11" ] } + } + } +] + +# ct mark set 0x12 or 0x11 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { "|": [ "0x12", "0x11" ] } + } + } +] + +# ct mark set 0x11 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": "0x11" + } + } +] + +# ct mark set mark +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "meta": { "key": "mark" } + } + } + } +] + +# ct mark set (meta mark | 0x10) << 8 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "<<": [ + { + "|": [ + { + "meta": { + "key": "mark" + } + }, + 16 + ] + }, + 8 + ] + } + } + } +] + +# ct mark set mark map { 1 : 10, 2 : 20, 3 : 30 } +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "map": { + "key": { + "meta": { "key": "mark" } + }, + "data": { + "set": [ + [ 1, 10 ], + [ 2, 20 ], + [ 3, 30 ] + ] + } + } + } + } + } +] + +# ct expiration 30s +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "==", + "right": "30s" + } + } +] + +# ct expiration 30000ms +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "==", + "right": "30000ms" + } + } +] + +# ct expiration 1m-1h +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "==", + "right": { + "range": [ "1m", "1h" ] + } + } + } +] + +# ct expiration > 4d23h59m59s +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": ">", + "right": "4d23h59m59s" + } + } +] + +# ct expiration != 233 +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "!=", + "right": 233 + } + } +] + +# ct expiration 33-45 +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "==", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ct expiration != 33-45 +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "!=", + "right": { + "range": [ 33, 45 ] + } + } + } +] + +# ct expiration {33, 55, 67, 88} +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "==", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ct expiration != {33, 55, 67, 88} +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "!=", + "right": { + "set": [ + 33, + 55, + 67, + 88 + ] + } + } + } +] + +# ct expiration {33-55, 66-88} +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] }, + { "range": [ 66, 88 ] } + ] + } + } + } +] + +# ct expiration != {33-55, 66-88} +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] }, + { "range": [ 66, 88 ] } + ] + } + } + } +] + +# ct helper "ftp" +[ + { + "match": { + "left": { + "ct": { + "key": "helper" + } + }, + "op": "==", + "right": "ftp" + } + } +] + +# ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634} +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "key": "state" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { "concat": [ "new", "0x12345678" ] }, + { "concat": [ "new", "0x34127856" ] }, + { "concat": [ "established", "0x12785634" ] } + ] + } + } + } +] + +# ct direction . ct mark { original . 0x12345678, reply . 0x87654321} +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "key": "direction" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "original", + "0x12345678" + ] + }, + { + "concat": [ + "reply", + "0x87654321" + ] + } + ] + } + } + } +] + +# ct state . ct mark vmap { new . 0x12345678 : drop, established . 0x87654321 : accept} +[ + { + "vmap": { + "key": { + "concat": [ + { + "ct": { + "key": "state" + } + }, + { + "ct": { + "key": "mark" + } + } + ] + }, + "data": { + "set": [ + [ + { + "concat": [ + "new", + "0x12345678" + ] + }, + { + "drop": null + } + ], + [ + { + "concat": [ + "established", + "0x87654321" + ] + }, + { + "accept": null + } + ] + ] + } + } + } +] + +# ct original bytes > 100000 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "bytes" + } + }, + "op": ">", + "right": 100000 + } + } +] + +# ct reply packets < 100 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "packets" + } + }, + "op": "<", + "right": 100 + } + } +] + +# ct bytes > 100000 +[ + { + "match": { + "left": { + "ct": { + "key": "bytes" + } + }, + "op": ">", + "right": 100000 + } + } +] + +# ct avgpkt > 200 +[ + { + "match": { + "left": { + "ct": { + "key": "avgpkt" + } + }, + "op": ">", + "right": 200 + } + } +] + +# ct original avgpkt < 500 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "avgpkt" + } + }, + "op": "<", + "right": 500 + } + } +] + +# ct event set new +[ + { + "mangle": { + "key": { + "ct": { + "key": "event" + } + }, + "value": "new" + } + } +] + +# ct event set new | related | destroy | label +[ + { + "mangle": { + "key": { + "ct": { + "key": "event" + } + }, + "value": [ + "new", + "related", + "destroy", + "label" + ] + } + } +] + +# ct event set new,related,destroy,label +[ + { + "mangle": { + "key": { + "ct": { + "key": "event" + } + }, + "value": [ + "new", + "related", + "destroy", + "label" + ] + } + } +] + +# ct event set new,destroy +[ + { + "mangle": { + "key": { + "ct": { + "key": "event" + } + }, + "value": [ + "new", + "destroy" + ] + } + } +] + +# ct event set 1 +[ + { + "mangle": { + "key": { + "ct": { + "key": "event" + } + }, + "value": 1 + } + } +] + +# ct event set 0x0 +[ + { + "mangle": { + "key": { + "ct": { + "key": "event" + } + }, + "value": "0x0" + } + } +] + +# ct label 127 +[ + { + "match": { + "left": { + "ct": { + "key": "label" + } + }, + "op": "in", + "right": 127 + } + } +] + +# ct label set 127 +[ + { + "mangle": { + "key": { + "ct": { + "key": "label" + } + }, + "value": 127 + } + } +] + +# ct zone 0 +[ + { + "match": { + "left": { + "ct": { + "key": "zone" + } + }, + "op": "==", + "right": 0 + } + } +] + +# ct zone 23 +[ + { + "match": { + "left": { + "ct": { + "key": "zone" + } + }, + "op": "==", + "right": 23 + } + } +] + +# ct original zone 1 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "zone" + } + }, + "op": "==", + "right": 1 + } + } +] + +# ct reply zone 1 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "zone" + } + }, + "op": "==", + "right": 1 + } + } +] + +# ct zone set 1 +[ + { + "mangle": { + "key": { + "ct": { + "key": "zone" + } + }, + "value": 1 + } + } +] + +# ct original zone set 1 +[ + { + "mangle": { + "key": { + "ct": { + "dir": "original", + "key": "zone" + } + }, + "value": 1 + } + } +] + +# ct reply zone set 1 +[ + { + "mangle": { + "key": { + "ct": { + "dir": "reply", + "key": "zone" + } + }, + "value": 1 + } + } +] + +# ct id 12345 +[ + { + "match": { + "left": { + "ct": { + "key": "id" + } + }, + "op": "==", + "right": 12345 + } + } +] + +# ct zone set mark map { 1 : 1, 2 : 2 } +[ + { + "mangle": { + "key": { + "ct": { + "key": "zone" + } + }, + "value": { + "map": { + "key": { + "meta": { "key": "mark" } + }, + "data": { + "set": [ + [ 1, 1 ], + [ 2, 2 ] + ] + } + } + } + } + } +] + +# notrack +[ + { + "notrack": null + } +] + +# ct count 3 +[ + { + "ct count": { + "val": 3 + } + } +] + +# ct count over 3 +[ + { + "ct count": { + "inv": true, + "val": 3 + } + } +] + |