summaryrefslogtreecommitdiffstats
path: root/tests/py/ip6
diff options
context:
space:
mode:
Diffstat (limited to 'tests/py/ip6')
-rw-r--r--tests/py/ip6/chains.t17
-rw-r--r--tests/py/ip6/ct.t9
-rw-r--r--tests/py/ip6/ct.t.json293
-rw-r--r--tests/py/ip6/ct.t.payload46
-rw-r--r--tests/py/ip6/dnat.t9
-rw-r--r--tests/py/ip6/dnat.t.json106
-rw-r--r--tests/py/ip6/dnat.t.payload.ip647
-rw-r--r--tests/py/ip6/dst.t21
-rw-r--r--tests/py/ip6/dst.t.json315
-rw-r--r--tests/py/ip6/dst.t.json.output88
-rw-r--r--tests/py/ip6/dst.t.payload.inet131
-rw-r--r--tests/py/ip6/dst.t.payload.ip699
-rw-r--r--tests/py/ip6/dup.t7
-rw-r--r--tests/py/ip6/dup.t.json46
-rw-r--r--tests/py/ip6/dup.t.payload21
-rw-r--r--tests/py/ip6/ether.t8
-rw-r--r--tests/py/ip6/ether.t.json163
-rw-r--r--tests/py/ip6/ether.t.json.output43
-rw-r--r--tests/py/ip6/ether.t.payload49
-rw-r--r--tests/py/ip6/exthdr.t19
-rw-r--r--tests/py/ip6/exthdr.t.json180
-rw-r--r--tests/py/ip6/exthdr.t.json.output60
-rw-r--r--tests/py/ip6/exthdr.t.payload.ip660
-rw-r--r--tests/py/ip6/flowtable.t6
-rw-r--r--tests/py/ip6/flowtable.t.json62
-rw-r--r--tests/py/ip6/flowtable.t.json.output62
-rw-r--r--tests/py/ip6/flowtable.t.payload16
-rw-r--r--tests/py/ip6/frag.t40
-rw-r--r--tests/py/ip6/frag.t.json644
-rw-r--r--tests/py/ip6/frag.t.json.output118
-rw-r--r--tests/py/ip6/frag.t.payload.inet232
-rw-r--r--tests/py/ip6/frag.t.payload.ip6176
-rw-r--r--tests/py/ip6/frag.t.payload.ip6.got43
-rw-r--r--tests/py/ip6/frag.t.payload.netdev232
-rw-r--r--tests/py/ip6/frag.t.payload.netdev.got232
-rw-r--r--tests/py/ip6/hbh.t22
-rw-r--r--tests/py/ip6/hbh.t.json316
-rw-r--r--tests/py/ip6/hbh.t.json.output68
-rw-r--r--tests/py/ip6/hbh.t.payload.inet132
-rw-r--r--tests/py/ip6/hbh.t.payload.ip6100
-rw-r--r--tests/py/ip6/icmpv6.t99
-rw-r--r--tests/py/ip6/icmpv6.t.json1425
-rw-r--r--tests/py/ip6/icmpv6.t.json.output760
-rw-r--r--tests/py/ip6/icmpv6.t.payload.ip6643
-rw-r--r--tests/py/ip6/ip6.t153
-rw-r--r--tests/py/ip6/ip6.t.json1559
-rw-r--r--tests/py/ip6/ip6.t.json.output374
-rw-r--r--tests/py/ip6/ip6.t.payload.inet641
-rw-r--r--tests/py/ip6/ip6.t.payload.ip6481
-rw-r--r--tests/py/ip6/map.t5
-rw-r--r--tests/py/ip6/map.t.json38
-rw-r--r--tests/py/ip6/map.t.json.output38
-rw-r--r--tests/py/ip6/map.t.payload10
-rw-r--r--tests/py/ip6/masquerade.t30
-rw-r--r--tests/py/ip6/masquerade.t.json423
-rw-r--r--tests/py/ip6/masquerade.t.json.output98
-rw-r--r--tests/py/ip6/masquerade.t.payload.ip6142
-rw-r--r--tests/py/ip6/meta.t19
-rw-r--r--tests/py/ip6/meta.t.json313
-rw-r--r--tests/py/ip6/meta.t.json.output64
-rw-r--r--tests/py/ip6/meta.t.payload82
-rw-r--r--tests/py/ip6/mh.t42
-rw-r--r--tests/py/ip6/mh.t.json640
-rw-r--r--tests/py/ip6/mh.t.json.output88
-rw-r--r--tests/py/ip6/mh.t.payload.inet267
-rw-r--r--tests/py/ip6/mh.t.payload.ip6201
-rw-r--r--tests/py/ip6/redirect.t49
-rw-r--r--tests/py/ip6/redirect.t.json589
-rw-r--r--tests/py/ip6/redirect.t.json.output146
-rw-r--r--tests/py/ip6/redirect.t.payload.ip6204
-rw-r--r--tests/py/ip6/reject.t16
-rw-r--r--tests/py/ip6/reject.t.json95
-rw-r--r--tests/py/ip6/reject.t.json.output28
-rw-r--r--tests/py/ip6/reject.t.payload.ip640
-rw-r--r--tests/py/ip6/rt.t38
-rw-r--r--tests/py/ip6/rt.t.json576
-rw-r--r--tests/py/ip6/rt.t.json.output88
-rw-r--r--tests/py/ip6/rt.t.payload.inet244
-rw-r--r--tests/py/ip6/rt.t.payload.ip6184
-rw-r--r--tests/py/ip6/rt0.t6
-rw-r--r--tests/py/ip6/rt0.t.json16
-rw-r--r--tests/py/ip6/rt0.t.payload5
-rw-r--r--tests/py/ip6/sets.t48
-rw-r--r--tests/py/ip6/sets.t.json150
-rw-r--r--tests/py/ip6/sets.t.json.got31
-rw-r--r--tests/py/ip6/sets.t.json.payload.got107
-rw-r--r--tests/py/ip6/sets.t.payload0
-rw-r--r--tests/py/ip6/sets.t.payload.inet49
-rw-r--r--tests/py/ip6/sets.t.payload.inet.got9
-rw-r--r--tests/py/ip6/sets.t.payload.ip638
-rw-r--r--tests/py/ip6/sets.t.payload.ip6.got7
-rw-r--r--tests/py/ip6/sets.t.payload.netdev50
-rw-r--r--tests/py/ip6/sets.t.payload.netdev.got9
-rw-r--r--tests/py/ip6/snat.t6
-rw-r--r--tests/py/ip6/snat.t.json54
-rw-r--r--tests/py/ip6/snat.t.payload.ip625
-rw-r--r--tests/py/ip6/srh.t22
-rw-r--r--tests/py/ip6/srh.t.json194
-rw-r--r--tests/py/ip6/srh.t.json.output22
-rw-r--r--tests/py/ip6/srh.t.payload64
-rw-r--r--tests/py/ip6/tproxy.t14
-rw-r--r--tests/py/ip6/tproxy.t.json125
-rw-r--r--tests/py/ip6/tproxy.t.json.output60
-rw-r--r--tests/py/ip6/tproxy.t.payload44
-rw-r--r--tests/py/ip6/vmap.t58
-rw-r--r--tests/py/ip6/vmap.t.json1037
-rw-r--r--tests/py/ip6/vmap.t.json.output336
-rw-r--r--tests/py/ip6/vmap.t.payload.inet420
-rw-r--r--tests/py/ip6/vmap.t.payload.ip6336
-rw-r--r--tests/py/ip6/vmap.t.payload.netdev420
110 files changed, 19032 insertions, 0 deletions
diff --git a/tests/py/ip6/chains.t b/tests/py/ip6/chains.t
new file mode 100644
index 0000000..e78f9e0
--- /dev/null
+++ b/tests/py/ip6/chains.t
@@ -0,0 +1,17 @@
+# filter chains available are: input, output, forward, forward, prerouting and postrouting.
+:filter-input;type filter hook input priority 0
+:filter-prer;type filter hook prerouting priority 0
+:filter-forw-t;type filter hook forward priority 0
+:filter-out-t;type filter hook output priority 0
+:filter-post-t;type filter hook postrouting priority 0
+
+# nat chains available are: input, output, forward, prerouting and postrouting.
+:nat-input;type nat hook input priority 0
+:nat-prerouting;type nat hook prerouting priority 0
+:nat-output;type nat hook output priority 0
+:nat-postrou;type nat hook postrouting priority 0
+
+# route chain available is output.
+:route-out;type route hook output priority 0
+
+*ip6;test-ip6;filter-input,filter-prer,filter-forw-t,filter-out-t,filter-post-t,nat-input,nat-prerouting,nat-output,nat-postrou,route-out
diff --git a/tests/py/ip6/ct.t b/tests/py/ip6/ct.t
new file mode 100644
index 0000000..c06fd6a
--- /dev/null
+++ b/tests/py/ip6/ct.t
@@ -0,0 +1,9 @@
+:output;type filter hook output priority 0
+
+*ip6;test-ip6;output
+
+ct mark set ip6 dscp << 2 | 0x10;ok
+ct mark set ip6 dscp << 26 | 0x10;ok
+ct mark set ip6 dscp | 0x04;ok
+ct mark set ip6 dscp | 0xff000000;ok
+ct mark set ip6 dscp & 0x0f << 2;ok;ct mark set ip6 dscp & 0x3c
diff --git a/tests/py/ip6/ct.t.json b/tests/py/ip6/ct.t.json
new file mode 100644
index 0000000..7d8c88b
--- /dev/null
+++ b/tests/py/ip6/ct.t.json
@@ -0,0 +1,293 @@
+# ct mark set ip6 dscp lshift 2 or 0x10
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "<<": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 2
+ ]
+ },
+ 16
+ ]
+ }
+ }
+ }
+]
+
+# ct mark set ip6 dscp lshift 26 or 0x10
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "<<": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 26
+ ]
+ },
+ 16
+ ]
+ }
+ }
+ }
+]
+
+# ct mark set ip6 dscp << 2 | 0x10
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "<<": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 2
+ ]
+ },
+ 16
+ ]
+ }
+ }
+ }
+]
+
+# ct mark set ip6 dscp << 26 | 0x10
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "<<": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 26
+ ]
+ },
+ 16
+ ]
+ }
+ }
+ }
+]
+
+# ct mark set ip6 dscp | 0x04
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 4
+ ]
+ }
+ }
+ }
+]
+
+# ct mark set ip6 dscp | 0xff000000
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 4278190080
+ ]
+ }
+ }
+ }
+]
+
+# ct mark set ip6 dscp << 2 | 0x10
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "<<": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 2
+ ]
+ },
+ 16
+ ]
+ }
+ }
+ }
+]
+
+# ct mark set ip6 dscp << 26 | 0x10
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "<<": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 26
+ ]
+ },
+ 16
+ ]
+ }
+ }
+ }
+]
+
+# ct mark set ip6 dscp | 0x04
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 4
+ ]
+ }
+ }
+ }
+]
+
+# ct mark set ip6 dscp | 0xff000000
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 4278190080
+ ]
+ }
+ }
+ }
+]
+
+# ct mark set ip6 dscp & 0x0f << 2
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "&": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 60
+ ]
+ }
+ }
+ }
+]
diff --git a/tests/py/ip6/ct.t.payload b/tests/py/ip6/ct.t.payload
new file mode 100644
index 0000000..944208f
--- /dev/null
+++ b/tests/py/ip6/ct.t.payload
@@ -0,0 +1,46 @@
+# ct mark set ip6 dscp << 2 | 0x10
+ip6 test-ip6 output
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
+ [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ]
+ [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ]
+ [ ct set mark with reg 1 ]
+
+# ct mark set ip6 dscp << 26 | 0x10
+ip6 test-ip6 output
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
+ [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ]
+ [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ]
+ [ ct set mark with reg 1 ]
+
+# ct mark set ip6 dscp | 0x04
+ip6 test-ip6 output
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
+ [ bitwise reg 1 = ( reg 1 & 0xfffffffb ) ^ 0x00000004 ]
+ [ ct set mark with reg 1 ]
+
+# ct mark set ip6 dscp | 0xff000000
+ip6 test-ip6 output
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffffff ) ^ 0xff000000 ]
+ [ ct set mark with reg 1 ]
+
+# ct mark set ip6 dscp & 0x0f << 2
+ip6 test-ip6 output
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000003c ) ^ 0x00000000 ]
+ [ ct set mark with reg 1 ]
diff --git a/tests/py/ip6/dnat.t b/tests/py/ip6/dnat.t
new file mode 100644
index 0000000..89d5a5f
--- /dev/null
+++ b/tests/py/ip6/dnat.t
@@ -0,0 +1,9 @@
+:prerouting;type nat hook prerouting priority 0
+
+*ip6;test-ip6;prerouting
+
+tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok
+tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok
+tcp dport 80-90 dnat to [2001:838:35f:1::]:80;ok
+dnat to [2001:838:35f:1::]/64;ok;dnat to 2001:838:35f:1::/64
+dnat to 2001:838:35f:1::-2001:838:35f:1:ffff:ffff:ffff:ffff;ok;dnat to 2001:838:35f:1::/64
diff --git a/tests/py/ip6/dnat.t.json b/tests/py/ip6/dnat.t.json
new file mode 100644
index 0000000..cbfdb68
--- /dev/null
+++ b/tests/py/ip6/dnat.t.json
@@ -0,0 +1,106 @@
+# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 80, 90 ]
+ }
+ }
+ },
+ {
+ "dnat": {
+ "addr": {
+ "range": [ "2001:838:35f:1::", "2001:838:35f:2::" ]
+ },
+ "port": {
+ "range": [ 80, 100 ]
+ }
+ }
+ }
+]
+
+# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 80, 90 ]
+ }
+ }
+ },
+ {
+ "dnat": {
+ "addr": {
+ "range": [ "2001:838:35f:1::", "2001:838:35f:2::" ]
+ },
+ "port": 100
+ }
+ }
+]
+
+# tcp dport 80-90 dnat to [2001:838:35f:1::]:80
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 80, 90 ]
+ }
+ }
+ },
+ {
+ "dnat": {
+ "addr": "2001:838:35f:1::",
+ "port": 80
+ }
+ }
+]
+
+# dnat to [2001:838:35f:1::]/64
+[
+ {
+ "dnat": {
+ "addr": {
+ "prefix": {
+ "addr": "2001:838:35f:1::",
+ "len": 64
+ }
+ }
+ }
+ }
+]
+
+# dnat to 2001:838:35f:1::-2001:838:35f:1:ffff:ffff:ffff:ffff
+[
+ {
+ "dnat": {
+ "addr": {
+ "prefix": {
+ "addr": "2001:838:35f:1::",
+ "len": 64
+ }
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/dnat.t.payload.ip6 b/tests/py/ip6/dnat.t.payload.ip6
new file mode 100644
index 0000000..004ffde
--- /dev/null
+++ b/tests/py/ip6/dnat.t.payload.ip6
@@ -0,0 +1,47 @@
+# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100
+ip6 test-ip6 prerouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ]
+ [ immediate reg 3 0x00005000 ]
+ [ immediate reg 4 0x00006400 ]
+ [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 flags 0x2 ]
+
+# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100
+ip6 test-ip6 prerouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ]
+ [ immediate reg 3 0x00006400 ]
+ [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 flags 0x2 ]
+
+# tcp dport 80-90 dnat to [2001:838:35f:1::]:80
+ip6 test-ip6 prerouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x00005000 ]
+ [ nat dnat ip6 addr_min reg 1 proto_min reg 2 flags 0x2 ]
+
+# dnat to [2001:838:35f:1::]/64
+ip6 test-ip6 prerouting
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x38080120 0x01005f03 0xffffffff 0xffffffff ]
+ [ nat dnat ip6 addr_min reg 1 addr_max reg 2 ]
+
+# dnat to 2001:838:35f:1::-2001:838:35f:1:ffff:ffff:ffff:ffff
+ip6 test-ip6 prerouting
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x38080120 0x01005f03 0xffffffff 0xffffffff ]
+ [ nat dnat ip6 addr_min reg 1 addr_max reg 2 ]
diff --git a/tests/py/ip6/dst.t b/tests/py/ip6/dst.t
new file mode 100644
index 0000000..cd1fd3b
--- /dev/null
+++ b/tests/py/ip6/dst.t
@@ -0,0 +1,21 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+*inet;test-inet;input
+
+dst nexthdr 22;ok
+dst nexthdr != 233;ok
+dst nexthdr 33-45;ok
+dst nexthdr != 33-45;ok
+dst nexthdr { 33, 55, 67, 88};ok
+dst nexthdr != { 33, 55, 67, 88};ok
+dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;dst nexthdr { 51, 50, 17, 136, 58, 6, 33, 132, 108}
+dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;dst nexthdr != { 51, 50, 17, 136, 58, 6, 33, 132, 108}
+dst nexthdr icmp;ok;dst nexthdr 1
+dst nexthdr != icmp;ok;dst nexthdr != 1
+
+dst hdrlength 22;ok
+dst hdrlength != 233;ok
+dst hdrlength 33-45;ok
+dst hdrlength != 33-45;ok
+dst hdrlength { 33, 55, 67, 88};ok
diff --git a/tests/py/ip6/dst.t.json b/tests/py/ip6/dst.t.json
new file mode 100644
index 0000000..e947a76
--- /dev/null
+++ b/tests/py/ip6/dst.t.json
@@ -0,0 +1,315 @@
+# dst nexthdr 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# dst nexthdr != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# dst nexthdr 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# dst nexthdr != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# dst nexthdr { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# dst nexthdr != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "udplite",
+ "ipcomp",
+ "udp",
+ "ah",
+ "sctp",
+ "esp",
+ "dccp",
+ "tcp",
+ "ipv6-icmp"
+ ]
+ }
+ }
+ }
+]
+
+# dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "udplite",
+ "ipcomp",
+ "udp",
+ "ah",
+ "sctp",
+ "esp",
+ "dccp",
+ "tcp",
+ "ipv6-icmp"
+ ]
+ }
+ }
+ }
+]
+
+# dst nexthdr icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": "icmp"
+ }
+ }
+]
+
+# dst nexthdr != icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "!=",
+ "right": "icmp"
+ }
+ }
+]
+
+# dst hdrlength 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# dst hdrlength != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "dst"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# dst hdrlength 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# dst hdrlength != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "dst"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# dst hdrlength { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# dst hdrlength != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "dst"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
diff --git a/tests/py/ip6/dst.t.json.output b/tests/py/ip6/dst.t.json.output
new file mode 100644
index 0000000..69d8f68
--- /dev/null
+++ b/tests/py/ip6/dst.t.json.output
@@ -0,0 +1,88 @@
+# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 6,
+ 17,
+ 33,
+ 50,
+ 51,
+ 58,
+ 108,
+ 132,
+ 136
+ ]
+ }
+ }
+ }
+]
+
+# dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 6,
+ 17,
+ 33,
+ 50,
+ 51,
+ 58,
+ 108,
+ 132,
+ 136
+ ]
+ }
+ }
+ }
+]
+
+# dst nexthdr icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# dst nexthdr != icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "dst"
+ }
+ },
+ "op": "!=",
+ "right": 1
+ }
+ }
+]
+
diff --git a/tests/py/ip6/dst.t.payload.inet b/tests/py/ip6/dst.t.payload.inet
new file mode 100644
index 0000000..90d6bda
--- /dev/null
+++ b/tests/py/ip6/dst.t.payload.inet
@@ -0,0 +1,131 @@
+# dst nexthdr 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# dst nexthdr != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# dst nexthdr 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# dst nexthdr != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# dst nexthdr { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# dst nexthdr != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# dst nexthdr icmp
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# dst nexthdr != icmp
+ip6 test-ip6 input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# dst hdrlength 22
+ip6 test-ip6 input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# dst hdrlength != 233
+ip6 test-ip6 input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# dst hdrlength 33-45
+ip6 test-ip6 input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# dst hdrlength != 33-45
+ip6 test-ip6 input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# dst hdrlength { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# dst hdrlength != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
diff --git a/tests/py/ip6/dst.t.payload.ip6 b/tests/py/ip6/dst.t.payload.ip6
new file mode 100644
index 0000000..941140d
--- /dev/null
+++ b/tests/py/ip6/dst.t.payload.ip6
@@ -0,0 +1,99 @@
+# dst nexthdr 22
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# dst nexthdr != 233
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# dst nexthdr 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# dst nexthdr != 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# dst nexthdr { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# dst nexthdr != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# dst nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# dst nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# dst nexthdr icmp
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# dst nexthdr != icmp
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# dst hdrlength 22
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# dst hdrlength != 233
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# dst hdrlength 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# dst hdrlength != 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# dst hdrlength { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# dst hdrlength != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
diff --git a/tests/py/ip6/dup.t b/tests/py/ip6/dup.t
new file mode 100644
index 0000000..72cc5d5
--- /dev/null
+++ b/tests/py/ip6/dup.t
@@ -0,0 +1,7 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+
+dup to abcd::1;ok
+dup to abcd::1 device "lo";ok
+dup to ip6 saddr map { abcd::1 : cafe::cafe } device "lo";ok
diff --git a/tests/py/ip6/dup.t.json b/tests/py/ip6/dup.t.json
new file mode 100644
index 0000000..8a9493b
--- /dev/null
+++ b/tests/py/ip6/dup.t.json
@@ -0,0 +1,46 @@
+# dup to abcd::1
+[
+ {
+ "dup": {
+ "addr": "abcd::1"
+ }
+ }
+]
+
+# dup to abcd::1 device "lo"
+[
+ {
+ "dup": {
+ "addr": "abcd::1",
+ "dev": "lo"
+ }
+ }
+]
+
+# dup to ip6 saddr map { abcd::1 : cafe::cafe } device "lo"
+[
+ {
+ "dup": {
+ "addr": {
+ "map": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "abcd::1",
+ "cafe::cafe"
+ ]
+ ]
+ }
+ }
+ },
+ "dev": "lo"
+ }
+ }
+]
+
diff --git a/tests/py/ip6/dup.t.payload b/tests/py/ip6/dup.t.payload
new file mode 100644
index 0000000..c441d4b
--- /dev/null
+++ b/tests/py/ip6/dup.t.payload
@@ -0,0 +1,21 @@
+# dup to abcd::1
+ip6 test test
+ [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ]
+ [ dup sreg_addr 1 ]
+
+# dup to abcd::1 device "lo"
+ip6 test test
+ [ immediate reg 1 0x0000cdab 0x00000000 0x00000000 0x01000000 ]
+ [ immediate reg 2 0x00000001 ]
+ [ dup sreg_addr 1 sreg_dev 2 ]
+
+# dup to ip6 saddr map { abcd::1 : cafe::cafe } device "lo"
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 0000cdab 00000000 00000000 01000000 : 0000feca 00000000 00000000 feca0000 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 1 ]
+ [ immediate reg 2 0x00000001 ]
+ [ dup sreg_addr 1 sreg_dev 2 ]
+
diff --git a/tests/py/ip6/ether.t b/tests/py/ip6/ether.t
new file mode 100644
index 0000000..49d7d06
--- /dev/null
+++ b/tests/py/ip6/ether.t
@@ -0,0 +1,8 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+
+tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept;ok;tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 accept
+tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04;ok
+tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2;ok
+ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept;ok
diff --git a/tests/py/ip6/ether.t.json b/tests/py/ip6/ether.t.json
new file mode 100644
index 0000000..5e4b43b
--- /dev/null
+++ b/tests/py/ip6/ether.t.json
@@ -0,0 +1,163 @@
+# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iiftype" }
+ },
+ "op": "==",
+ "right": "ether"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1::2"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ether"
+ }
+ },
+ "op": "==",
+ "right": "00:0f:54:0c:11:04"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1::2"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ether"
+ }
+ },
+ "op": "==",
+ "right": "00:0f:54:0c:11:04"
+ }
+ }
+]
+
+# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ether"
+ }
+ },
+ "op": "==",
+ "right": "00:0f:54:0c:11:04"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1::2"
+ }
+ }
+]
+
+# ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ether"
+ }
+ },
+ "op": "==",
+ "right": "00:0f:54:0c:11:04"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1::2"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
