summaryrefslogtreecommitdiffstats
path: root/tests/py/ip/objects.t
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--tests/py/ip/objects.t58
-rw-r--r--tests/py/ip/objects.t.json229
-rw-r--r--tests/py/ip/objects.t.json.output64
-rw-r--r--tests/py/ip/objects.t.payload79
4 files changed, 430 insertions, 0 deletions
diff --git a/tests/py/ip/objects.t b/tests/py/ip/objects.t
new file mode 100644
index 0000000..4fcde7c
--- /dev/null
+++ b/tests/py/ip/objects.t
@@ -0,0 +1,58 @@
+:output;type filter hook output priority 0
+
+*ip;test-ip4;output
+
+# counter
+%cnt1 type counter;ok
+%cnt2 type counter;ok
+
+ip saddr 192.168.1.3 counter name "cnt2";ok
+ip saddr 192.168.1.3 counter name "cnt3";fail
+counter name tcp dport map {443 : "cnt1", 80 : "cnt2", 22 : "cnt1"};ok
+
+# quota
+%qt1 type quota 25 mbytes;ok
+%qt2 type quota over 1 kbytes;ok
+
+ip saddr 192.168.1.3 quota name "qt1";ok
+ip saddr 192.168.1.3 quota name "qt3";fail
+quota name tcp dport map {443 : "qt1", 80 : "qt2", 22 : "qt1"};ok
+
+# ct helper
+%cthelp1 type ct helper { type "ftp" protocol tcp; };ok
+%cthelp2 type ct helper { type "ftp" protocol tcp; l3proto ip6; };fail
+
+ct helper set "cthelp1";ok
+ct helper set tcp dport map {21 : "cthelp1", 2121 : "cthelp1" };ok
+
+# limit
+%lim1 type limit rate 400/minute;ok
+%lim2 type limit rate over 1024 bytes/second burst 512 bytes;ok
+
+ip saddr 192.168.1.3 limit name "lim1";ok
+ip saddr 192.168.1.3 limit name "lim3";fail
+limit name tcp dport map {443 : "lim1", 80 : "lim2", 22 : "lim1"};ok
+
+# ct timeout
+%cttime1 type ct timeout { protocol tcp; policy = { established:122 } ;};ok
+%cttime2 type ct timeout { protocol udp; policy = { syn_sent:122 } ;};fail
+%cttime3 type ct timeout { protocol tcp; policy = { established:132, close:16, close_wait:16 } ; l3proto ip ;};ok
+%cttime4 type ct timeout { protocol udp; policy = { replied:14, unreplied:19 } ;};ok
+%cttime5 type ct timeout {protocol tcp; policy = { estalbished:100 } ;};fail
+
+ct timeout set "cttime1";ok
+
+# ct expectation
+%ctexpect1 type ct expectation { protocol tcp; dport 1234; timeout 2m; size 12; };ok
+%ctexpect2 type ct expectation { protocol udp; };fail
+%ctexpect3 type ct expectation { protocol tcp; dport 4321; };fail
+%ctexpect4 type ct expectation { protocol tcp; dport 4321; timeout 2m; };fail
+%ctexpect5 type ct expectation { protocol udp; dport 9876; timeout 2m; size 12; l3proto ip; };ok
+
+ct expectation set "ctexpect1";ok
+
+# synproxy
+%synproxy1 type synproxy mss 1460 wscale 7;ok
+%synproxy2 type synproxy mss 1460 wscale 7 timestamp sack-perm;ok
+
+synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"};ok
diff --git a/tests/py/ip/objects.t.json b/tests/py/ip/objects.t.json
new file mode 100644
index 0000000..a70dd9e
--- /dev/null
+++ b/tests/py/ip/objects.t.json
@@ -0,0 +1,229 @@
+# ip saddr 192.168.1.3 counter name "cnt2"
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip"
+ }
+ },
+ "op": "==",
+ "right": "192.168.1.3"
+ }
+ },
+ {
+ "counter": "cnt2"
+ }
+]
+
+# counter name tcp dport map {443 : "cnt1", 80 : "cnt2", 22 : "cnt1"}
+[
+ {
+ "counter": {
+ "map": {
+ "key": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 443,
+ "cnt1"
+ ],
+ [
+ 80,
+ "cnt2"
+ ],
+ [
+ 22,
+ "cnt1"
+ ]
+ ]
+ }
+ }
+ }
+ }
+]
+
+# ip saddr 192.168.1.3 quota name "qt1"
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip"
+ }
+ },
+ "op": "==",
+ "right": "192.168.1.3"
+ }
+ },
+ {
+ "quota": "qt1"
+ }
+]
+
+# quota name tcp dport map {443 : "qt1", 80 : "qt2", 22 : "qt1"}
+[
+ {
+ "quota": {
+ "map": {
+ "key": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 443,
+ "qt1"
+ ],
+ [
+ 80,
+ "qt2"
+ ],
+ [
+ 22,
+ "qt1"
+ ]
+ ]
+ }
+ }
+ }
+ }
+]
+
+# ct helper set "cthelp1"
+[
+ {
+ "ct helper": "cthelp1"
+ }
+]
+
+# ct helper set tcp dport map {21 : "cthelp1", 2121 : "cthelp1" }
+[
+ {
+ "ct helper": {
+ "map": {
+ "key": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 21,
+ "cthelp1"
+ ],
+ [
+ 2121,
+ "cthelp1"
+ ]
+ ]
+ }
+ }
+ }
+ }
+]
+
