diff options
Diffstat (limited to '')
| -rw-r--r-- | tests/py/ip/ct.t | 36 | ||||
| -rw-r--r-- | tests/py/ip/ct.t.json | 481 | ||||
| -rw-r--r-- | tests/py/ip/ct.t.json.output | 27 | ||||
| -rw-r--r-- | tests/py/ip/ct.t.payload | 136 |
4 files changed, 680 insertions, 0 deletions
diff --git a/tests/py/ip/ct.t b/tests/py/ip/ct.t new file mode 100644 index 0000000..a0a2228 --- /dev/null +++ b/tests/py/ip/ct.t @@ -0,0 +1,36 @@ +:output;type filter hook output priority 0 + +*ip;test-ip4;output + +ct original ip saddr 192.168.0.1;ok +ct reply ip saddr 192.168.0.1;ok +ct original ip daddr 192.168.0.1;ok +ct reply ip daddr 192.168.0.1;ok + +# same, but with a netmask +ct original ip saddr 192.168.1.0/24;ok +ct reply ip saddr 192.168.1.0/24;ok +ct original ip daddr 192.168.1.0/24;ok +ct reply ip daddr 192.168.1.0/24;ok + +ct l3proto ipv4;ok +ct l3proto foobar;fail + +ct protocol 6 ct original proto-dst 22;ok +ct original protocol 17 ct reply proto-src 53;ok;ct protocol 17 ct reply proto-src 53 + +# wrong address family +ct reply ip daddr dead::beef;fail + +meta mark set ct original daddr map { 1.1.1.1 : 0x00000011 };fail +meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 };ok +meta mark set ct original saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e };fail +meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e };ok +ct original saddr . meta mark { 1.1.1.1 . 0x00000014 };fail +ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 };ok +ct mark set ip dscp << 2 | 0x10;ok +ct mark set ip dscp << 26 | 0x10;ok +ct mark set ip dscp & 0x0f << 1;ok;ct mark set ip dscp & af33 +ct mark set ip dscp & 0x0f << 2;ok;ct mark set ip dscp & 0x3c +ct mark set ip dscp | 0x04;ok +ct mark set ip dscp | 1 << 20;ok;ct mark set ip dscp | 0x100000 diff --git a/tests/py/ip/ct.t.json b/tests/py/ip/ct.t.json new file mode 100644 index 0000000..915632a --- /dev/null +++ b/tests/py/ip/ct.t.json @@ -0,0 +1,481 @@ +# ct original ip saddr 192.168.0.1 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "ip saddr" + } + }, + "op": "==", + "right": "192.168.0.1" + } + } +] + +# ct reply ip saddr 192.168.0.1 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "ip saddr" + } + }, + "op": "==", + "right": "192.168.0.1" + } + } +] + +# ct original ip daddr 192.168.0.1 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "ip daddr" + } + }, + "op": "==", + "right": "192.168.0.1" + } + } +] + +# ct reply ip daddr 192.168.0.1 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "ip daddr" + } + }, + "op": "==", + "right": "192.168.0.1" + } + } +] + +# ct original ip saddr 192.168.1.0/24 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "ip saddr" + } + }, + "op": "==", + "right": { + "prefix": { + "addr": "192.168.1.0", + "len": 24 + } + } + } + } +] + +# ct reply ip saddr 192.168.1.0/24 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "ip saddr" + } + }, + "op": "==", + "right": { + "prefix": { + "addr": "192.168.1.0", + "len": 24 + } + } + } + } +] + +# ct original ip daddr 192.168.1.0/24 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "ip daddr" + } + }, + "op": "==", + "right": { + "prefix": { + "addr": "192.168.1.0", + "len": 24 + } + } + } + } +] + +# ct reply ip daddr 192.168.1.0/24 +[ + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "ip daddr" + } + }, + "op": "==", + "right": { + "prefix": { + "addr": "192.168.1.0", + "len": 24 + } + } + } + } +] + +# ct l3proto ipv4 +[ + { + "match": { + "left": { + "ct": { + "key": "l3proto" + } + }, + "op": "==", + "right": "ipv4" + } + } +] + +# ct protocol 6 ct original proto-dst 22 +[ + { + "match": { + "left": { + "ct": { + "key": "protocol" + } + }, + "op": "==", + "right": 6 + } + }, + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "proto-dst" + } + }, + "op": "==", + "right": 22 + } + } +] + +# ct original protocol 17 ct reply proto-src 53 +[ + { + "match": { + "left": { + "ct": { + "dir": "original", + "key": "protocol" + } + }, + "op": "==", + "right": 17 + } + }, + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "proto-src" + } + }, + "op": "==", + "right": 53 + } + } +] + +# meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 } +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": { + "set": [ + [ + "1.1.1.1", + 17 + ] + ] + }, + "key": { + "ct": { + "dir": "original", + "key": "ip daddr" + } + } + } + } + } + } +] + +# meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e } +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + "1.1.1.1", + 20 + ] + }, + 30 + ] + ] + }, + "key": { + "concat": [ + { + "ct": { + "dir": "original", + "key": "ip saddr" + } + }, + { + "meta": { + "key": "mark" + } + } + ] + } + } + } + } + } +] + +# ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 } +[ + { + "match": { + "left": { + "concat": [ + { + "ct": { + "dir": "original", + "key": "ip saddr" + } + }, + { + "meta": { + "key": "mark" + } + } + ] + }, + "op": "==", + "right": { + "set": [ + { + "concat": [ + "1.1.1.1", + 20 + ] + } + ] + } + } + } +] + +# ct mark set ip dscp << 2 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 2 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip dscp << 26 | 0x10 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "<<": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 26 + ] + }, + 16 + ] + } + } + } +] + +# ct mark set ip dscp & 0x0f << 1 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "&": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + "af33" + ] + } + } + } +] + +# ct mark set ip dscp & 0x0f << 2 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "&": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 60 + ] + } + } + } +] + +# ct mark set ip dscp | 0x04 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 4 + ] + } + } + } +] + +# ct mark set ip dscp | 1 << 20 +[ + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": { + "|": [ + { + "payload": { + "field": "dscp", + "protocol": "ip" + } + }, + 1048576 + ] + } + } + } +] diff --git a/tests/py/ip/ct.t.json.output b/tests/py/ip/ct.t.json.output new file mode 100644 index 0000000..cf4abae --- /dev/null +++ b/tests/py/ip/ct.t.json.output @@ -0,0 +1,27 @@ +# ct original protocol 17 ct reply proto-src 53 +[ + { + "match": { + "left": { + "ct": { + "key": "protocol" + } + }, + "op": "==", + "right": 17 + } + }, + { + "match": { + "left": { + "ct": { + "dir": "reply", + "key": "proto-src" + } + }, + "op": "==", + "right": 53 + } + } +] + diff --git a/tests/py/ip/ct.t.payload b/tests/py/ip/ct.t.payload new file mode 100644 index 0000000..692011d --- /dev/null +++ b/tests/py/ip/ct.t.payload @@ -0,0 +1,136 @@ +# ct original ip saddr 192.168.0.1 +ip test-ip4 output + [ ct load src_ip => reg 1 , dir original ] + [ cmp eq reg 1 0x0100a8c0 ] + +# ct reply ip saddr 192.168.0.1 +ip test-ip4 output + [ ct load src_ip => reg 1 , dir reply ] + [ cmp eq reg 1 0x0100a8c0 ] + +# ct original ip daddr 192.168.0.1 +ip test-ip4 output + [ ct load dst_ip => reg 1 , dir original ] + [ cmp eq reg 1 0x0100a8c0 ] + +# ct reply ip daddr 192.168.0.1 +ip test-ip4 output + [ ct load dst_ip => reg 1 , dir reply ] + [ cmp eq reg 1 0x0100a8c0 ] + +# ct original ip saddr 192.168.1.0/24 +ip test-ip4 output + [ ct load src_ip => reg 1 , dir original ] + [ cmp eq reg 1 0x0001a8c0 ] + +# ct reply ip saddr 192.168.1.0/24 +ip test-ip4 output + [ ct load src_ip => reg 1 , dir reply ] + [ cmp eq reg 1 0x0001a8c0 ] + +# ct original ip daddr 192.168.1.0/24 +ip test-ip4 output + [ ct load dst_ip => reg 1 , dir original ] + [ cmp eq reg 1 0x0001a8c0 ] + +# ct reply ip daddr 192.168.1.0/24 +ip test-ip4 output + [ ct load dst_ip => reg 1 , dir reply ] + [ cmp eq reg 1 0x0001a8c0 ] + +# ct l3proto ipv4 +ip test-ip4 output + [ ct load l3protocol => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + +# ct protocol 6 ct original proto-dst 22 +ip test-ip4 output + [ ct load protocol => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ ct load proto_dst => reg 1 , dir original ] + [ cmp eq reg 1 0x00001600 ] + +# ct original protocol 17 ct reply proto-src 53 +ip test-ip4 output + [ ct load protocol => reg 1 , dir original ] + [ cmp eq reg 1 0x00000011 ] + [ ct load proto_src => reg 1 , dir reply ] + [ cmp eq reg 1 0x00003500 ] + +# meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 : 00000011 0 [end] +ip + [ ct load dst_ip => reg 1 , dir original ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 00000014 : 0000001e 0 [end] +ip + [ ct load src_ip => reg 1 , dir original ] + [ meta load mark => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 } +__set%d test-ip4 3 +__set%d test-ip4 0 + element 01010101 00000014 : 0 [end] +ip + [ ct load src_ip => reg 1 , dir original ] + [ meta load mark => reg 9 ] + [ lookup reg 1 set __set%d ] + +# ct mark set ip dscp << 2 | 0x10 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp << 26 | 0x10 +ip + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] + [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp & 0x0f << 1 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000001e ) ^ 0x00000000 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp & 0x0f << 2 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0x0000003c ) ^ 0x00000000 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp | 0x04 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffb ) ^ 0x00000004 ] + [ ct set mark with reg 1 ] + +# ct mark set ip dscp | 1 << 20 +ip test-ip4 output + [ payload load 1b @ network header + 1 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] + [ bitwise reg 1 = ( reg 1 & 0xffefffff ) ^ 0x00100000 ] + [ ct set mark with reg 1 ] |