diff --git a/tests/py/ip6/ether.t.json.output b/tests/py/ip6/ether.t.json.output
new file mode 100644
index 0000000..7ace627
--- /dev/null
+++ b/tests/py/ip6/ether.t.json.output
@@ -0,0 +1,43 @@
+# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1::2"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ether"
+ }
+ },
+ "op": "==",
+ "right": "00:0f:54:0c:11:04"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
diff --git a/tests/py/ip6/ether.t.payload b/tests/py/ip6/ether.t.payload
new file mode 100644
index 0000000..592b4ea
--- /dev/null
+++ b/tests/py/ip6/ether.t.payload
@@ -0,0 +1,49 @@
+# tcp dport 22 iiftype ether ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:4 accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+ [ meta load iiftype => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ]
+ [ payload load 6b @ link header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0c540f00 0x00000411 ]
+ [ immediate reg 0 accept ]
+
+# tcp dport 22 ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ]
+ [ meta load iiftype => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 6b @ link header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0c540f00 0x00000411 ]
+
+# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+ [ meta load iiftype => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 6b @ link header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0c540f00 0x00000411 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ]
+
+# ether saddr 00:0f:54:0c:11:04 ip6 daddr 1::2 accept
+ip6 test-ip6 input
+ [ meta load iiftype => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 6b @ link header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x0c540f00 0x00000411 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00000100 0x00000000 0x00000000 0x02000000 ]
+ [ immediate reg 0 accept ]
diff --git a/tests/py/ip6/exthdr.t b/tests/py/ip6/exthdr.t
new file mode 100644
index 0000000..a6c2d2b
--- /dev/null
+++ b/tests/py/ip6/exthdr.t
@@ -0,0 +1,19 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+
+exthdr hbh exists;ok
+exthdr rt exists;ok
+exthdr frag exists;ok
+exthdr dst exists;ok
+exthdr mh exists;ok
+
+exthdr hbh missing;ok
+
+exthdr hbh == exists;ok;exthdr hbh exists
+exthdr hbh == missing;ok;exthdr hbh missing
+exthdr hbh != exists;ok
+exthdr hbh != missing;ok
+
+exthdr hbh 1;ok;exthdr hbh exists
+exthdr hbh 0;ok;exthdr hbh missing
diff --git a/tests/py/ip6/exthdr.t.json b/tests/py/ip6/exthdr.t.json
new file mode 100644
index 0000000..4ca77d6
--- /dev/null
+++ b/tests/py/ip6/exthdr.t.json
@@ -0,0 +1,180 @@
+# exthdr hbh exists
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": true
+ }
+ }
+]
+
+# exthdr rt exists
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": true
+ }
+ }
+]
+
+# exthdr frag exists
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": true
+ }
+ }
+]
+
+# exthdr dst exists
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "dst"
+ }
+ },
+ "op": "==",
+ "right": true
+ }
+ }
+]
+
+# exthdr mh exists
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": true
+ }
+ }
+]
+
+# exthdr hbh missing
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": false
+ }
+ }
+]
+
+# exthdr hbh == exists
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": true
+ }
+ }
+]
+
+# exthdr hbh == missing
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": false
+ }
+ }
+]
+
+# exthdr hbh != exists
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": true
+ }
+ }
+]
+
+# exthdr hbh != missing
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": false
+ }
+ }
+]
+
+# exthdr hbh 1
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# exthdr hbh 0
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": 0
+ }
+ }
+]
+
diff --git a/tests/py/ip6/exthdr.t.json.output b/tests/py/ip6/exthdr.t.json.output
new file mode 100644
index 0000000..c9f5b49
--- /dev/null
+++ b/tests/py/ip6/exthdr.t.json.output
@@ -0,0 +1,60 @@
+# exthdr hbh == exists
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": true
+ }
+ }
+]
+
+# exthdr hbh == missing
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": false
+ }
+ }
+]
+
+# exthdr hbh 1
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": true
+ }
+ }
+]
+
+# exthdr hbh 0
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": false
+ }
+ }
+]
+
diff --git a/tests/py/ip6/exthdr.t.payload.ip6 b/tests/py/ip6/exthdr.t.payload.ip6
new file mode 100644
index 0000000..be10d61
--- /dev/null
+++ b/tests/py/ip6/exthdr.t.payload.ip6
@@ -0,0 +1,60 @@
+# exthdr hbh exists
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 0 + 0 present => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# exthdr rt exists
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 present => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# exthdr frag exists
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 44 + 0 present => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# exthdr dst exists
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 60 + 0 present => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# exthdr mh exists
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 present => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# exthdr hbh missing
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 0 + 0 present => reg 1 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# exthdr hbh == exists
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 0 + 0 present => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# exthdr hbh == missing
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 0 + 0 present => reg 1 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# exthdr hbh != exists
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 0 + 0 present => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# exthdr hbh != missing
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 0 + 0 present => reg 1 ]
+ [ cmp neq reg 1 0x00000000 ]
+
+# exthdr hbh 1
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 0 + 0 present => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# exthdr hbh 0
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 0 + 0 present => reg 1 ]
+ [ cmp eq reg 1 0x00000000 ]
+
diff --git a/tests/py/ip6/flowtable.t b/tests/py/ip6/flowtable.t
new file mode 100644
index 0000000..e58d51b
--- /dev/null
+++ b/tests/py/ip6/flowtable.t
@@ -0,0 +1,6 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+
+meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter };ok;meter acct_out size 4096 { iif . ip6 saddr timeout 10m counter }
+meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter };ok;meter acct_out size 12345 { ip6 saddr . iif timeout 10m counter }
diff --git a/tests/py/ip6/flowtable.t.json b/tests/py/ip6/flowtable.t.json
new file mode 100644
index 0000000..d0b3a95
--- /dev/null
+++ b/tests/py/ip6/flowtable.t.json
@@ -0,0 +1,62 @@
+# meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter }
+[
+ {
+ "meter": {
+ "key": {
+ "elem": {
+ "timeout": 600,
+ "val": {
+ "concat": [
+ {
+ "meta": { "key": "iif" }
+ },
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ }
+ ]
+ }
+ }
+ },
+ "name": "acct_out",
+ "size": 4096,
+ "stmt": {
+ "counter": null
+ }
+ }
+ }
+]
+
+# meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter }
+[
+ {
+ "meter": {
+ "key": {
+ "elem": {
+ "timeout": 600,
+ "val": {
+ "concat": [
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ {
+ "meta": { "key": "iif" }
+ }
+ ]
+ }
+ }
+ },
+ "name": "acct_out",
+ "size": 12345,
+ "stmt": {
+ "counter": null
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/flowtable.t.json.output b/tests/py/ip6/flowtable.t.json.output
new file mode 100644
index 0000000..d0b3a95
--- /dev/null
+++ b/tests/py/ip6/flowtable.t.json.output
@@ -0,0 +1,62 @@
+# meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter }
+[
+ {
+ "meter": {
+ "key": {
+ "elem": {
+ "timeout": 600,
+ "val": {
+ "concat": [
+ {
+ "meta": { "key": "iif" }
+ },
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ }
+ ]
+ }
+ }
+ },
+ "name": "acct_out",
+ "size": 4096,
+ "stmt": {
+ "counter": null
+ }
+ }
+ }
+]
+
+# meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter }
+[
+ {
+ "meter": {
+ "key": {
+ "elem": {
+ "timeout": 600,
+ "val": {
+ "concat": [
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ {
+ "meta": { "key": "iif" }
+ }
+ ]
+ }
+ }
+ },
+ "name": "acct_out",
+ "size": 12345,
+ "stmt": {
+ "counter": null
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/flowtable.t.payload b/tests/py/ip6/flowtable.t.payload
new file mode 100644
index 0000000..559475f
--- /dev/null
+++ b/tests/py/ip6/flowtable.t.payload
@@ -0,0 +1,16 @@
+# meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter }
+acct_out test-ip6 31
+acct_out test-ip6 0
+ip6 test-ip6 input
+ [ meta load iif => reg 1 ]
+ [ payload load 16b @ network header + 8 => reg 9 ]
+ [ dynset update reg_key 1 set acct_out timeout 600000ms expr [ counter pkts 0 bytes 0 ] ]
+
+# meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter }
+acct_out test-ip6 31
+acct_out test-ip6 0
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ meta load iif => reg 2 ]
+ [ dynset update reg_key 1 set acct_out timeout 600000ms expr [ counter pkts 0 bytes 0 ] ]
+
diff --git a/tests/py/ip6/frag.t b/tests/py/ip6/frag.t
new file mode 100644
index 0000000..6bbd6ac
--- /dev/null
+++ b/tests/py/ip6/frag.t
@@ -0,0 +1,40 @@
+:output;type filter hook output priority 0
+:ingress;type filter hook ingress device lo priority 0
+:egress;type filter hook egress device lo priority 0
+
+*ip6;test-ip6;output
+*inet;test-inet;output
+*netdev;test-netdev;ingress,egress
+
+frag nexthdr tcp;ok;frag nexthdr 6
+frag nexthdr != icmp;ok;frag nexthdr != 1
+frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok;frag nexthdr { 51, 136, 132, 6, 108, 50, 17, 33}
+frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok;frag nexthdr != { 51, 136, 132, 6, 108, 50, 17, 33}
+frag nexthdr esp;ok;frag nexthdr 50
+frag nexthdr ah;ok;frag nexthdr 51
+
+frag reserved 22;ok
+frag reserved != 233;ok
+frag reserved 33-45;ok
+frag reserved != 33-45;ok
+frag reserved { 33, 55, 67, 88};ok
+frag reserved != { 33, 55, 67, 88};ok
+
+frag frag-off 22;ok
+frag frag-off != 233;ok
+frag frag-off 33-45;ok
+frag frag-off != 33-45;ok
+frag frag-off { 33, 55, 67, 88};ok
+frag frag-off != { 33, 55, 67, 88};ok
+
+frag reserved2 1;ok
+frag more-fragments 0;ok
+frag more-fragments 1;ok
+
+frag id 1;ok
+frag id 22;ok
+frag id != 33;ok
+frag id 33-45;ok
+frag id != 33-45;ok
+frag id { 33, 55, 67, 88};ok
+frag id != { 33, 55, 67, 88};ok
diff --git a/tests/py/ip6/frag.t.json b/tests/py/ip6/frag.t.json
new file mode 100644
index 0000000..b8c06df
--- /dev/null
+++ b/tests/py/ip6/frag.t.json
@@ -0,0 +1,644 @@
+# frag nexthdr tcp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": "tcp"
+ }
+ }
+]
+
+# frag nexthdr != icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": "icmp"
+ }
+ }
+]
+
+# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "esp",
+ "ah",
+ "comp",
+ "udp",
+ "udplite",
+ "tcp",
+ "dccp",
+ "sctp"
+ ]
+ }
+ }
+ }
+]
+
+# frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "esp",
+ "ah",
+ "comp",
+ "udp",
+ "udplite",
+ "tcp",
+ "dccp",
+ "sctp"
+ ]
+ }
+ }
+ }
+]
+
+# frag nexthdr esp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": "esp"
+ }
+ }
+]
+
+# frag nexthdr ah
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": "ah"
+ }
+ }
+]
+
+# frag reserved 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# frag reserved != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# frag reserved 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# frag reserved != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# frag reserved { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# frag reserved != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# frag reserved { 33-55}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ { "range": [ 33, 55 ] }
+ ]
+ }
+ }
+ }
+]
+
+# frag reserved != { 33-55}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ { "range": [ 33, 55 ] }
+ ]
+ }
+ }
+ }
+]
+
+# frag frag-off 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "frag-off",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# frag frag-off != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "frag-off",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# frag frag-off 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "frag-off",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# frag frag-off != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "frag-off",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# frag frag-off { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "frag-off",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# frag frag-off != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "frag-off",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# frag frag-off { 33-55}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "frag-off",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ { "range": [ 33, 55 ] }
+ ]
+ }
+ }
+ }
+]
+
+# frag frag-off != { 33-55}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "frag-off",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ { "range": [ 33, 55 ] }
+ ]
+ }
+ }
+ }
+]
+
+# frag reserved2 1
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved2",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# frag more-fragments 0
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "more-fragments",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": 0
+ }
+ }
+]
+
+# frag more-fragments 1
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "more-fragments",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# frag id 1
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "id",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# frag id 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "id",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# frag id != 33
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "id",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": 33
+ }
+ }
+]
+
+# frag id 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "id",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# frag id != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "id",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# frag id { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "id",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# frag id != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "id",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# frag id { 33-55}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "id",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ { "range": [ 33, 55 ] }
+ ]
+ }
+ }
+ }
+]
+
+# frag id != { 33-55}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "id",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ { "range": [ 33, 55 ] }
+ ]
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/frag.t.json.output b/tests/py/ip6/frag.t.json.output
new file mode 100644
index 0000000..68d382b
--- /dev/null
+++ b/tests/py/ip6/frag.t.json.output
@@ -0,0 +1,118 @@
+# frag nexthdr tcp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ }
+]
+
+# frag nexthdr != icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": 1
+ }
+ }
+]
+
+# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 6,
+ 17,
+ 33,
+ 50,
+ 51,
+ 108,
+ 132,
+ 136
+ ]
+ }
+ }
+ }
+]
+
+# frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 6,
+ 17,
+ 33,
+ 50,
+ 51,
+ 108,
+ 132,
+ 136
+ ]
+ }
+ }
+ }
+]
+
+# frag nexthdr esp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": 50
+ }
+ }
+]
+
+# frag nexthdr ah
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "frag"
+ }
+ },
+ "op": "==",
+ "right": 51
+ }
+ }
+]
+
diff --git a/tests/py/ip6/frag.t.payload.inet b/tests/py/ip6/frag.t.payload.inet
new file mode 100644
index 0000000..20334f4
--- /dev/null
+++ b/tests/py/ip6/frag.t.payload.inet
@@ -0,0 +1,232 @@
+# frag nexthdr tcp
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+
+# frag nexthdr != icmp
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag nexthdr esp
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000032 ]
+
+# frag nexthdr ah
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000033 ]
+
+# frag reserved 22
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# frag reserved != 233
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# frag reserved 33-45
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# frag reserved != 33-45
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# frag reserved { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag reserved != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag frag-off 22
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x0000b000 ]
+
+# frag frag-off != 233
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00004807 ]
+
+# frag frag-off 33-45
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp gte reg 1 0x00000801 ]
+ [ cmp lte reg 1 0x00006801 ]
+
+# frag frag-off != 33-45
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ range neq reg 1 0x00000801 0x00006801 ]
+
+# frag frag-off { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag frag-off != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag id 1
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x01000000 ]
+
+# frag id 22
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x16000000 ]
+
+# frag id != 33
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp neq reg 1 0x21000000 ]
+
+# frag id 33-45
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp gte reg 1 0x21000000 ]
+ [ cmp lte reg 1 0x2d000000 ]
+
+# frag id != 33-45
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ range neq reg 1 0x21000000 0x2d000000 ]
+
+# frag id { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag id != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag reserved2 1
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000006 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000002 ]
+
+# frag more-fragments 0
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# frag more-fragments 1
+inet test-inet output
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000001 ]
+
diff --git a/tests/py/ip6/frag.t.payload.ip6 b/tests/py/ip6/frag.t.payload.ip6
new file mode 100644
index 0000000..7c3e7a4
--- /dev/null
+++ b/tests/py/ip6/frag.t.payload.ip6
@@ -0,0 +1,176 @@
+# frag nexthdr tcp
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+
+# frag nexthdr != icmp
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag nexthdr esp
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000032 ]
+
+# frag nexthdr ah
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000033 ]
+
+# frag reserved 22
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# frag reserved != 233
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# frag reserved 33-45
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# frag reserved != 33-45
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# frag reserved { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag reserved != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag frag-off 22
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x0000b000 ]
+
+# frag frag-off != 233
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00004807 ]
+
+# frag frag-off 33-45
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp gte reg 1 0x00000801 ]
+ [ cmp lte reg 1 0x00006801 ]
+
+# frag frag-off != 33-45
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ range neq reg 1 0x00000801 0x00006801 ]
+
+# frag frag-off { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag frag-off != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag id 1
+ip6 test-ip6 output
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x01000000 ]
+
+# frag id 22
+ip6 test-ip6 output
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x16000000 ]
+
+# frag id != 33
+ip6 test-ip6 output
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp neq reg 1 0x21000000 ]
+
+# frag id 33-45
+ip6 test-ip6 output
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp gte reg 1 0x21000000 ]
+ [ cmp lte reg 1 0x2d000000 ]
+
+# frag id != 33-45
+ip6 test-ip6 output
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ range neq reg 1 0x21000000 0x2d000000 ]
+
+# frag id { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+ip6 test-ip6 output
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag id != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+ip6 test-ip6 output
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag reserved2 1
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000006 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000002 ]
+
+# frag more-fragments 0
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# frag more-fragments 1
+ip6 test-ip6 output
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000001 ]
+
diff --git a/tests/py/ip6/frag.t.payload.ip6.got b/tests/py/ip6/frag.t.payload.ip6.got
new file mode 100644
