diff options
Diffstat (limited to '')
| -rw-r--r-- | tests/py/ip/ether.t | 8 | ||||
| -rw-r--r-- | tests/py/ip/ether.t.json | 163 | ||||
| -rw-r--r-- | tests/py/ip/ether.t.json.output | 43 | ||||
| -rw-r--r-- | tests/py/ip/ether.t.payload | 50 |
4 files changed, 264 insertions, 0 deletions
diff --git a/tests/py/ip/ether.t b/tests/py/ip/ether.t new file mode 100644 index 0000000..e1d302c --- /dev/null +++ b/tests/py/ip/ether.t @@ -0,0 +1,8 @@ +:input;type filter hook input priority 0 + +*ip;test-ip;input + +tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 accept +tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04;ok +tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok +ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok diff --git a/tests/py/ip/ether.t.json b/tests/py/ip/ether.t.json new file mode 100644 index 0000000..355c7fc --- /dev/null +++ b/tests/py/ip/ether.t.json @@ -0,0 +1,163 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 22 + } + }, + { + "match": { + "left": { + "meta": { "key": "iiftype" } + }, + "op": "==", + "right": "ether" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + "op": "==", + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + "op": "==", + "right": "00:0f:54:0c:11:04" + } + } +] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + "op": "==", + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + } +] + +# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + "op": "==", + "right": "00:0f:54:0c:11:04" + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + }, + { + "accept": null + } +] + diff --git a/tests/py/ip/ether.t.json.output b/tests/py/ip/ether.t.json.output new file mode 100644 index 0000000..1e5dd50 --- /dev/null +++ b/tests/py/ip/ether.t.json.output @@ -0,0 +1,43 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 22 + } + }, + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "1.2.3.4" + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ether" + } + }, + "op": "==", + "right": "00:0f:54:0c:11:04" + } + }, + { + "accept": null + } +] + diff --git a/tests/py/ip/ether.t.payload b/tests/py/ip/ether.t.payload new file mode 100644 index 0000000..bd7c8f1 --- /dev/null +++ b/tests/py/ip/ether.t.payload @@ -0,0 +1,50 @@ +# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept +ip test-ip input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ immediate reg 0 accept ] + +# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 +ip test-ip input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + +# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 +ip test-ip input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + +# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept +ip test-ip input + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 6b @ link header + 6 => reg 1 ] + [ cmp eq reg 1 0x0c540f00 0x00000411 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ cmp eq reg 1 0x04030201 ] + [ immediate reg 0 accept ] + |