+# ip saddr 192.168.1.3 limit name "lim1"
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip"
+ }
+ },
+ "op": "==",
+ "right": "192.168.1.3"
+ }
+ },
+ {
+ "limit": "lim1"
+ }
+]
+
+# limit name tcp dport map {443 : "lim1", 80 : "lim2", 22 : "lim1"}
+[
+ {
+ "limit": {
+ "map": {
+ "key": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 22,
+ "lim1"
+ ],
+ [
+ 80,
+ "lim2"
+ ],
+ [
+ 443,
+ "lim1"
+ ]
+ ]
+ }
+ }
+ }
+ }
+]
+
+# ct timeout set "cttime1"
+[
+ {
+ "ct timeout": "cttime1"
+ }
+]
+
+# ct expectation set "ctexpect1"
+[
+ {
+ "ct expectation": "ctexpect1"
+ }
+]
+
+# synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"}
+[
+ {
+ "synproxy": {
+ "map": {
+ "key": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 80,
+ "synproxy2"
+ ],
+ [
+ 443,
+ "synproxy1"
+ ]
+ ]
+ }
+ }
+ }
+ }
+]
diff --git a/tests/py/ip/objects.t.json.output b/tests/py/ip/objects.t.json.output
new file mode 100644
index 0000000..ade195d
--- /dev/null
+++ b/tests/py/ip/objects.t.json.output
@@ -0,0 +1,64 @@
+# counter name tcp dport map {443 : "cnt1", 80 : "cnt2", 22 : "cnt1"}
+[
+ {
+ "counter": {
+ "map": {
+ "key": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 22,
+ "cnt1"
+ ],
+ [
+ 80,
+ "cnt2"
+ ],
+ [
+ 443,
+ "cnt1"
+ ]
+ ]
+ }
+ }
+ }
+ }
+]
+
+# quota name tcp dport map {443 : "qt1", 80 : "qt2", 22 : "qt1"}
+[
+ {
+ "quota": {
+ "map": {
+ "key": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 22,
+ "qt1"
+ ],
+ [
+ 80,
+ "qt2"
+ ],
+ [
+ 443,
+ "qt1"
+ ]
+ ]
+ }
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip/objects.t.payload b/tests/py/ip/objects.t.payload
new file mode 100644
index 0000000..5252724
--- /dev/null
+++ b/tests/py/ip/objects.t.payload
@@ -0,0 +1,79 @@
+# ip saddr 192.168.1.3 counter name "cnt2"
+ip test-ip4 output
+ [ payload load 4b @ network header + 12 => reg 1 ]
+ [ cmp eq reg 1 0x0301a8c0 ]
+ [ objref type 1 name cnt2 ]
+
+# counter name tcp dport map {443 : "cnt1", 80 : "cnt2", 22 : "cnt1"}
+__objmap%d test-ip4 43
+__objmap%d test-ip4 0
+ element 0000bb01 : 0 [end] element 00005000 : 0 [end] element 00001600 : 0 [end]
+ip test-ip4 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ objref sreg 1 set __objmap%d ]
+
+# ip saddr 192.168.1.3 quota name "qt1"
+ip test-ip4 output
+ [ payload load 4b @ network header + 12 => reg 1 ]
+ [ cmp eq reg 1 0x0301a8c0 ]
+ [ objref type 2 name qt1 ]
+
+# quota name tcp dport map {443 : "qt1", 80 : "qt2", 22 : "qt1"}
+__objmap%d test-ip4 43
+__objmap%d test-ip4 0
+ element 0000bb01 : 0 [end] element 00005000 : 0 [end] element 00001600 : 0 [end]
+ip test-ip4 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ objref sreg 1 set __objmap%d ]
+
+# ct helper set "cthelp1"
+ip test-ip4 output
+ [ objref type 3 name cthelp1 ]
+
+# ct helper set tcp dport map {21 : "cthelp1", 2121 : "cthelp1" }
+__objmap%d test-ip4 43
+__objmap%d test-ip4 0
+ element 00001500 : 0 [end] element 00004908 : 0 [end]
+ip test-ip4 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ objref sreg 1 set __objmap%d ]
+
+# ip saddr 192.168.1.3 limit name "lim1"
+ip test-ip4 output
+ [ payload load 4b @ network header + 12 => reg 1 ]
+ [ cmp eq reg 1 0x0301a8c0 ]
+ [ objref type 4 name lim1 ]
+
+# limit name tcp dport map {443 : "lim1", 80 : "lim2", 22 : "lim1"}
+__objmap%d test-ip4 43 size 3
+__objmap%d test-ip4 0
+ element 0000bb01 : 0 [end] element 00005000 : 0 [end] element 00001600 : 0 [end]
+ip test-ip4 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ objref sreg 1 set __objmap%d ]
+
+# ct timeout set "cttime1"
+ip test-ip4 output
+ [ objref type 7 name cttime1 ]
+
+# ct expectation set "ctexpect1"
+ip test-ip4 output
+ [ objref type 9 name ctexpect1 ]
+
+# synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"}
+__objmap%d test-ip4 43 size 2
+__objmap%d test-ip4 0
+ element 0000bb01 : 0 [end] element 00005000 : 0 [end]
+ip test-ip4 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ objref sreg 1 set __objmap%d ]
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-17 01:26:10 +0000