index 0000000..db439da
--- /dev/null
+++ b/tests/py/ip6/frag.t.payload.ip6.got
@@ -0,0 +1,43 @@
+# frag frag-off 0x16
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x0000b000 ]
+
+# frag frag-off != 0xe9
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00004807 ]
+
+# frag frag-off 0x21-0x2d
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp gte reg 1 0x00000801 ]
+ [ cmp lte reg 1 0x00006801 ]
+
+# frag frag-off != 0x21-0x2d
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ range neq reg 1 0x00000801 0x00006801 ]
+
+# frag frag-off { 0x21, 0x37, 0x43, 0x58}
+__set%d test-ip6 3 size 4
+__set%d test-ip6 0
+ element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag frag-off != { 0x21, 0x37, 0x43, 0x58}
+__set%d test-ip6 3 size 4
+__set%d test-ip6 0
+ element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
+ip6 test-ip6 output
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
diff --git a/tests/py/ip6/frag.t.payload.netdev b/tests/py/ip6/frag.t.payload.netdev
new file mode 100644
index 0000000..0562075
--- /dev/null
+++ b/tests/py/ip6/frag.t.payload.netdev
@@ -0,0 +1,232 @@
+# frag nexthdr tcp
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+
+# frag nexthdr != icmp
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+__set%d test-netdev 3 size 8
+__set%d test-netdev 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+__set%d test-netdev 3 size 8
+__set%d test-netdev 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag nexthdr esp
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000032 ]
+
+# frag nexthdr ah
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000033 ]
+
+# frag reserved 22
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# frag reserved != 233
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# frag reserved 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# frag reserved != 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# frag reserved { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag reserved != { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag frag-off 22
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x0000b000 ]
+
+# frag frag-off != 233
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00004807 ]
+
+# frag frag-off 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp gte reg 1 0x00000801 ]
+ [ cmp lte reg 1 0x00006801 ]
+
+# frag frag-off != 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ range neq reg 1 0x00000801 0x00006801 ]
+
+# frag frag-off { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag frag-off != { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag reserved2 1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000006 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000002 ]
+
+# frag more-fragments 0
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# frag more-fragments 1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# frag id 1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x01000000 ]
+
+# frag id 22
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x16000000 ]
+
+# frag id != 33
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp neq reg 1 0x21000000 ]
+
+# frag id 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp gte reg 1 0x21000000 ]
+ [ cmp lte reg 1 0x2d000000 ]
+
+# frag id != 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ range neq reg 1 0x21000000 0x2d000000 ]
+
+# frag id { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag id != { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
diff --git a/tests/py/ip6/frag.t.payload.netdev.got b/tests/py/ip6/frag.t.payload.netdev.got
new file mode 100644
index 0000000..0562075
--- /dev/null
+++ b/tests/py/ip6/frag.t.payload.netdev.got
@@ -0,0 +1,232 @@
+# frag nexthdr tcp
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+
+# frag nexthdr != icmp
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+__set%d test-netdev 3 size 8
+__set%d test-netdev 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
+__set%d test-netdev 3 size 8
+__set%d test-netdev 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag nexthdr esp
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000032 ]
+
+# frag nexthdr ah
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000033 ]
+
+# frag reserved 22
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# frag reserved != 233
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# frag reserved 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# frag reserved != 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# frag reserved { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag reserved != { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag frag-off 22
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x0000b000 ]
+
+# frag frag-off != 233
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00004807 ]
+
+# frag frag-off 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ cmp gte reg 1 0x00000801 ]
+ [ cmp lte reg 1 0x00006801 ]
+
+# frag frag-off != 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ range neq reg 1 0x00000801 0x00006801 ]
+
+# frag frag-off { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag frag-off != { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# frag reserved2 1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000006 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000002 ]
+
+# frag more-fragments 0
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# frag more-fragments 1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# frag id 1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x01000000 ]
+
+# frag id 22
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x16000000 ]
+
+# frag id != 33
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp neq reg 1 0x21000000 ]
+
+# frag id 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ cmp gte reg 1 0x21000000 ]
+ [ cmp lte reg 1 0x2d000000 ]
+
+# frag id != 33-45
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ range neq reg 1 0x21000000 0x2d000000 ]
+
+# frag id { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# frag id != { 33, 55, 67, 88}
+__set%d test-netdev 3 size 4
+__set%d test-netdev 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
diff --git a/tests/py/ip6/hbh.t b/tests/py/ip6/hbh.t
new file mode 100644
index 0000000..fce5fea
--- /dev/null
+++ b/tests/py/ip6/hbh.t
@@ -0,0 +1,22 @@
+:filter-input;type filter hook input priority 0
+
+*ip6;test-ip6;filter-input
+*inet;test-inet;filter-input
+
+hbh hdrlength 22;ok
+hbh hdrlength != 233;ok
+hbh hdrlength 33-45;ok
+hbh hdrlength != 33-45;ok
+hbh hdrlength {33, 55, 67, 88};ok
+hbh hdrlength != {33, 55, 67, 88};ok
+
+hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;hbh nexthdr { 58, 136, 51, 50, 6, 17, 132, 33, 108}
+hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;hbh nexthdr != { 58, 136, 51, 50, 6, 17, 132, 33, 108}
+hbh nexthdr 22;ok
+hbh nexthdr != 233;ok
+hbh nexthdr 33-45;ok
+hbh nexthdr != 33-45;ok
+hbh nexthdr {33, 55, 67, 88};ok
+hbh nexthdr != {33, 55, 67, 88};ok
+hbh nexthdr ip;ok;hbh nexthdr 0
+hbh nexthdr != ip;ok;hbh nexthdr != 0
diff --git a/tests/py/ip6/hbh.t.json b/tests/py/ip6/hbh.t.json
new file mode 100644
index 0000000..68670a3
--- /dev/null
+++ b/tests/py/ip6/hbh.t.json
@@ -0,0 +1,316 @@
+# hbh hdrlength 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# hbh hdrlength != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# hbh hdrlength 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# hbh hdrlength != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# hbh hdrlength {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# hbh hdrlength != {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "esp",
+ "ah",
+ "comp",
+ "udp",
+ "udplite",
+ "tcp",
+ "dccp",
+ "sctp",
+ "icmpv6"
+ ]
+ }
+ }
+ }
+]
+
+# hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "esp",
+ "ah",
+ "comp",
+ "udp",
+ "udplite",
+ "tcp",
+ "dccp",
+ "sctp",
+ "icmpv6"
+ ]
+ }
+ }
+ }
+]
+
+# hbh nexthdr 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# hbh nexthdr != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# hbh nexthdr 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# hbh nexthdr != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# hbh nexthdr {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# hbh nexthdr != {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# hbh nexthdr ip
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": "ip"
+ }
+ }
+]
+
+# hbh nexthdr != ip
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": "ip"
+ }
+ }
+]
+
diff --git a/tests/py/ip6/hbh.t.json.output b/tests/py/ip6/hbh.t.json.output
new file mode 100644
index 0000000..190f0fc
--- /dev/null
+++ b/tests/py/ip6/hbh.t.json.output
@@ -0,0 +1,68 @@
+# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [ 6, 17, 33, 50, 51, 58, 108, 132, 136 ]
+ }
+ }
+ }
+]
+
+# hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [ 6, 17, 33, 50, 51, 58, 108, 132, 136 ]
+ }
+ }
+ }
+]
+
+# hbh nexthdr ip
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "==",
+ "right": 0
+ }
+ }
+]
+
+# hbh nexthdr != ip
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "hbh"
+ }
+ },
+ "op": "!=",
+ "right": 0
+ }
+ }
+]
+
diff --git a/tests/py/ip6/hbh.t.payload.inet b/tests/py/ip6/hbh.t.payload.inet
new file mode 100644
index 0000000..63afd83
--- /dev/null
+++ b/tests/py/ip6/hbh.t.payload.inet
@@ -0,0 +1,132 @@
+# hbh hdrlength 22
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# hbh hdrlength != 233
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# hbh hdrlength 33-45
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# hbh hdrlength != 33-45
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# hbh hdrlength {33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# hbh hdrlength != {33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# hbh nexthdr 22
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# hbh nexthdr != 233
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# hbh nexthdr 33-45
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# hbh nexthdr != 33-45
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# hbh nexthdr {33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# hbh nexthdr != {33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# hbh nexthdr ip
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# hbh nexthdr != ip
+inet test-inet filter-input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000000 ]
+
diff --git a/tests/py/ip6/hbh.t.payload.ip6 b/tests/py/ip6/hbh.t.payload.ip6
new file mode 100644
index 0000000..913505a
--- /dev/null
+++ b/tests/py/ip6/hbh.t.payload.ip6
@@ -0,0 +1,100 @@
+# hbh hdrlength 22
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# hbh hdrlength != 233
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# hbh hdrlength 33-45
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# hbh hdrlength != 33-45
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# hbh hdrlength {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# hbh hdrlength != {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# hbh nexthdr 22
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# hbh nexthdr != 233
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# hbh nexthdr 33-45
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# hbh nexthdr != 33-45
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# hbh nexthdr {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# hbh nexthdr != {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# hbh nexthdr ip
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# hbh nexthdr != ip
+ip6 test-ip6 filter-input
+ [ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000000 ]
+
diff --git a/tests/py/ip6/icmpv6.t b/tests/py/ip6/icmpv6.t
new file mode 100644
index 0000000..35dad2b
--- /dev/null
+++ b/tests/py/ip6/icmpv6.t
@@ -0,0 +1,99 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+# BUG: There is a bug with icmpv6 and inet tables
+# *inet;test-inet;input
+
+icmpv6 type destination-unreachable accept;ok
+icmpv6 type packet-too-big accept;ok
+icmpv6 type time-exceeded accept;ok
+icmpv6 type echo-request accept;ok
+icmpv6 type echo-reply accept;ok
+icmpv6 type mld-listener-query accept;ok
+icmpv6 type mld-listener-report accept;ok
+icmpv6 type mld-listener-done accept;ok
+icmpv6 type mld-listener-reduction accept;ok;icmpv6 type mld-listener-done accept
+icmpv6 type nd-router-solicit accept;ok
+icmpv6 type nd-router-advert accept;ok
+icmpv6 type nd-neighbor-solicit accept;ok
+icmpv6 type nd-neighbor-advert accept;ok
+icmpv6 type nd-redirect accept;ok
+icmpv6 type parameter-problem accept;ok
+icmpv6 type router-renumbering accept;ok
+icmpv6 type ind-neighbor-solicit accept;ok
+icmpv6 type ind-neighbor-advert accept;ok
+icmpv6 type mld2-listener-report accept;ok
+icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept;ok
+icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept;ok
+icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept;ok
+icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept;ok
+
+icmpv6 code 4;ok;icmpv6 code port-unreachable
+icmpv6 code 3-66;ok
+icmpv6 code {5, 6, 7} accept;ok;icmpv6 code {policy-fail, reject-route, 7} accept
+icmpv6 code != {policy-fail, reject-route, 7} accept;ok
+
+icmpv6 checksum 2222 log;ok
+icmpv6 checksum != 2222 log;ok
+icmpv6 checksum 222-226;ok
+icmpv6 checksum != 222-226;ok
+icmpv6 checksum { 222, 226};ok
+icmpv6 checksum != { 222, 226};ok
+
+# BUG: icmpv6 parameter-problem, pptr
+# [ICMP6HDR_PPTR] = ICMP6HDR_FIELD("parameter-problem", icmp6_pptr),
+# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 35
+# <cmdline>:1:53-53: Error: syntax error, unexpected end of file
+# add rule ip6 test6 input icmpv6 parameter-problem 35
+# ^
+# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem
+# <cmdline>:1:26-31: Error: Value 58 exceeds valid range 0-0
+# add rule ip6 test6 input icmpv6 parameter-problem
+# ^^^^^^
+# $ sudo nft add rule ip6 test6 input icmpv6 parameter-problem 2-4
+# <cmdline>:1:54-54: Error: syntax error, unexpected end of file
+# add rule ip6 test6 input icmpv6 parameter-problem 2-4
+
+icmpv6 mtu 22;ok
+icmpv6 mtu != 233;ok
+icmpv6 mtu 33-45;ok
+icmpv6 mtu != 33-45;ok
+icmpv6 mtu {33, 55, 67, 88};ok
+icmpv6 mtu != {33, 55, 67, 88};ok
+icmpv6 type packet-too-big icmpv6 mtu 1280;ok;icmpv6 mtu 1280
+
+icmpv6 id 33-45;ok;icmpv6 type { echo-request, echo-reply} icmpv6 id 33-45
+icmpv6 id != 33-45;ok;icmpv6 type { echo-request, echo-reply} icmpv6 id != 33-45
+icmpv6 id {33, 55, 67, 88};ok;icmpv6 type { echo-request, echo-reply} icmpv6 id { 33, 55, 67, 88}
+icmpv6 id != {33, 55, 67, 88};ok;icmpv6 type { echo-request, echo-reply} icmpv6 id != { 33, 55, 67, 88}
+
+icmpv6 id 1;ok;icmpv6 type { echo-request, echo-reply} icmpv6 id 1
+icmpv6 type echo-reply icmpv6 id 65534;ok
+
+icmpv6 sequence 2;ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence 2
+icmpv6 sequence {3, 4, 5, 6, 7} accept;ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence { 3, 4, 5, 6, 7} accept
+
+
+icmpv6 sequence {2, 4};ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence { 2, 4}
+icmpv6 sequence != {2, 4};ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence != { 2, 4}
+icmpv6 sequence 2-4;ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence 2-4
+icmpv6 sequence != 2-4;ok;icmpv6 type { echo-request, echo-reply} icmpv6 sequence != 2-4
+
+icmpv6 max-delay 33-45;ok
+icmpv6 max-delay != 33-45;ok
+icmpv6 max-delay {33, 55, 67, 88};ok
+icmpv6 max-delay != {33, 55, 67, 88};ok
+
+icmpv6 type parameter-problem icmpv6 code no-route;ok
+
+icmpv6 type mld-listener-query icmpv6 taddr 2001:db8::133;ok
+icmpv6 type nd-neighbor-solicit icmpv6 taddr 2001:db8::133;ok
+icmpv6 type nd-neighbor-advert icmpv6 taddr 2001:db8::133;ok
+icmpv6 taddr 2001:db8::133;ok;icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect} icmpv6 taddr 2001:db8::133
+
+icmpv6 taddr 2001:db8::133;ok;icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect} icmpv6 taddr 2001:db8::133
+
+icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect} icmpv6 taddr 2001:db8::133;ok
+icmpv6 type { nd-neighbor-solicit, nd-neighbor-advert } icmpv6 taddr 2001:db8::133;ok
+icmpv6 daddr 2001:db8::133;ok
+icmpv6 type nd-redirect icmpv6 daddr 2001:db8::133;ok;icmpv6 daddr 2001:db8::133
diff --git a/tests/py/ip6/icmpv6.t.json b/tests/py/ip6/icmpv6.t.json
new file mode 100644
index 0000000..224a8e8
--- /dev/null
+++ b/tests/py/ip6/icmpv6.t.json
@@ -0,0 +1,1425 @@
+# icmpv6 type destination-unreachable accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "destination-unreachable"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type packet-too-big accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "packet-too-big"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type time-exceeded accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "time-exceeded"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type echo-request accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "echo-request"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type echo-reply accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "echo-reply"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type mld-listener-query accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "mld-listener-query"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type mld-listener-report accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "mld-listener-report"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type mld-listener-done accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "mld-listener-done"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type mld-listener-reduction accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "mld-listener-reduction"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type nd-router-solicit accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "nd-router-solicit"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type nd-router-advert accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "nd-router-advert"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type nd-neighbor-solicit accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "nd-neighbor-solicit"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type nd-neighbor-advert accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "nd-neighbor-advert"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type nd-redirect accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "nd-redirect"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type parameter-problem accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "parameter-problem"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type router-renumbering accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "router-renumbering"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type ind-neighbor-solicit accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "ind-neighbor-solicit"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type ind-neighbor-advert accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "ind-neighbor-advert"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type mld2-listener-report accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "mld2-listener-report"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "destination-unreachable",
+ "time-exceeded",
+ "nd-router-solicit"
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "router-renumbering",
+ "mld-listener-done",
+ "time-exceeded",
+ "nd-router-solicit"
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "mld-listener-query",
+ "time-exceeded",
+ "nd-router-advert"
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "mld-listener-query",
+ "time-exceeded",
+ "nd-router-advert"
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 code 4
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "code",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": 4
+ }
+ }
+]
+
+# icmpv6 code 3-66
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "code",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 3, 66 ]
+ }
+ }
+ }
+]
+
+# icmpv6 code {5, 6, 7} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "code",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 5,
+ 6,
+ 7
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 code != {policy-fail, reject-route, 7} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "code",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "policy-fail",
+ "reject-route",
+ 7
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 checksum 2222 log
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "checksum",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": 2222
+ }
+ },
+ {
+ "log": null
+ }
+]
+
+# icmpv6 checksum != 2222 log
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "checksum",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": 2222
+ }
+ },
+ {
+ "log": null
+ }
+]
+
+# icmpv6 checksum 222-226
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "checksum",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 222, 226 ]
+ }
+ }
+ }
+]
+
+# icmpv6 checksum != 222-226
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "checksum",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 222, 226 ]
+ }
+ }
+ }
+]
+
+# icmpv6 checksum { 222, 226}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "checksum",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 222,
+ 226
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 checksum != { 222, 226}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "checksum",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 222,
+ 226
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 mtu 22
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "mtu",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# icmpv6 mtu != 233
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "mtu",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# icmpv6 mtu 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "mtu",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# icmpv6 mtu != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "mtu",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# icmpv6 mtu {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "mtu",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 mtu != {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "mtu",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 id 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# icmpv6 id != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# icmpv6 id {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 id != {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 id 1
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# icmpv6 type echo-reply icmpv6 id 65534
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "echo-reply"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": 65534
+ }
+ }
+]
+
+# icmpv6 sequence 2
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": 2
+ }
+ }
+]
+
+# icmpv6 sequence {3, 4, 5, 6, 7} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 3,
+ 4,
+ 5,
+ 6,
+ 7
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 sequence {2, 4}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 2,
+ 4
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 sequence != {2, 4}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 2,
+ 4
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 sequence 2-4
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 2, 4 ]
+ }
+ }
+ }
+]
+
+# icmpv6 sequence != 2-4
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 2, 4 ]
+ }
+ }
+ }
+]
+
+# icmpv6 max-delay 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "max-delay",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# icmpv6 max-delay != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "max-delay",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# icmpv6 max-delay {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "max-delay",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 max-delay != {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "max-delay",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 type packet-too-big icmpv6 mtu 1280
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "mtu",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": 1280
+ }
+ }
+]
+
+# icmpv6 type parameter-problem icmpv6 code no-route
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "parameter-problem"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "code",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "no-route"
+ }
+ }
+]
+
+# icmpv6 type mld-listener-query icmpv6 taddr 2001:db8::133
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "mld-listener-query"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "taddr",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "2001:db8::133"
+ }
+ }
+]
+
+# icmpv6 type nd-neighbor-solicit icmpv6 taddr 2001:db8::133
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "nd-neighbor-solicit"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "taddr",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "2001:db8::133"
+ }
+ }
+]
+
+# icmpv6 type nd-neighbor-advert icmpv6 taddr 2001:db8::133
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "nd-neighbor-advert"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "taddr",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "2001:db8::133"
+ }
+ }
+]
+
+# icmpv6 taddr 2001:db8::133
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "mld-listener-query",
+ "mld-listener-report",
+ "mld-listener-done",
+ "nd-neighbor-solicit",
+ "nd-neighbor-advert",
+ "nd-redirect"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "taddr",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "2001:db8::133"
+ }
+ }
+]
+
+# icmpv6 taddr 2001:db8::133
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "mld-listener-query",
+ "mld-listener-report",
+ "mld-listener-done",
+ "nd-neighbor-solicit",
+ "nd-neighbor-advert",
+ "nd-redirect"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "taddr",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "2001:db8::133"
+ }
+ }
+]
+
+# icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect} icmpv6 taddr 2001:db8::133
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "mld-listener-query",
+ "mld-listener-report",
+ "mld-listener-done",
+ "nd-neighbor-solicit",
+ "nd-neighbor-advert",
+ "nd-redirect"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "taddr",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "2001:db8::133"
+ }
+ }
+]
+
+# icmpv6 type { nd-neighbor-solicit, nd-neighbor-advert } icmpv6 taddr 2001:db8::133
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "nd-neighbor-solicit",
+ "nd-neighbor-advert"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "taddr",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "2001:db8::133"
+ }
+ }
+]
+
+# icmpv6 daddr 2001:db8::133
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "2001:db8::133"
+ }
+ }
+]
+
+# icmpv6 type nd-redirect icmpv6 daddr 2001:db8::133
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "2001:db8::133"
+ }
+ }
+]
diff --git a/tests/py/ip6/icmpv6.t.json.output b/tests/py/ip6/icmpv6.t.json.output
new file mode 100644
index 0000000..7b8f5c1
--- /dev/null
+++ b/tests/py/ip6/icmpv6.t.json.output
@@ -0,0 +1,760 @@
+# icmpv6 type mld-listener-reduction accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "mld-listener-done"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "time-exceeded",
+ "mld-listener-done",
+ "nd-router-solicit",
+ "router-renumbering"
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "time-exceeded",
+ "mld-listener-query",
+ "nd-router-advert"
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "time-exceeded",
+ "mld-listener-query",
+ "nd-router-advert"
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 code 4
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "code",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "port-unreachable"
+ }
+ }
+]
+
+# icmpv6 code 3-66
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "code",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [
+ "addr-unreachable",
+ 66
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 code {5, 6, 7} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "code",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "policy-fail",
+ "reject-route",
+ 7
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 code { 3-66}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "code",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ {
+ "range": [
+ "addr-unreachable",
+ 66
+ ]
+ }
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 code != { 3-66}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "code",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ {
+ "range": [
+ "addr-unreachable",
+ 66
+ ]
+ }
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 id 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [
+ 33,
+ 45
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 id != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [
+ 33,
+ 45
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 id {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 id != {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 id {33-55}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ {
+ "range": [
+ 33,
+ 55
+ ]
+ }
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 id != {33-55}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "id",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ {
+ "range": [
+ 33,
+ 55
+ ]
+ }
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 sequence 2
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": 2
+ }
+ }
+]
+
+# icmpv6 sequence {3, 4, 5, 6, 7} accept
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 3,
+ 4,
+ 5,
+ 6,
+ 7
+ ]
+ }
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# icmpv6 sequence {2, 4}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 2,
+ 4
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 sequence != {2, 4}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 2,
+ 4
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 sequence 2-4
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [
+ 2,
+ 4
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 sequence != 2-4
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [
+ 2,
+ 4
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 sequence { 2-4}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ {
+ "range": [
+ 2,
+ 4
+ ]
+ }
+ ]
+ }
+ }
+ }
+]
+
+# icmpv6 sequence != { 2-4}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "echo-request",
+ "echo-reply"
+ ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sequence",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ {
+ "range": [
+ 2,
+ 4
+ ]
+ }
+ ]
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/icmpv6.t.payload.ip6 b/tests/py/ip6/icmpv6.t.payload.ip6
new file mode 100644
index 0000000..fcaf481
--- /dev/null
+++ b/tests/py/ip6/icmpv6.t.payload.ip6
@@ -0,0 +1,643 @@
+# icmpv6 type destination-unreachable accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type packet-too-big accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type time-exceeded accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000003 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type echo-request accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000080 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type echo-reply accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000081 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type mld-listener-query accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000082 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type mld-listener-report accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000083 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type mld-listener-done accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000084 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type mld-listener-reduction accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000084 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type nd-router-solicit accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000085 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type nd-router-advert accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000086 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type nd-neighbor-solicit accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000087 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type nd-neighbor-advert accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000088 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type nd-redirect accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000089 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type parameter-problem accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000004 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type router-renumbering accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x0000008a ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type ind-neighbor-solicit accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x0000008d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type ind-neighbor-advert accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x0000008e ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type mld2-listener-report accept
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x0000008f ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000001 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 0000008a : 0 [end] element 00000084 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000082 : 0 [end] element 00000003 : 0 [end] element 00000086 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000082 : 0 [end] element 00000003 : 0 [end] element 00000086 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 code 4
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000004 ]
+
+# icmpv6 code 3-66
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000003 ]
+ [ cmp lte reg 1 0x00000042 ]
+
+# icmpv6 code {5, 6, 7} accept
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 code != {policy-fail, reject-route, 7} accept
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 checksum 2222 log
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000ae08 ]
+ [ log ]
+
+# icmpv6 checksum != 2222 log
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp neq reg 1 0x0000ae08 ]
+ [ log ]
+
+# icmpv6 checksum 222-226
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x0000de00 ]
+ [ cmp lte reg 1 0x0000e200 ]
+
+# icmpv6 checksum != 222-226
+ip6
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ range neq reg 1 0x0000de00 0x0000e200 ]
+
+# icmpv6 checksum { 222, 226}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 0000de00 : 0 [end] element 0000e200 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# icmpv6 checksum != { 222, 226}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 0000de00 : 0 [end] element 0000e200 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# icmpv6 mtu 22
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ cmp eq reg 1 0x16000000 ]
+
+# icmpv6 mtu != 233
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ cmp neq reg 1 0xe9000000 ]
+
+# icmpv6 mtu 33-45
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ cmp gte reg 1 0x21000000 ]
+ [ cmp lte reg 1 0x2d000000 ]
+
+# icmpv6 mtu != 33-45
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ range neq reg 1 0x21000000 0x2d000000 ]
+
+# icmpv6 mtu {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# icmpv6 mtu != {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# icmpv6 type packet-too-big icmpv6 mtu 1280
+ip6
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ transport header + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00050000 ]
+
+# icmpv6 id 33-45
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# icmpv6 id != 33-45
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ range neq reg 1 0x00002100 0x00002d00 ]
+
+# icmpv6 id {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# icmpv6 id != {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# icmpv6 id 1
+__set%d test-ip6 3 size 2
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+ip6
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00000100 ]
+
+# icmpv6 type echo-reply icmpv6 id 65534
+ip6
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000081 ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ cmp eq reg 1 0x0000feff ]
+
+# icmpv6 sequence 2
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000200 ]
+
+# icmpv6 sequence {3, 4, 5, 6, 7} accept
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ immediate reg 0 accept ]
+
+# icmpv6 sequence {2, 4}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000200 : 0 [end] element 00000400 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# icmpv6 sequence != {2, 4}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000200 : 0 [end] element 00000400 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# icmpv6 sequence 2-4
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ cmp gte reg 1 0x00000200 ]
+ [ cmp lte reg 1 0x00000400 ]
+
+# icmpv6 sequence != 2-4
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000080 : 0 [end] element 00000081 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 2b @ transport header + 6 => reg 1 ]
+ [ range neq reg 1 0x00000200 0x00000400 ]
+
+# icmpv6 max-delay 33-45
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000082 ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# icmpv6 max-delay != 33-45
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000082 ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ range neq reg 1 0x00002100 0x00002d00 ]
+
+# icmpv6 max-delay {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000082 ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# icmpv6 max-delay != {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000082 ]
+ [ payload load 2b @ transport header + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# icmpv6 type parameter-problem icmpv6 code no-route
+ip6
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 2b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000004 ]
+
+# icmpv6 type mld-listener-query icmpv6 taddr 2001:db8::133
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000082 ]
+ [ payload load 16b @ transport header + 8 => reg 1 ]
+ [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ]
+
+# icmpv6 type nd-neighbor-solicit icmpv6 taddr 2001:db8::133
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000087 ]
+ [ payload load 16b @ transport header + 8 => reg 1 ]
+ [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ]
+
+# icmpv6 type nd-neighbor-advert icmpv6 taddr 2001:db8::133
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000088 ]
+ [ payload load 16b @ transport header + 8 => reg 1 ]
+ [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ]
+
+# icmpv6 taddr 2001:db8::133
+__set%d test-ip6 3 size 6
+__set%d test-ip6 0
+ element 00000082 : 0 [end] element 00000083 : 0 [end] element 00000084 : 0 [end] element 00000087 : 0 [end] element 00000088 : 0 [end] element 00000089 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 16b @ transport header + 8 => reg 1 ]
+ [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ]
+
+# icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect} icmpv6 taddr 2001:db8::133
+__set%d test-ip6 3 size 6
+__set%d test-ip6 0
+ element 00000082 : 0 [end] element 00000083 : 0 [end] element 00000084 : 0 [end] element 00000087 : 0 [end] element 00000088 : 0 [end] element 00000089 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 16b @ transport header + 8 => reg 1 ]
+ [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ]
+
+# icmpv6 type { nd-neighbor-solicit, nd-neighbor-advert } icmpv6 taddr 2001:db8::133
+__set%d test-ip6 3 size 2
+__set%d test-ip6 0
+ element 00000087 : 0 [end] element 00000088 : 0 [end]
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ payload load 16b @ transport header + 8 => reg 1 ]
+ [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ]
+
+# icmpv6 daddr 2001:db8::133
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000089 ]
+ [ payload load 16b @ transport header + 24 => reg 1 ]
+ [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ]
+
+# icmpv6 type nd-redirect icmpv6 daddr 2001:db8::133
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000089 ]
+ [ payload load 16b @ transport header + 24 => reg 1 ]
+ [ cmp eq reg 1 0xb80d0120 0x00000000 0x00000000 0x33010000 ]
diff --git a/tests/py/ip6/ip6.t b/tests/py/ip6/ip6.t
new file mode 100644
index 0000000..2ffe318
--- /dev/null
+++ b/tests/py/ip6/ip6.t
@@ -0,0 +1,153 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+*inet;test-inet;input
+
+# BUG: Problem with version, priority
+# <cmdline>:1:1-38: Error: Could not process rule: Invalid argument
+# add rule ip6 test6 input ip6 version 1
+# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- ip6 version 6;ok
+
+ip6 dscp cs1;ok
+ip6 dscp != cs1;ok
+ip6 dscp 0x38;ok;ip6 dscp cs7
+ip6 dscp != 0x20;ok;ip6 dscp != cs4
+ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef};ok
+ip6 dscp vmap { 0x04 : accept, 0x3f : continue } counter;ok
+
+ip6 flowlabel 22;ok
+ip6 flowlabel != 233;ok
+- ip6 flowlabel 33-45;ok
+- ip6 flowlabel != 33-45;ok
+ip6 flowlabel { 33, 55, 67, 88};ok
+# BUG ip6 flowlabel { 5046528, 2883584, 13522432 }
+ip6 flowlabel != { 33, 55, 67, 88};ok
+ip6 flowlabel vmap { 0 : accept, 2 : continue };ok
+
+ip6 length 22;ok
+ip6 length != 233;ok
+ip6 length 33-45;ok
+ip6 length != 33-45;ok
+ip6 length { 33, 55, 67, 88};ok
+ip6 length != {33, 55, 67, 88};ok
+
+ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp};ok;ip6 nexthdr { 132, 51, 108, 136, 17, 33, 6}
+ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;ip6 nexthdr { 6, 136, 108, 33, 50, 17, 132, 58, 51}
+ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;ip6 nexthdr != { 6, 136, 108, 33, 50, 17, 132, 58, 51}
+ip6 nexthdr esp;ok;ip6 nexthdr 50
+ip6 nexthdr != esp;ok;ip6 nexthdr != 50
+ip6 nexthdr 33-44;ok
+ip6 nexthdr != 33-44;ok
+
+ip6 hoplimit 1;ok
+ip6 hoplimit != 233;ok
+ip6 hoplimit 33-45;ok
+ip6 hoplimit != 33-45;ok
+ip6 hoplimit {33, 55, 67, 88};ok
+ip6 hoplimit != {33, 55, 67, 88};ok
+
+# from src/scanner.l
+# v680 (({hex4}:){7}{hex4})
+ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234;ok
+# v670 ((:)(:{hex4}{7}))
+ip6 saddr ::1234:1234:1234:1234:1234:1234:1234;ok;ip6 saddr 0:1234:1234:1234:1234:1234:1234:1234
+# v671 ((({hex4}:){1})(:{hex4}{6}))
+ip6 saddr 1234::1234:1234:1234:1234:1234:1234;ok;ip6 saddr 1234:0:1234:1234:1234:1234:1234:1234
+# v672 ((({hex4}:){2})(:{hex4}{5}))
+ip6 saddr 1234:1234::1234:1234:1234:1234:1234;ok;ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234
+ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234;ok
+# v673 ((({hex4}:){3})(:{hex4}{4}))
+ip6 saddr 1234:1234:1234::1234:1234:1234:1234;ok;ip6 saddr 1234:1234:1234:0:1234:1234:1234:1234
+# v674 ((({hex4}:){4})(:{hex4}{3}))
+ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234;ok
+# v675 ((({hex4}:){5})(:{hex4}{2}))
+ip6 saddr 1234:1234:1234:1234:1234::1234:1234;ok;ip6 saddr 1234:1234:1234:1234:1234:0:1234:1234
+# v676 ((({hex4}:){6})(:{hex4}{1}))
+ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234;ok
+# v677 ((({hex4}:){7})(:))
+ip6 saddr 1234:1234:1234:1234:1234:1234:1234::;ok;ip6 saddr 1234:1234:1234:1234:1234:1234:1234:0
+# v67 ({v670}|{v671}|{v672}|{v673}|{v674}|{v675}|{v676}|{v677})
+# v660 ((:)(:{hex4}{6}))
+ip6 saddr ::1234:1234:1234:1234:1234:1234;ok
+# v661 ((({hex4}:){1})(:{hex4}{5}))
+ip6 saddr 1234::1234:1234:1234:1234:1234;ok
+# v662 ((({hex4}:){2})(:{hex4}{4}))
+ip6 saddr 1234:1234::1234:1234:1234:1234;ok
+# v663 ((({hex4}:){3})(:{hex4}{3}))
+ip6 saddr 1234:1234:1234::1234:1234:1234;ok
+# v664 ((({hex4}:){4})(:{hex4}{2}))
+ip6 saddr 1234:1234:1234:1234::1234:1234;ok
+# v665 ((({hex4}:){5})(:{hex4}{1}))
+ip6 saddr 1234:1234:1234:1234:1234::1234;ok
+# v666 ((({hex4}:){6})(:))
+ip6 saddr 1234:1234:1234:1234:1234:1234::;ok
+# v66 ({v660}|{v661}|{v662}|{v663}|{v664}|{v665}|{v666})
+# v650 ((:)(:{hex4}{5}))
+ip6 saddr ::1234:1234:1234:1234:1234;ok
+# v651 ((({hex4}:){1})(:{hex4}{4}))
+ip6 saddr 1234::1234:1234:1234:1234;ok
+# v652 ((({hex4}:){2})(:{hex4}{3}))
+ip6 saddr 1234:1234::1234:1234:1234;ok
+# v653 ((({hex4}:){3})(:{hex4}{2}))
+ip6 saddr 1234:1234:1234::1234:1234;ok
+# v654 ((({hex4}:){4})(:{hex4}{1}))
+ip6 saddr 1234:1234:1234:1234::1234;ok
+# v655 ((({hex4}:){5})(:))
+ip6 saddr 1234:1234:1234:1234:1234::;ok
+# v65 ({v650}|{v651}|{v652}|{v653}|{v654}|{v655})
+# v640 ((:)(:{hex4}{4}))
+ip6 saddr ::1234:1234:1234:1234;ok
+# v641 ((({hex4}:){1})(:{hex4}{3}))
+ip6 saddr 1234::1234:1234:1234;ok
+# v642 ((({hex4}:){2})(:{hex4}{2}))
+ip6 saddr 1234:1234::1234:1234;ok
+# v643 ((({hex4}:){3})(:{hex4}{1}))
+ip6 saddr 1234:1234:1234::1234;ok
+# v644 ((({hex4}:){4})(:))
+ip6 saddr 1234:1234:1234:1234::;ok
+# v64 ({v640}|{v641}|{v642}|{v643}|{v644})
+# v630 ((:)(:{hex4}{3}))
+ip6 saddr ::1234:1234:1234;ok
+# v631 ((({hex4}:){1})(:{hex4}{2}))
+ip6 saddr 1234::1234:1234;ok
+# v632 ((({hex4}:){2})(:{hex4}{1}))
+ip6 saddr 1234:1234::1234;ok
+# v633 ((({hex4}:){3})(:))
+ip6 saddr 1234:1234:1234::;ok
+# v63 ({v630}|{v631}|{v632}|{v633})
+# v620 ((:)(:{hex4}{2}))
+ip6 saddr ::1234:1234;ok;ip6 saddr ::18.52.18.52
+# v621 ((({hex4}:){1})(:{hex4}{1}))
+ip6 saddr 1234::1234;ok
+# v622 ((({hex4}:){2})(:))
+ip6 saddr 1234:1234::;ok
+# v62 ({v620}|{v621}|{v622})
+# v610 ((:)(:{hex4}{1}))
+ip6 saddr ::1234;ok
+# v611 ((({hex4}:){1})(:))
+ip6 saddr 1234::;ok
+# v61 ({v610}|{v611})
+# v60 (::)
+ip6 saddr ::/64;ok
+ip6 saddr ::1 ip6 daddr ::2;ok
+
+ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 };ok;ip6 daddr != {0:1234:1234:1234:1234:1234:1234:1234, 1234:1234:0:1234:1234:1234:1234:1234}
+ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234;ok;ip6 daddr != 0:1234:1234:1234:1234:1234:1234:1234-1234:1234:0:1234:1234:1234:1234:1234
+
+# limit impact to lo
+iif "lo" ip6 daddr set ::1;ok
+iif "lo" ip6 hoplimit set 1;ok
+iif "lo" ip6 dscp set af42;ok
+iif "lo" ip6 dscp set 63;ok;iif "lo" ip6 dscp set 0x3f
+iif "lo" ip6 ecn set ect0;ok
+iif "lo" ip6 ecn set ce;ok
+
+iif "lo" ip6 flowlabel set 0;ok
+iif "lo" ip6 flowlabel set 12345;ok
+iif "lo" ip6 flowlabel set 0xfffff;ok;iif "lo" ip6 flowlabel set 1048575
+
+iif "lo" ip6 ecn set 4;fail
+iif "lo" ip6 dscp set 64;fail
+iif "lo" ip6 flowlabel set 1048576;fail
diff --git a/tests/py/ip6/ip6.t.json b/tests/py/ip6/ip6.t.json
new file mode 100644
index 0000000..cf80217
--- /dev/null
+++ b/tests/py/ip6/ip6.t.json
@@ -0,0 +1,1559 @@
+# ip6 dscp cs1
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "cs1"
+ }
+ }
+]
+
+# ip6 dscp != cs1
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": "cs1"
+ }
+ }
+]
+
+# ip6 dscp 0x38
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "0x38"
+ }
+ }
+]
+
+# ip6 dscp != 0x20
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": "0x20"
+ }
+ }
+]
+
+# ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "cs0",
+ "cs1",
+ "cs2",
+ "cs3",
+ "cs4",
+ "cs5",
+ "cs6",
+ "cs7",
+ "af11",
+ "af12",
+ "af13",
+ "af21",
+ "af22",
+ "af23",
+ "af31",
+ "af32",
+ "af33",
+ "af41",
+ "af42",
+ "af43",
+ "ef"
+ ]
+ }
+ }
+ }
+]
+
+# ip6 dscp vmap { 0x04 : accept, 0x3f : continue } counter
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "0x04",
+ {
+ "accept": null
+ }
+ ],
+ [
+ "0x3f",
+ {
+ "continue": null
+ }
+ ]
+ ]
+ }
+ }
+ },
+ {
+ "counter": null
+ }
+]
+
+# ip6 flowlabel 22
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "flowlabel",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# ip6 flowlabel != 233
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "flowlabel",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# ip6 flowlabel { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "flowlabel",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# ip6 flowlabel != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "flowlabel",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# ip6 flowlabel vmap { 0 : accept, 2 : continue }
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "flowlabel",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 0,
+ {
+ "accept": null
+ }
+ ],
+ [
+ 2,
+ {
+ "continue": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 length 22
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "length",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# ip6 length != 233
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "length",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# ip6 length 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "length",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# ip6 length != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "length",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# ip6 length { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "length",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# ip6 length != {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "length",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "udp",
+ "ah",
+ "comp",
+ "udplite",
+ "tcp",
+ "dccp",
+ "sctp"
+ ]
+ }
+ }
+ }
+]
+
+# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "esp",
+ "ah",
+ "comp",
+ "udp",
+ "udplite",
+ "tcp",
+ "dccp",
+ "sctp",
+ "icmpv6"
+ ]
+ }
+ }
+ }
+]
+
+# ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "esp",
+ "ah",
+ "comp",
+ "udp",
+ "udplite",
+ "tcp",
+ "dccp",
+ "sctp",
+ "icmpv6"
+ ]
+ }
+ }
+ }
+]
+
+# ip6 nexthdr esp
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "esp"
+ }
+ }
+]
+
+# ip6 nexthdr != esp
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": "esp"
+ }
+ }
+]
+
+# ip6 nexthdr { 33-44}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ { "range": [ 33, 44 ] }
+ ]
+ }
+ }
+ }
+]
+
+# ip6 nexthdr != { 33-44}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ { "range": [ 33, 44 ] }
+ ]
+ }
+ }
+ }
+]
+
+# ip6 nexthdr 33-44
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 44 ]
+ }
+ }
+ }
+]
+
+# ip6 nexthdr != 33-44
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 44 ]
+ }
+ }
+ }
+]
+
+# ip6 hoplimit 1
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "hoplimit",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# ip6 hoplimit != 233
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "hoplimit",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# ip6 hoplimit 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "hoplimit",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# ip6 hoplimit != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "hoplimit",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# ip6 hoplimit {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "hoplimit",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# ip6 hoplimit != {33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "hoplimit",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "::1234:1234:1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234::1234:1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234::1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:0:1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234::1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234:0:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234:1234::1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234:1234:1234:0:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234::
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234:1234:1234:1234::"
+ }
+ }
+]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "::1234:1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234::1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234::1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234::1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234::1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234::1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234:1234::1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234::
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234:1234:1234::"
+ }
+ }
+]
+
+# ip6 saddr ::1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "::1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234::1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234::1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234::1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234::1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234::1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234::1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234::1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234::1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234:1234::
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234:1234::"
+ }
+ }
+]
+
+# ip6 saddr ::1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "::1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234::1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234::1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234::1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234::1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234::1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234::1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234::
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234::"
+ }
+ }
+]
+
+# ip6 saddr ::1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "::1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234::1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234::1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234::1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234::1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234::
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234::"
+ }
+ }
+]
+
+# ip6 saddr ::1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "::1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234::1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234::1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234::
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234::"
+ }
+ }
+]
+
+# ip6 saddr ::1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "::1234"
+ }
+ }
+]
+
+# ip6 saddr 1234::
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234::"
+ }
+ }
+]
+
+# ip6 saddr ::/64
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "prefix": {
+ "addr": "::",
+ "len": 64
+ }
+ }
+ }
+ }
+]
+
+# ip6 saddr ::1 ip6 daddr ::2
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "::1"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "::2"
+ }
+ }
+]
+
+# ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 }
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "::1234:1234:1234:1234:1234:1234:1234",
+ "1234:1234::1234:1234:1234:1234:1234"
+ ]
+ }
+ }
+ }
+]
+
+# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ "::1234:1234:1234:1234:1234:1234:1234", "1234:1234::1234:1234:1234:1234:1234" ]
+ }
+ }
+ }
+]
+
+# iif "lo" ip6 daddr set ::1
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iif" }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "value": "::1"
+ }
+ }
+]
+
+# iif "lo" ip6 hoplimit set 1
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iif" }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "hoplimit",
+ "protocol": "ip6"
+ }
+ },
+ "value": 1
+ }
+ }
+]
+
+# iif "lo" ip6 dscp set af42
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iif" }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "value": "af42"
+ }
+ }
+]
+
+# iif "lo" ip6 dscp set 63
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iif" }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "value": 63
+ }
+ }
+]
+
+# iif "lo" ip6 ecn set ect0
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iif" }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "ecn",
+ "protocol": "ip6"
+ }
+ },
+ "value": "ect0"
+ }
+ }
+]
+
+# iif "lo" ip6 ecn set ce
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iif" }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "ecn",
+ "protocol": "ip6"
+ }
+ },
+ "value": "ce"
+ }
+ }
+]
+
+# iif "lo" ip6 flowlabel set 0
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iif" }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "flowlabel",
+ "protocol": "ip6"
+ }
+ },
+ "value": 0
+ }
+ }
+]
+
+# iif "lo" ip6 flowlabel set 12345
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iif" }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "flowlabel",
+ "protocol": "ip6"
+ }
+ },
+ "value": 12345
+ }
+ }
+]
+
+# iif "lo" ip6 flowlabel set 0xfffff
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iif" }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "flowlabel",
+ "protocol": "ip6"
+ }
+ },
+ "value": "0xfffff"
+ }
+ }
+]
+
diff --git a/tests/py/ip6/ip6.t.json.output b/tests/py/ip6/ip6.t.json.output
new file mode 100644
index 0000000..6c20939
--- /dev/null
+++ b/tests/py/ip6/ip6.t.json.output
@@ -0,0 +1,374 @@
+# ip6 dscp 0x38
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "cs7"
+ }
+ }
+]
+
+# ip6 dscp != 0x20
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": "cs4"
+ }
+ }
+]
+
+# ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "cs0",
+ "cs1",
+ "af11",
+ "af12",
+ "af13",
+ "cs2",
+ "af21",
+ "af22",
+ "af23",
+ "cs3",
+ "af31",
+ "af32",
+ "af33",
+ "cs4",
+ "af41",
+ "af42",
+ "af43",
+ "cs5",
+ "ef",
+ "cs6",
+ "cs7"
+ ]
+ }
+ }
+ }
+]
+
+# ip6 dscp vmap { 0x04 : accept, 0x3f : continue } counter
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 4,
+ {
+ "accept": null
+ }
+ ],
+ [
+ 63,
+ {
+ "continue": null
+ }
+ ]
+ ]
+ }
+ }
+ },
+ {
+ "counter": null
+ }
+]
+
+# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 6,
+ 17,
+ 33,
+ 51,
+ 108,
+ 132,
+ 136
+ ]
+ }
+ }
+ }
+]
+
+# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [ 6, 17, 33, 50, 51, 58, 108, 132, 136 ]
+ }
+ }
+ }
+]
+
+# ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [ 6, 17, 33, 50, 51, 58, 108, 132, 136 ]
+ }
+ }
+ }
+]
+
+# ip6 nexthdr esp
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": 50
+ }
+ }
+]
+
+# ip6 nexthdr != esp
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": 50
+ }
+ }
+]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "0:1234:1234:1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:0:1234:1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:0:1234:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:0:1234:1234:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234:1234:0:1234:1234"
+ }
+ }
+]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234::
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "1234:1234:1234:1234:1234:1234:1234:0"
+ }
+ }
+]
+
+# ip6 saddr ::1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "::18.52.18.52"
+ }
+ }
+]
+
+# ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 }
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "0:1234:1234:1234:1234:1234:1234:1234",
+ "1234:1234:0:1234:1234:1234:1234:1234"
+ ]
+ }
+ }
+ }
+]
+
+# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ "0:1234:1234:1234:1234:1234:1234:1234", "1234:1234:0:1234:1234:1234:1234:1234" ]
+ }
+ }
+ }
+]
+
+# iif "lo" ip6 flowlabel set 0xfffff
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iif" }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "flowlabel",
+ "protocol": "ip6"
+ }
+ },
+ "value": 1048575
+ }
+ }
+]
+
diff --git a/tests/py/ip6/ip6.t.payload.inet b/tests/py/ip6/ip6.t.payload.inet
new file mode 100644
index 0000000..20dfe54
--- /dev/null
+++ b/tests/py/ip6/ip6.t.payload.inet
@@ -0,0 +1,641 @@
+# ip6 dscp cs1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000002 ]
+
+# ip6 dscp != cs1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000002 ]
+
+# ip6 dscp 0x38
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x0000000e ]
+
+# ip6 dscp != 0x20
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000008 ]
+
+# ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000000 : 0 [end] element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000006 : 0 [end] element 00000008 : 0 [end] element 0000000a : 0 [end] element 0000000c : 0 [end] element 0000000e : 0 [end] element 00008002 : 0 [end] element 00000003 : 0 [end] element 00008003 : 0 [end] element 00008004 : 0 [end] element 00000005 : 0 [end] element 00008005 : 0 [end] element 00008006 : 0 [end] element 00000007 : 0 [end] element 00008007 : 0 [end] element 00008008 : 0 [end] element 00000009 : 0 [end] element 00008009 : 0 [end] element 0000800b : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 dscp vmap { 0x04 : accept, 0x3f : continue } counter
+__map%d test-inet b size 2
+__map%d test-inet 0
+ element 00000001 : accept 0 [end] element 0000c00f : continue 0 [end]
+ip6 test-ip6 input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+ [ counter pkts 0 bytes 0 ]
+
+# ip6 flowlabel 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00160000 ]
+
+# ip6 flowlabel != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00e90000 ]
+
+# ip6 flowlabel { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 flowlabel != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# ip6 flowlabel vmap { 0 : accept, 2 : continue }
+__map%d test-inet b size 2
+__map%d test-inet 0
+ element 00000000 : accept 0 [end] element 00020000 : continue 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 length 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+
+# ip6 length != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp neq reg 1 0x0000e900 ]
+
+# ip6 length 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# ip6 length != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ range neq reg 1 0x00002100 0x00002d00 ]
+
+# ip6 length { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 length != {33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# ip6 nexthdr esp
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000032 ]
+
+# ip6 nexthdr != esp
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp neq reg 1 0x00000032 ]
+
+# ip6 nexthdr 33-44
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002c ]
+
+# ip6 nexthdr != 33-44
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002c ]
+
+# ip6 hoplimit 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# ip6 hoplimit != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# ip6 hoplimit 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# ip6 hoplimit != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# ip6 hoplimit {33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 hoplimit != {33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234::
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ]
+
+# ip6 saddr ::/64
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 8b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1 ip6 daddr ::2
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x01000000 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x02000000 ]
+
+# ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 }
+__set%d test-inet 3
+__set%d test-inet 0
+ element 34120000 34123412 34123412 34123412 : 0 [end] element 34123412 34120000 34123412 34123412 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ range neq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
+# iif "lo" ip6 daddr set ::1
+inet test-inet input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ immediate reg 1 0x00000000 0x00000000 0x00000000 0x01000000 ]
+ [ payload write reg 1 => 16b @ network header + 24 csum_type 0 csum_off 0 csum_flags 0x1 ]
+
+# iif "lo" ip6 hoplimit set 1
+inet test-inet input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ immediate reg 1 0x00000001 ]
+ [ payload write reg 1 => 1b @ network header + 7 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 dscp set af42
+inet test-inet input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00003ff0 ) ^ 0x00000009 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 dscp set 63
+inet test-inet input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00003ff0 ) ^ 0x0000c00f ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 ecn set ect0
+inet test-inet input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000000cf ) ^ 0x00000020 ]
+ [ payload write reg 1 => 1b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 ecn set ce
+inet test-inet input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 1b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000000cf ) ^ 0x00000030 ]
+ [ payload write reg 1 => 1b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 flowlabel set 0
+inet test-inet input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 flowlabel set 12345
+inet test-inet input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00393000 ]
+ [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 flowlabel set 0xfffff
+inet test-inet input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00ffff0f ]
+ [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
diff --git a/tests/py/ip6/ip6.t.payload.ip6 b/tests/py/ip6/ip6.t.payload.ip6
new file mode 100644
index 0000000..f8e3ca3
--- /dev/null
+++ b/tests/py/ip6/ip6.t.payload.ip6
@@ -0,0 +1,481 @@
+# ip6 dscp cs1
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000002 ]
+
+# ip6 dscp != cs1
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000002 ]
+
+# ip6 dscp 0x38
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x0000000e ]
+
+# ip6 dscp != 0x20
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000008 ]
+
+# ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000002 : 0 [end] element 00000004 : 0 [end] element 00000006 : 0 [end] element 00000008 : 0 [end] element 0000000a : 0 [end] element 0000000c : 0 [end] element 0000000e : 0 [end] element 00000000 : 0 [end] element 00008002 : 0 [end] element 00000003 : 0 [end] element 00008003 : 0 [end] element 00008004 : 0 [end] element 00000005 : 0 [end] element 00008005 : 0 [end] element 00008006 : 0 [end] element 00000007 : 0 [end] element 00008007 : 0 [end] element 00008008 : 0 [end] element 00000009 : 0 [end] element 00008009 : 0 [end] element 0000800b : 0 [end]
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 dscp vmap { 0x04 : accept, 0x3f : continue } counter
+__map%d test-ip6 b size 2
+__map%d test-ip6 0
+ element 00000001 : accept 0 [end] element 0000c00f : continue 0 [end]
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+ [ counter pkts 0 bytes 0 ]
+
+# ip6 flowlabel 22
+ip6 test-ip6 input
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00160000 ]
+
+# ip6 flowlabel != 233
+ip6 test-ip6 input
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00e90000 ]
+
+# ip6 flowlabel { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 flowlabel != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00210000 : 0 [end] element 00370000 : 0 [end] element 00430000 : 0 [end] element 00580000 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# ip6 flowlabel vmap { 0 : accept, 2 : continue }
+__map%d test-ip6 b size 2
+__map%d test-ip6 0
+ element 00000000 : accept 0 [end] element 00020000 : continue 0 [end]
+ip6 test-ip6 input
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00ffff0f ) ^ 0x00000000 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 length 22
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+
+# ip6 length != 233
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp neq reg 1 0x0000e900 ]
+
+# ip6 length 33-45
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# ip6 length != 33-45
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ range neq reg 1 0x00002100 0x00002d00 ]
+
+# ip6 length { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 length != {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# ip6 nexthdr esp
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000032 ]
+
+# ip6 nexthdr != esp
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp neq reg 1 0x00000032 ]
+
+# ip6 nexthdr 33-44
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002c ]
+
+# ip6 nexthdr != 33-44
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002c ]
+
+# ip6 hoplimit 1
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# ip6 hoplimit != 233
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# ip6 hoplimit 33-45
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# ip6 hoplimit != 33-45
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# ip6 hoplimit {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# ip6 hoplimit != {33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 7 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:0:1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:0:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:0:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00003412 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x34123412 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x34123412 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x34120000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234:1234::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00003412 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x34123412 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234:1234::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x34123412 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x34120000 0x34123412 ]
+
+# ip6 saddr 1234::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234:1234::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00003412 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34123412 ]
+
+# ip6 saddr 1234::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234:1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x34123412 0x00000000 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x34120000 ]
+
+# ip6 saddr 1234::
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00003412 0x00000000 0x00000000 0x00000000 ]
+
+# ip6 saddr ::/64
+ip6 test-ip6 input
+ [ payload load 8b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 ]
+
+# ip6 saddr ::1 ip6 daddr ::2
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x01000000 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x02000000 ]
+
+# ip6 daddr != {::1234:1234:1234:1234:1234:1234:1234, 1234:1234::1234:1234:1234:1234:1234 }
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 34120000 34123412 34123412 34123412 : 0 [end] element 34123412 34120000 34123412 34123412 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# ip6 daddr != ::1234:1234:1234:1234:1234:1234:1234-1234:1234::1234:1234:1234:1234:1234
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ range neq reg 1 0x34120000 0x34123412 0x34123412 0x34123412 0x34123412 0x34120000 0x34123412 0x34123412 ]
+
+# iif "lo" ip6 daddr set ::1
+ip6 test-ip6 input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ immediate reg 1 0x00000000 0x00000000 0x00000000 0x01000000 ]
+ [ payload write reg 1 => 16b @ network header + 24 csum_type 0 csum_off 0 csum_flags 0x1 ]
+
+# iif "lo" ip6 hoplimit set 1
+ip6 test-ip6 input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ immediate reg 1 0x00000001 ]
+ [ payload write reg 1 => 1b @ network header + 7 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 dscp set af42
+ip6 test-ip6 input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00003ff0 ) ^ 0x00000009 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 dscp set 63
+ip6 test-ip6 input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00003ff0 ) ^ 0x0000c00f ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 ecn set ect0
+ip6 test-ip6 input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 1b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000000cf ) ^ 0x00000020 ]
+ [ payload write reg 1 => 1b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 ecn set ce
+ip6 test-ip6 input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 1b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000000cf ) ^ 0x00000030 ]
+ [ payload write reg 1 => 1b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 flowlabel set 0
+ip6 test-ip6 input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 flowlabel set 12345
+ip6 test-ip6 input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00393000 ]
+ [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
+# iif "lo" ip6 flowlabel set 0xfffff
+ip6 test-ip6 input
+ [ meta load iif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 3b @ network header + 1 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000000f0 ) ^ 0x00ffff0f ]
+ [ payload write reg 1 => 3b @ network header + 1 csum_type 0 csum_off 0 csum_flags 0x0 ]
+
diff --git a/tests/py/ip6/map.t b/tests/py/ip6/map.t
new file mode 100644
index 0000000..4d06e87
--- /dev/null
+++ b/tests/py/ip6/map.t
@@ -0,0 +1,5 @@
+:input;type filter hook input priority 0
+*ip6;test-ip6;input
+
+mark set ip6 saddr and ::ffff map { ::2 : 0x0000002a, ::ffff : 0x00000017};ok;meta mark set ip6 saddr & ::ffff map { ::2 : 0x0000002a, ::ffff : 0x00000017}
+
diff --git a/tests/py/ip6/map.t.json b/tests/py/ip6/map.t.json
new file mode 100644
index 0000000..78a01c6
--- /dev/null
+++ b/tests/py/ip6/map.t.json
@@ -0,0 +1,38 @@
+# mark set ip6 saddr and ::ffff map { ::2 : 0x0000002a, ::ffff : 0x00000017}
+[
+ {
+ "mangle": {
+ "key": {
+ "meta": { "key": "mark" }
+ },
+ "value": {
+ "map": {
+ "key": {
+ "&": [
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "::ffff"
+ ]
+ },
+ "data": {
+ "set": [
+ [
+ "::2",
+ "0x0000002a"
+ ],
+ [
+ "::ffff",
+ "0x00000017"
+ ]
+ ]
+ }
+ }
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/map.t.json.output b/tests/py/ip6/map.t.json.output
new file mode 100644
index 0000000..9280d55
--- /dev/null
+++ b/tests/py/ip6/map.t.json.output
@@ -0,0 +1,38 @@
+# mark set ip6 saddr and ::ffff map { ::2 : 0x0000002a, ::ffff : 0x00000017}
+[
+ {
+ "mangle": {
+ "key": {
+ "meta": { "key": "mark" }
+ },
+ "value": {
+ "map": {
+ "key": {
+ "&": [
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "::ffff"
+ ]
+ },
+ "data": {
+ "set": [
+ [
+ "::2",
+ 42
+ ],
+ [
+ "::ffff",
+ 23
+ ]
+ ]
+ }
+ }
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/map.t.payload b/tests/py/ip6/map.t.payload
new file mode 100644
index 0000000..8e900c1
--- /dev/null
+++ b/tests/py/ip6/map.t.payload
@@ -0,0 +1,10 @@
+# mark set ip6 saddr and ::ffff map { ::2 : 0x0000002a, ::ffff : 0x00000017}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00000000 00000000 00000000 02000000 : 0000002a 0 [end] element 00000000 00000000 00000000 ffff0000 : 00000017 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000000 0x00000000 0x00000000 0xffff0000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
+ [ lookup reg 1 set __map%d dreg 1 ]
+ [ meta set mark with reg 1 ]
+
diff --git a/tests/py/ip6/masquerade.t b/tests/py/ip6/masquerade.t
new file mode 100644
index 0000000..4eb0467
--- /dev/null
+++ b/tests/py/ip6/masquerade.t
@@ -0,0 +1,30 @@
+:postrouting;type nat hook postrouting priority 0
+
+*ip6;test-ip6;postrouting
+
+# nf_nat flags combination
+udp dport 53 masquerade;ok
+udp dport 53 masquerade random;ok
+udp dport 53 masquerade random,persistent;ok
+udp dport 53 masquerade random,persistent,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent
+udp dport 53 masquerade random,fully-random;ok
+udp dport 53 masquerade random,fully-random,persistent;ok
+udp dport 53 masquerade persistent;ok
+udp dport 53 masquerade persistent,random;ok;udp dport 53 masquerade random,persistent
+udp dport 53 masquerade persistent,random,fully-random;ok;udp dport 53 masquerade random,fully-random,persistent
+udp dport 53 masquerade persistent,fully-random;ok;udp dport 53 masquerade fully-random,persistent
+udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerade random,fully-random,persistent
+
+# using ports
+meta l4proto 6 masquerade to :1024;ok
+meta l4proto 6 masquerade to :1024-2048;ok
+
+# masquerade is a terminal statement
+tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail
+tcp sport 22 masquerade accept;fail
+ip6 saddr ::1 masquerade drop;fail
+
+# masquerade with sets
+tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade;ok
+ip6 daddr fe00::1-fe00::200 udp dport 53 counter masquerade;ok
+iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade;ok
diff --git a/tests/py/ip6/masquerade.t.json b/tests/py/ip6/masquerade.t.json
new file mode 100644
index 0000000..824b44f
--- /dev/null
+++ b/tests/py/ip6/masquerade.t.json
@@ -0,0 +1,423 @@
+# udp dport 53 masquerade
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": null
+ }
+]
+
+# udp dport 53 masquerade random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": "random"
+ }
+ }
+]
+
+# udp dport 53 masquerade random,persistent
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 masquerade random,persistent,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "random",
+ "fully-random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 masquerade random,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "random",
+ "fully-random"
+ ]
+ }
+ }
+]
+
+# udp dport 53 masquerade random,fully-random,persistent
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "random",
+ "fully-random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 masquerade persistent
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": "persistent"
+ }
+ }
+]
+
+# udp dport 53 masquerade persistent,random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "persistent",
+ "random"
+ ]
+ }
+ }
+]
+
+# udp dport 53 masquerade persistent,random,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "persistent",
+ "random",
+ "fully-random"
+ ]
+ }
+ }
+]
+
+# udp dport 53 masquerade persistent,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "persistent",
+ "fully-random"
+ ]
+ }
+ }
+]
+
+# udp dport 53 masquerade persistent,fully-random,random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "persistent",
+ "fully-random",
+ "random"
+ ]
+ }
+ }
+]
+
+# meta l4proto 6 masquerade to :1024
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "l4proto" }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "masquerade": {
+ "port": 1024
+ }
+ }
+]
+
+# meta l4proto 6 masquerade to :1024-2048
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "l4proto" }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "masquerade": {
+ "port": {
+ "range": [ 1024, 2048 ]
+ }
+ }
+ }
+]
+
+# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 1,
+ 2,
+ 3,
+ 4,
+ 5,
+ 6,
+ 7,
+ 8,
+ 101,
+ 202,
+ 303,
+ 1001,
+ 2002,
+ 3003
+ ]
+ }
+ }
+ },
+ {
+ "masquerade": null
+ }
+]
+
+# ip6 daddr fe00::1-fe00::200 udp dport 53 counter masquerade
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ "fe00::1", "fe00::200" ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "counter": null
+ },
+ {
+ "masquerade": null
+ }
+]
+
+# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iifname" }
+ },
+ "op": "==",
+ "right": "eth0"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "ct": {
+ "key": "state"
+ }
+ },
+ "op": "in",
+ "right": [
+ "established",
+ "new"
+ ]
+ }
+ },
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 22,
+ {
+ "drop": null
+ }
+ ],
+ [
+ 222,
+ {
+ "drop": null
+ }
+ ]
+ ]
+ }
+ }
+ },
+ {
+ "masquerade": null
+ }
+]
+
diff --git a/tests/py/ip6/masquerade.t.json.output b/tests/py/ip6/masquerade.t.json.output
new file mode 100644
index 0000000..31d0cd9
--- /dev/null
+++ b/tests/py/ip6/masquerade.t.json.output
@@ -0,0 +1,98 @@
+# udp dport 53 masquerade persistent,random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 masquerade persistent,random,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "random",
+ "fully-random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 masquerade persistent,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "fully-random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 masquerade persistent,fully-random,random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "masquerade": {
+ "flags": [
+ "random",
+ "fully-random",
+ "persistent"
+ ]
+ }
+ }
+]
+
diff --git a/tests/py/ip6/masquerade.t.payload.ip6 b/tests/py/ip6/masquerade.t.payload.ip6
new file mode 100644
index 0000000..43ae2ae
--- /dev/null
+++ b/tests/py/ip6/masquerade.t.payload.ip6
@@ -0,0 +1,142 @@
+# udp dport 53 masquerade
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq ]
+
+# udp dport 53 masquerade random
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x4 ]
+
+# udp dport 53 masquerade random,persistent
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0xc ]
+
+# udp dport 53 masquerade random,persistent,fully-random
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x1c ]
+
+# udp dport 53 masquerade random,fully-random
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x14 ]
+
+# udp dport 53 masquerade random,fully-random,persistent
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x1c ]
+
+# udp dport 53 masquerade persistent
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x8 ]
+
+# udp dport 53 masquerade persistent,random
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0xc ]
+
+# udp dport 53 masquerade persistent,random,fully-random
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x1c ]
+
+# udp dport 53 masquerade persistent,fully-random
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x18 ]
+
+# udp dport 53 masquerade persistent,fully-random,random
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ masq flags 0x1c ]
+
+# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end]
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ masq ]
+
+# ip6 daddr fe00::1-fe00::200 udp dport 53 counter masquerade
+ip6 test-ip6 postrouting
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ]
+ [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ counter pkts 0 bytes 0 ]
+ [ masq ]
+
+# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00001600 : drop 0 [end] element 0000de00 : drop 0 [end]
+ip6 test-ip6 postrouting
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
+ [ ct load state => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000000a ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+ [ masq ]
+
+# meta l4proto 6 masquerade to :1024
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x00000004 ]
+ [ masq proto_min reg 1 flags 0x2 ]
+
+# meta l4proto 6 masquerade to :1024-2048
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x00000004 ]
+ [ immediate reg 2 0x00000008 ]
+ [ masq proto_min reg 1 proto_max reg 2 flags 0x2 ]
+
diff --git a/tests/py/ip6/meta.t b/tests/py/ip6/meta.t
new file mode 100644
index 0000000..c177b08
--- /dev/null
+++ b/tests/py/ip6/meta.t
@@ -0,0 +1,19 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+
+icmpv6 type nd-router-advert;ok
+meta l4proto ipv6-icmp icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-advert
+
+meta l4proto icmp icmp type echo-request;ok;icmp type echo-request
+meta l4proto 1 icmp type echo-request;ok;icmp type echo-request
+icmp type echo-request;ok
+
+meta protocol ip udp dport 67;ok
+meta protocol ip6 udp dport 67;ok;udp dport 67
+
+meta sdif "lo" accept;ok
+meta sdifname != "vrf1" accept;ok
+
+meta mark set ip6 dscp << 2 | 0x10;ok
+meta mark set ip6 dscp << 26 | 0x10;ok
diff --git a/tests/py/ip6/meta.t.json b/tests/py/ip6/meta.t.json
new file mode 100644
index 0000000..1a2394d
--- /dev/null
+++ b/tests/py/ip6/meta.t.json
@@ -0,0 +1,313 @@
+# icmpv6 type nd-router-advert
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "nd-router-advert"
+ }
+ }
+]
+
+# meta l4proto ipv6-icmp icmpv6 type nd-router-advert
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "l4proto" }
+ },
+ "op": "==",
+ "right": "ipv6-icmp"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "nd-router-advert"
+ }
+ }
+]
+
+# meta l4proto icmp icmp type echo-request
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "l4proto" }
+ },
+ "op": "==",
+ "right": "icmp"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmp"
+ }
+ },
+ "op": "==",
+ "right": "echo-request"
+ }
+ }
+]
+
+# meta l4proto 1 icmp type echo-request
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "l4proto" }
+ },
+ "op": "==",
+ "right": 1
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmp"
+ }
+ },
+ "op": "==",
+ "right": "echo-request"
+ }
+ }
+]
+
+# icmp type echo-request
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmp"
+ }
+ },
+ "op": "==",
+ "right": "echo-request"
+ }
+ }
+]
+
+# meta sdif "lo" accept
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "sdif"
+ }
+ },
+ "op": "==",
+ "right": "lo"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# meta sdifname != "vrf1" accept
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "sdifname"
+ }
+ },
+ "op": "!=",
+ "right": "vrf1"
+ }
+ },
+ {
+ "accept": null
+ }
+]
+
+# meta protocol ip udp dport 67
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "protocol"
+ }
+ },
+ "op": "==",
+ "right": "ip"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 67
+ }
+ }
+]
+
+# meta protocol ip6 udp dport 67
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "protocol"
+ }
+ },
+ "op": "==",
+ "right": "ip6"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 67
+ }
+ }
+]
+
+# meta mark set ip6 dscp lshift 2 or 0x10
+[
+ {
+ "mangle": {
+ "key": {
+ "meta": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "<<": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 2
+ ]
+ },
+ 16
+ ]
+ }
+ }
+ }
+]
+
+# meta mark set ip6 dscp lshift 26 or 0x10
+[
+ {
+ "mangle": {
+ "key": {
+ "meta": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "<<": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 26
+ ]
+ },
+ 16
+ ]
+ }
+ }
+ }
+]
+
+# meta mark set ip6 dscp << 2 | 0x10
+[
+ {
+ "mangle": {
+ "key": {
+ "meta": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "<<": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 2
+ ]
+ },
+ 16
+ ]
+ }
+ }
+ }
+]
+
+# meta mark set ip6 dscp << 26 | 0x10
+[
+ {
+ "mangle": {
+ "key": {
+ "meta": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "<<": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip6"
+ }
+ },
+ 26
+ ]
+ },
+ 16
+ ]
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/meta.t.json.output b/tests/py/ip6/meta.t.json.output
new file mode 100644
index 0000000..61adf18
--- /dev/null
+++ b/tests/py/ip6/meta.t.json.output
@@ -0,0 +1,64 @@
+# meta l4proto ipv6-icmp icmpv6 type nd-router-advert
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmpv6"
+ }
+ },
+ "op": "==",
+ "right": "nd-router-advert"
+ }
+ }
+]
+
+# meta l4proto icmp icmp type echo-request
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmp"
+ }
+ },
+ "op": "==",
+ "right": "echo-request"
+ }
+ }
+]
+
+# meta l4proto 1 icmp type echo-request
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "type",
+ "protocol": "icmp"
+ }
+ },
+ "op": "==",
+ "right": "echo-request"
+ }
+ }
+]
+
+# meta protocol ip6 udp dport 67
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 67
+ }
+ }
+]
+
diff --git a/tests/py/ip6/meta.t.payload b/tests/py/ip6/meta.t.payload
new file mode 100644
index 0000000..6a37f1d
--- /dev/null
+++ b/tests/py/ip6/meta.t.payload
@@ -0,0 +1,82 @@
+# icmpv6 type nd-router-advert
+ip test-ip4 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000086 ]
+
+# meta l4proto ipv6-icmp icmpv6 type nd-router-advert
+ip test-ip4 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x0000003a ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000086 ]
+
+# meta l4proto icmp icmp type echo-request
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+
+# meta l4proto 1 icmp type echo-request
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+
+# icmp type echo-request
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ payload load 1b @ transport header + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+
+# meta sdif "lo" accept
+ip6 test-ip6 input
+ [ meta load sdif => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+ [ immediate reg 0 accept ]
+
+# meta sdifname != "vrf1" accept
+ip6 test-ip6 input
+ [ meta load sdifname => reg 1 ]
+ [ cmp neq reg 1 0x31667276 0x00000000 0x00000000 0x00000000 ]
+ [ immediate reg 0 accept ]
+
+# meta protocol ip udp dport 67
+ip6 test-ip6 input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00004300 ]
+
+# meta protocol ip6 udp dport 67
+ip6 test-ip6 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00004300 ]
+
+# meta mark set ip6 dscp << 2 | 0x10
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
+ [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ]
+ [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ]
+ [ meta set mark with reg 1 ]
+
+# meta mark set ip6 dscp << 26 | 0x10
+ip6 test-ip6 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
+ [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ]
+ [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ]
+ [ meta set mark with reg 1 ]
diff --git a/tests/py/ip6/mh.t b/tests/py/ip6/mh.t
new file mode 100644
index 0000000..46f4ba0
--- /dev/null
+++ b/tests/py/ip6/mh.t
@@ -0,0 +1,42 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+*inet;test-inet;input
+
+mh nexthdr 1;ok
+mh nexthdr != 1;ok
+mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp };ok;mh nexthdr { 58, 17, 108, 6, 51, 136, 50, 132, 33}
+mh nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp };ok;mh nexthdr != { 58, 17, 108, 6, 51, 136, 50, 132, 33}
+mh nexthdr icmp;ok;mh nexthdr 1
+mh nexthdr != icmp;ok;mh nexthdr != 1
+mh nexthdr 22;ok
+mh nexthdr != 233;ok
+mh nexthdr 33-45;ok
+mh nexthdr != 33-45;ok
+mh nexthdr { 33, 55, 67, 88 };ok
+mh nexthdr != { 33, 55, 67, 88 };ok
+
+mh hdrlength 22;ok
+mh hdrlength != 233;ok
+mh hdrlength 33-45;ok
+mh hdrlength != 33-45;ok
+mh hdrlength { 33, 55, 67, 88 };ok
+mh hdrlength != { 33, 55, 67, 88 };ok
+
+mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message};ok
+mh type home-agent-switch-message;ok
+mh type != home-agent-switch-message;ok
+
+mh reserved 22;ok
+mh reserved != 233;ok
+mh reserved 33-45;ok
+mh reserved != 33-45;ok
+mh reserved { 33, 55, 67, 88};ok
+mh reserved != { 33, 55, 67, 88};ok
+
+mh checksum 22;ok
+mh checksum != 233;ok
+mh checksum 33-45;ok
+mh checksum != 33-45;ok
+mh checksum { 33, 55, 67, 88};ok
+mh checksum != { 33, 55, 67, 88};ok
diff --git a/tests/py/ip6/mh.t.json b/tests/py/ip6/mh.t.json
new file mode 100644
index 0000000..3159b14
--- /dev/null
+++ b/tests/py/ip6/mh.t.json
@@ -0,0 +1,640 @@
+# mh nexthdr 1
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# mh nexthdr != 1
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": 1
+ }
+ }
+]
+
+# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "udplite",
+ "ipcomp",
+ "udp",
+ "ah",
+ "sctp",
+ "esp",
+ "dccp",
+ "tcp",
+ "ipv6-icmp"
+ ]
+ }
+ }
+ }
+]
+
+# mh nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "udplite",
+ "ipcomp",
+ "udp",
+ "ah",
+ "sctp",
+ "esp",
+ "dccp",
+ "tcp",
+ "ipv6-icmp"
+ ]
+ }
+ }
+ }
+]
+
+# mh nexthdr icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": "icmp"
+ }
+ }
+]
+
+# mh nexthdr != icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": "icmp"
+ }
+ }
+]
+
+# mh nexthdr 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# mh nexthdr != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# mh nexthdr 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# mh nexthdr != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# mh nexthdr { 33, 55, 67, 88 }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# mh nexthdr != { 33, 55, 67, 88 }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# mh hdrlength 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# mh hdrlength != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# mh hdrlength 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# mh hdrlength != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# mh hdrlength { 33, 55, 67, 88 }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# mh hdrlength != { 33, 55, 67, 88 }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "type",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "binding-refresh-request",
+ "home-test-init",
+ "careof-test-init",
+ "home-test",
+ "careof-test",
+ "binding-update",
+ "binding-acknowledgement",
+ "binding-error",
+ "fast-binding-update",
+ "fast-binding-acknowledgement",
+ "fast-binding-advertisement",
+ "experimental-mobility-header",
+ "home-agent-switch-message"
+ ]
+ }
+ }
+ }
+]
+
+# mh type home-agent-switch-message
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "type",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": "home-agent-switch-message"
+ }
+ }
+]
+
+# mh type != home-agent-switch-message
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "type",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": "home-agent-switch-message"
+ }
+ }
+]
+
+# mh reserved 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# mh reserved != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# mh reserved 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# mh reserved != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# mh reserved { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# mh reserved != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "reserved",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# mh checksum 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "checksum",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# mh checksum != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "checksum",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# mh checksum 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "checksum",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# mh checksum != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "checksum",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# mh checksum { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "checksum",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# mh checksum != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "checksum",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/mh.t.json.output b/tests/py/ip6/mh.t.json.output
new file mode 100644
index 0000000..a851804
--- /dev/null
+++ b/tests/py/ip6/mh.t.json.output
@@ -0,0 +1,88 @@
+# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 6,
+ 17,
+ 33,
+ 50,
+ 51,
+ 58,
+ 108,
+ 132,
+ 136
+ ]
+ }
+ }
+ }
+]
+
+# mh nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 6,
+ 17,
+ 33,
+ 50,
+ 51,
+ 58,
+ 108,
+ 132,
+ 136
+ ]
+ }
+ }
+ }
+]
+
+# mh nexthdr icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# mh nexthdr != icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "mh"
+ }
+ },
+ "op": "!=",
+ "right": 1
+ }
+ }
+]
+
diff --git a/tests/py/ip6/mh.t.payload.inet b/tests/py/ip6/mh.t.payload.inet
new file mode 100644
index 0000000..54eaa70
--- /dev/null
+++ b/tests/py/ip6/mh.t.payload.inet
@@ -0,0 +1,267 @@
+# mh nexthdr 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# mh nexthdr != 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp }
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp }
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# mh nexthdr icmp
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# mh nexthdr != icmp
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# mh nexthdr 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh nexthdr != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh nexthdr 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh nexthdr != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# mh nexthdr { 33, 55, 67, 88 }
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh nexthdr != { 33, 55, 67, 88 }
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# mh hdrlength 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh hdrlength != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh hdrlength 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh hdrlength != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# mh hdrlength { 33, 55, 67, 88 }
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh hdrlength != { 33, 55, 67, 88 }
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 2 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh type home-agent-switch-message
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000000c ]
+
+# mh type != home-agent-switch-message
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 2 => reg 1 ]
+ [ cmp neq reg 1 0x0000000c ]
+
+# mh reserved 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh reserved != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh reserved 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh reserved != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# mh reserved { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh reserved != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# mh checksum 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+
+# mh checksum != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ cmp neq reg 1 0x0000e900 ]
+
+# mh checksum 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# mh checksum != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ range neq reg 1 0x00002100 0x00002d00 ]
+
+# mh checksum { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh checksum != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
diff --git a/tests/py/ip6/mh.t.payload.ip6 b/tests/py/ip6/mh.t.payload.ip6
new file mode 100644
index 0000000..73bd422
--- /dev/null
+++ b/tests/py/ip6/mh.t.payload.ip6
@@ -0,0 +1,201 @@
+# mh nexthdr 1
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# mh nexthdr != 1
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# mh nexthdr { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp }
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh nexthdr != { udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp }
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# mh nexthdr icmp
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# mh nexthdr != icmp
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# mh nexthdr 22
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh nexthdr != 233
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh nexthdr 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh nexthdr != 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# mh nexthdr { 33, 55, 67, 88 }
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh nexthdr != { 33, 55, 67, 88 }
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# mh hdrlength 22
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh hdrlength != 233
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh hdrlength 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh hdrlength != 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# mh hdrlength { 33, 55, 67, 88 }
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh hdrlength != { 33, 55, 67, 88 }
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# mh type {binding-refresh-request, home-test-init, careof-test-init, home-test, careof-test, binding-update, binding-acknowledgement, binding-error, fast-binding-update, fast-binding-acknowledgement, fast-binding-advertisement, experimental-mobility-header, home-agent-switch-message}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end] element 0000000a : 0 [end] element 0000000b : 0 [end] element 0000000c : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 2 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh type home-agent-switch-message
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000000c ]
+
+# mh type != home-agent-switch-message
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 2 => reg 1 ]
+ [ cmp neq reg 1 0x0000000c ]
+
+# mh reserved 22
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# mh reserved != 233
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# mh reserved 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# mh reserved != 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# mh reserved { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh reserved != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 135 + 3 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# mh checksum 22
+ip6 test-ip6 input
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00001600 ]
+
+# mh checksum != 233
+ip6 test-ip6 input
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ cmp neq reg 1 0x0000e900 ]
+
+# mh checksum 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ cmp gte reg 1 0x00002100 ]
+ [ cmp lte reg 1 0x00002d00 ]
+
+# mh checksum != 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ range neq reg 1 0x00002100 0x00002d00 ]
+
+# mh checksum { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# mh checksum != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00002100 : 0 [end] element 00003700 : 0 [end] element 00004300 : 0 [end] element 00005800 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 2b @ 135 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
diff --git a/tests/py/ip6/redirect.t b/tests/py/ip6/redirect.t
new file mode 100644
index 0000000..70ef7f9
--- /dev/null
+++ b/tests/py/ip6/redirect.t
@@ -0,0 +1,49 @@
+:output;type nat hook output priority 0
+
+*ip6;test-ip6;output
+
+# with no arguments
+redirect;ok
+udp dport 954 redirect;ok
+ip6 saddr fe00::cafe counter redirect;ok
+
+# nf_nat flags combination
+udp dport 53 redirect random;ok
+udp dport 53 redirect random,persistent;ok
+udp dport 53 redirect random,persistent,fully-random;ok;udp dport 53 redirect random,fully-random,persistent
+udp dport 53 redirect random,fully-random;ok
+udp dport 53 redirect random,fully-random,persistent;ok
+udp dport 53 redirect persistent;ok
+udp dport 53 redirect persistent,random;ok;udp dport 53 redirect random,persistent
+udp dport 53 redirect persistent,random,fully-random;ok;udp dport 53 redirect random,fully-random,persistent
+udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-random,persistent
+udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent
+
+# port specification
+udp dport 1234 redirect to :1234;ok
+ip6 daddr fe00::cafe udp dport 9998 redirect to :6515;ok
+ip6 nexthdr tcp redirect to :100-200;ok;ip6 nexthdr 6 redirect to :100-200
+tcp dport 39128 redirect to :993;ok
+redirect to :1234;fail
+redirect to :12341111;fail
+
+# both port and nf_nat flags
+tcp dport 9128 redirect to :993 random;ok
+tcp dport 9128 redirect to :993 fully-random,persistent;ok
+
+# nf_nat flags are the last argument
+tcp dport 9128 redirect persistent to 123;fail
+tcp dport 9128 redirect random,persistent to 123;fail
+
+# redirect is a terminal statement
+tcp dport 22 redirect counter packets 0 bytes 0 accept;fail
+tcp sport 22 redirect accept;fail
+ip6 saddr ::1 redirect drop;fail
+
+# redirect with sets
+tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok
+ip6 daddr fe00::1-fe00::200 udp dport 53 counter redirect;ok
+iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect;ok
+
+# redirect with maps
+redirect to :tcp dport map { 22 : 8000, 80 : 8080};ok
diff --git a/tests/py/ip6/redirect.t.json b/tests/py/ip6/redirect.t.json
new file mode 100644
index 0000000..c18223f
--- /dev/null
+++ b/tests/py/ip6/redirect.t.json
@@ -0,0 +1,589 @@
+# redirect
+[
+ {
+ "redirect": null
+ }
+]
+
+# udp dport 954 redirect
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 954
+ }
+ },
+ {
+ "redirect": null
+ }
+]
+
+# ip6 saddr fe00::cafe counter redirect
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "fe00::cafe"
+ }
+ },
+ {
+ "counter": null
+ },
+ {
+ "redirect": null
+ }
+]
+
+# udp dport 53 redirect random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": "random"
+ }
+ }
+]
+
+# udp dport 53 redirect random,persistent
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect random,persistent,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "random",
+ "persistent",
+ "fully-random"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect random,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "random",
+ "fully-random"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect random,fully-random,persistent
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "random",
+ "fully-random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect persistent
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": "persistent"
+ }
+ }
+]
+
+# udp dport 53 redirect persistent,random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "persistent",
+ "random"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect persistent,random,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "persistent",
+ "random",
+ "fully-random"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect persistent,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "persistent",
+ "fully-random"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect persistent,fully-random,random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "persistent",
+ "fully-random",
+ "random"
+ ]
+ }
+ }
+]
+
+# udp dport 1234 redirect to :1234
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 1234
+ }
+ },
+ {
+ "redirect": {
+ "port": 1234
+ }
+ }
+]
+
+# ip6 daddr fe00::cafe udp dport 9998 redirect to :6515
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "fe00::cafe"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 9998
+ }
+ },
+ {
+ "redirect": {
+ "port": 6515
+ }
+ }
+]
+
+# ip6 nexthdr tcp redirect to :100-200
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "tcp"
+ }
+ },
+ {
+ "redirect": {
+ "port": {
+ "range": [ 100, 200 ]
+ }
+ }
+ }
+]
+
+# tcp dport 39128 redirect to :993
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": 39128
+ }
+ },
+ {
+ "redirect": {
+ "port": 993
+ }
+ }
+]
+
+# tcp dport 9128 redirect to :993 random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": 9128
+ }
+ },
+ {
+ "redirect": {
+ "flags": "random",
+ "port": 993
+ }
+ }
+]
+
+# tcp dport 9128 redirect to :993 fully-random,persistent
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": 9128
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "fully-random",
+ "persistent"
+ ],
+ "port": 993
+ }
+ }
+]
+
+# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 1,
+ 2,
+ 3,
+ 4,
+ 5,
+ 6,
+ 7,
+ 8,
+ 101,
+ 202,
+ 303,
+ 1001,
+ 2002,
+ 3003
+ ]
+ }
+ }
+ },
+ {
+ "redirect": null
+ }
+]
+
+# ip6 daddr fe00::1-fe00::200 udp dport 53 counter redirect
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ "fe00::1", "fe00::200" ]
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "counter": null
+ },
+ {
+ "redirect": null
+ }
+]
+
+# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "iifname" }
+ },
+ "op": "==",
+ "right": "eth0"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "ct": {
+ "key": "state"
+ }
+ },
+ "op": "in",
+ "right": [
+ "established",
+ "new"
+ ]
+ }
+ },
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 22,
+ {
+ "drop": null
+ }
+ ],
+ [
+ 222,
+ {
+ "drop": null
+ }
+ ]
+ ]
+ }
+ }
+ },
+ {
+ "redirect": null
+ }
+]
+
+# redirect to :tcp dport map { 22 : 8000, 80 : 8080}
+[
+ {
+ "redirect": {
+ "port": {
+ "map": {
+ "key": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ 22,
+ 8000
+ ],
+ [
+ 80,
+ 8080
+ ]
+ ]
+ }
+ }
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/redirect.t.json.output b/tests/py/ip6/redirect.t.json.output
new file mode 100644
index 0000000..0174cc7
--- /dev/null
+++ b/tests/py/ip6/redirect.t.json.output
@@ -0,0 +1,146 @@
+# udp dport 53 redirect random,persistent,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "random",
+ "fully-random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect persistent,random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect persistent,random,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "random",
+ "fully-random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect persistent,fully-random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "fully-random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# udp dport 53 redirect persistent,fully-random,random
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "udp"
+ }
+ },
+ "op": "==",
+ "right": 53
+ }
+ },
+ {
+ "redirect": {
+ "flags": [
+ "random",
+ "fully-random",
+ "persistent"
+ ]
+ }
+ }
+]
+
+# ip6 nexthdr tcp redirect to :100-200
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "redirect": {
+ "port": {
+ "range": [ 100, 200 ]
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/redirect.t.payload.ip6 b/tests/py/ip6/redirect.t.payload.ip6
new file mode 100644
index 0000000..cfc2901
--- /dev/null
+++ b/tests/py/ip6/redirect.t.payload.ip6
@@ -0,0 +1,204 @@
+# redirect
+ip6 test-ip6 output
+ [ redir ]
+
+# udp dport 954 redirect
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000ba03 ]
+ [ redir ]
+
+# ip6 saddr fe00::cafe counter redirect
+ip6 test-ip6 output
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ]
+ [ counter pkts 0 bytes 0 ]
+ [ redir ]
+
+# udp dport 53 redirect random
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x4 ]
+
+# udp dport 53 redirect random,persistent
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0xc ]
+
+# udp dport 53 redirect random,persistent,fully-random
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x1c ]
+
+# udp dport 53 redirect random,fully-random
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x14 ]
+
+# udp dport 53 redirect random,fully-random,persistent
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x1c ]
+
+# udp dport 53 redirect persistent
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x8 ]
+
+# udp dport 53 redirect persistent,random
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0xc ]
+
+# udp dport 53 redirect persistent,random,fully-random
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x1c ]
+
+# udp dport 53 redirect persistent,fully-random
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x18 ]
+
+# udp dport 53 redirect persistent,fully-random,random
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ redir flags 0x1c ]
+
+# udp dport 1234 redirect to :1234
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000d204 ]
+ [ immediate reg 1 0x0000d204 ]
+ [ redir proto_min reg 1 flags 0x2 ]
+
+# ip6 daddr fe00::cafe udp dport 9998 redirect to :6515
+ip6 test-ip6 output
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00000e27 ]
+ [ immediate reg 1 0x00007319 ]
+ [ redir proto_min reg 1 flags 0x2 ]
+
+# ip6 nexthdr tcp redirect to :100-200
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x00006400 ]
+ [ immediate reg 2 0x0000c800 ]
+ [ redir proto_min reg 1 proto_max reg 2 flags 0x2 ]
+
+# tcp dport 39128 redirect to :993
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000d898 ]
+ [ immediate reg 1 0x0000e103 ]
+ [ redir proto_min reg 1 flags 0x2 ]
+
+# tcp dport 9128 redirect to :993 random
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000a823 ]
+ [ immediate reg 1 0x0000e103 ]
+ [ redir proto_min reg 1 flags 0x6 ]
+
+# tcp dport 9128 redirect to :993 fully-random,persistent
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000a823 ]
+ [ immediate reg 1 0x0000e103 ]
+ [ redir proto_min reg 1 flags 0x1a ]
+
+# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end]
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ redir ]
+
+# ip6 daddr fe00::1-fe00::200 udp dport 53 counter redirect
+ip6 test-ip6 output
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ]
+ [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00003500 ]
+ [ counter pkts 0 bytes 0 ]
+ [ redir ]
+
+# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00001600 : drop 0 [end] element 0000de00 : drop 0 [end]
+ip6 test-ip6 output
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
+ [ ct load state => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000000a ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+ [ redir ]
+
+# redirect to :tcp dport map { 22 : 8000, 80 : 8080}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00001600 : 0000401f 0 [end] element 00005000 : 0000901f 0 [end]
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 1 ]
+ [ redir proto_min reg 1 flags 0x2 ]
+
diff --git a/tests/py/ip6/reject.t b/tests/py/ip6/reject.t
new file mode 100644
index 0000000..bfdd094
--- /dev/null
+++ b/tests/py/ip6/reject.t
@@ -0,0 +1,16 @@
+:output;type filter hook output priority 0
+
+*ip6;test-ip6;output
+
+reject;ok
+reject with icmpv6 no-route;ok
+reject with icmpv6 admin-prohibited;ok
+reject with icmpv6 addr-unreachable;ok
+reject with icmpv6 port-unreachable;ok;reject
+reject with icmpv6 policy-fail;ok
+reject with icmpv6 reject-route;ok
+reject with icmpv6 3;ok;reject with icmpv6 addr-unreachable
+mark 0x80000000 reject with tcp reset;ok;meta mark 0x80000000 reject with tcp reset
+
+reject with icmpv6 host-unreachable;fail
+reject with icmp host-unreachable;fail
diff --git a/tests/py/ip6/reject.t.json b/tests/py/ip6/reject.t.json
new file mode 100644
index 0000000..312a7da
--- /dev/null
+++ b/tests/py/ip6/reject.t.json
@@ -0,0 +1,95 @@
+# reject
+[
+ {
+ "reject": null
+ }
+]
+
+# reject with icmpv6 no-route
+[
+ {
+ "reject": {
+ "expr": "no-route",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 admin-prohibited
+[
+ {
+ "reject": {
+ "expr": "admin-prohibited",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 addr-unreachable
+[
+ {
+ "reject": {
+ "expr": "addr-unreachable",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 port-unreachable
+[
+ {
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 policy-fail
+[
+ {
+ "reject": {
+ "expr": "policy-fail",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 reject-route
+[
+ {
+ "reject": {
+ "expr": "reject-route",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 3
+[
+ {
+ "reject": {
+ "expr": "addr-unreachable",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# mark 0x80000000 reject with tcp reset
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "mark" }
+ },
+ "op": "==",
+ "right": "0x80000000"
+ }
+ },
+ {
+ "reject": {
+ "type": "tcp reset"
+ }
+ }
+]
+
diff --git a/tests/py/ip6/reject.t.json.output b/tests/py/ip6/reject.t.json.output
new file mode 100644
index 0000000..04f12f5
--- /dev/null
+++ b/tests/py/ip6/reject.t.json.output
@@ -0,0 +1,28 @@
+# reject
+[
+ {
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# mark 0x80000000 reject with tcp reset
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "mark" }
+ },
+ "op": "==",
+ "right": 2147483648
+ }
+ },
+ {
+ "reject": {
+ "type": "tcp reset"
+ }
+ }
+]
+
diff --git a/tests/py/ip6/reject.t.payload.ip6 b/tests/py/ip6/reject.t.payload.ip6
new file mode 100644
index 0000000..3d4321b
--- /dev/null
+++ b/tests/py/ip6/reject.t.payload.ip6
@@ -0,0 +1,40 @@
+# reject
+ip6 test-ip6 output
+ [ reject type 0 code 4 ]
+
+# reject with icmpv6 no-route
+ip6 test-ip6 output
+ [ reject type 0 code 0 ]
+
+# reject with icmpv6 admin-prohibited
+ip6 test-ip6 output
+ [ reject type 0 code 1 ]
+
+# reject with icmpv6 addr-unreachable
+ip6 test-ip6 output
+ [ reject type 0 code 3 ]
+
+# reject with icmpv6 port-unreachable
+ip6 test-ip6 output
+ [ reject type 0 code 4 ]
+
+# reject with icmpv6 policy-fail
+ip6 test-ip6 output
+ [ reject type 0 code 5 ]
+
+# reject with icmpv6 reject-route
+ip6 test-ip6 output
+ [ reject type 0 code 6 ]
+
+# reject with icmpv6 3
+ip6 test-ip6 output
+ [ reject type 0 code 3 ]
+
+# mark 0x80000000 reject with tcp reset
+ip6 test-ip6 output
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ meta load mark => reg 1 ]
+ [ cmp eq reg 1 0x80000000 ]
+ [ reject type 1 code 0 ]
+
diff --git a/tests/py/ip6/rt.t b/tests/py/ip6/rt.t
new file mode 100644
index 0000000..c33d38a
--- /dev/null
+++ b/tests/py/ip6/rt.t
@@ -0,0 +1,38 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+*inet;test-inet;input
+
+rt nexthdr 1;ok
+rt nexthdr != 1;ok
+rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;rt nexthdr { 33, 136, 50, 132, 51, 17, 108, 6, 58}
+rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp};ok;rt nexthdr != { 33, 136, 50, 132, 51, 17, 108, 6, 58}
+rt nexthdr icmp;ok;rt nexthdr 1
+rt nexthdr != icmp;ok;rt nexthdr != 1
+rt nexthdr 22;ok
+rt nexthdr != 233;ok
+rt nexthdr 33-45;ok
+rt nexthdr != 33-45;ok
+rt nexthdr { 33, 55, 67, 88};ok
+rt nexthdr != { 33, 55, 67, 88};ok
+
+rt hdrlength 22;ok
+rt hdrlength != 233;ok
+rt hdrlength 33-45;ok
+rt hdrlength != 33-45;ok
+rt hdrlength { 33, 55, 67, 88};ok
+rt hdrlength != { 33, 55, 67, 88};ok
+
+rt type 22;ok
+rt type != 233;ok
+rt type 33-45;ok
+rt type != 33-45;ok
+rt type { 33, 55, 67, 88};ok
+rt type != { 33, 55, 67, 88};ok
+
+rt seg-left 22;ok
+rt seg-left != 233;ok
+rt seg-left 33-45;ok
+rt seg-left != 33-45;ok
+rt seg-left { 33, 55, 67, 88};ok
+rt seg-left != { 33, 55, 67, 88};ok
diff --git a/tests/py/ip6/rt.t.json b/tests/py/ip6/rt.t.json
new file mode 100644
index 0000000..b12873d
--- /dev/null
+++ b/tests/py/ip6/rt.t.json
@@ -0,0 +1,576 @@
+# rt nexthdr 1
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# rt nexthdr != 1
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": 1
+ }
+ }
+]
+
+# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "udplite",
+ "ipcomp",
+ "udp",
+ "ah",
+ "sctp",
+ "esp",
+ "dccp",
+ "tcp",
+ "ipv6-icmp"
+ ]
+ }
+ }
+ }
+]
+
+# rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ "udplite",
+ "ipcomp",
+ "udp",
+ "ah",
+ "sctp",
+ "esp",
+ "dccp",
+ "tcp",
+ "ipv6-icmp"
+ ]
+ }
+ }
+ }
+]
+
+# rt nexthdr icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": "icmp"
+ }
+ }
+]
+
+# rt nexthdr != icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": "icmp"
+ }
+ }
+]
+
+# rt nexthdr 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# rt nexthdr != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# rt nexthdr 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# rt nexthdr != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# rt nexthdr { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# rt nexthdr != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# rt hdrlength 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# rt hdrlength != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# rt hdrlength 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# rt hdrlength != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# rt hdrlength { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# rt hdrlength != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "hdrlength",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# rt type 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "type",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# rt type != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "type",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# rt type 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "type",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# rt type != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "type",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# rt type { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "type",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# rt type != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "type",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# rt seg-left 22
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "seg-left",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": 22
+ }
+ }
+]
+
+# rt seg-left != 233
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "seg-left",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": 233
+ }
+ }
+]
+
+# rt seg-left 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "seg-left",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# rt seg-left != 33-45
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "seg-left",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "range": [ 33, 45 ]
+ }
+ }
+ }
+]
+
+# rt seg-left { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "seg-left",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
+# rt seg-left != { 33, 55, 67, 88}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "seg-left",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 33,
+ 55,
+ 67,
+ 88
+ ]
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/rt.t.json.output b/tests/py/ip6/rt.t.json.output
new file mode 100644
index 0000000..be5db0e
--- /dev/null
+++ b/tests/py/ip6/rt.t.json.output
@@ -0,0 +1,88 @@
+# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 6,
+ 17,
+ 33,
+ 50,
+ 51,
+ 58,
+ 108,
+ 132,
+ 136
+ ]
+ }
+ }
+ }
+]
+
+# rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": {
+ "set": [
+ 6,
+ 17,
+ 33,
+ 50,
+ 51,
+ 58,
+ 108,
+ 132,
+ 136
+ ]
+ }
+ }
+ }
+]
+
+# rt nexthdr icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "==",
+ "right": 1
+ }
+ }
+]
+
+# rt nexthdr != icmp
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "nexthdr",
+ "name": "rt"
+ }
+ },
+ "op": "!=",
+ "right": 1
+ }
+ }
+]
+
diff --git a/tests/py/ip6/rt.t.payload.inet b/tests/py/ip6/rt.t.payload.inet
new file mode 100644
index 0000000..864d311
--- /dev/null
+++ b/tests/py/ip6/rt.t.payload.inet
@@ -0,0 +1,244 @@
+# rt nexthdr 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# rt nexthdr != 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# rt nexthdr icmp
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# rt nexthdr != icmp
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# rt nexthdr 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt nexthdr != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt nexthdr 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt nexthdr != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# rt nexthdr { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# rt nexthdr != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# rt hdrlength 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt hdrlength != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt hdrlength 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt hdrlength != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# rt hdrlength { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# rt hdrlength != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# rt type 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt type != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt type 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt type != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# rt type { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# rt type != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# rt seg-left 22
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt seg-left != 233
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt seg-left 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt seg-left != 33-45
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# rt seg-left { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# rt seg-left != { 33, 55, 67, 88}
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
diff --git a/tests/py/ip6/rt.t.payload.ip6 b/tests/py/ip6/rt.t.payload.ip6
new file mode 100644
index 0000000..c7b52f8
--- /dev/null
+++ b/tests/py/ip6/rt.t.payload.ip6
@@ -0,0 +1,184 @@
+# rt nexthdr 1
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# rt nexthdr != 1
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# rt nexthdr {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# rt nexthdr != {udplite, ipcomp, udp, ah, sctp, esp, dccp, tcp, ipv6-icmp}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000088 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000033 : 0 [end] element 00000084 : 0 [end] element 00000032 : 0 [end] element 00000021 : 0 [end] element 00000006 : 0 [end] element 0000003a : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# rt nexthdr icmp
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000001 ]
+
+# rt nexthdr != icmp
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x00000001 ]
+
+# rt nexthdr 22
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt nexthdr != 233
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt nexthdr 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt nexthdr != 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# rt nexthdr { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# rt nexthdr != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 0 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# rt hdrlength 22
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt hdrlength != 233
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt hdrlength 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt hdrlength != 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# rt hdrlength { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# rt hdrlength != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 1 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# rt type 22
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt type != 233
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt type 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt type != 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# rt type { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# rt type != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 2 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
+# rt seg-left 22
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ cmp eq reg 1 0x00000016 ]
+
+# rt seg-left != 233
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ cmp neq reg 1 0x000000e9 ]
+
+# rt seg-left 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ cmp gte reg 1 0x00000021 ]
+ [ cmp lte reg 1 0x0000002d ]
+
+# rt seg-left != 33-45
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ range neq reg 1 0x00000021 0x0000002d ]
+
+# rt seg-left { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# rt seg-left != { 33, 55, 67, 88}
+__set%d test-ip6 3
+__set%d test-ip6 0
+ element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 3 => reg 1 ]
+ [ lookup reg 1 set __set%d 0x1 ]
+
diff --git a/tests/py/ip6/rt0.t b/tests/py/ip6/rt0.t
new file mode 100644
index 0000000..1d50a89
--- /dev/null
+++ b/tests/py/ip6/rt0.t
@@ -0,0 +1,6 @@
+:output;type filter hook input priority 0
+
+*ip6;test-ip6;output
+
+rt nexthop 192.168.0.1;fail
+rt nexthop fd00::1;ok;rt ip6 nexthop fd00::1
diff --git a/tests/py/ip6/rt0.t.json b/tests/py/ip6/rt0.t.json
new file mode 100644
index 0000000..75ff923
--- /dev/null
+++ b/tests/py/ip6/rt0.t.json
@@ -0,0 +1,16 @@
+# rt nexthop fd00::1
+[
+ {
+ "match": {
+ "left": {
+ "rt": {
+ "family": "ip6",
+ "key": "nexthop"
+ }
+ },
+ "op": "==",
+ "right": "fd00::1"
+ }
+ }
+]
+
diff --git a/tests/py/ip6/rt0.t.payload b/tests/py/ip6/rt0.t.payload
new file mode 100644
index 0000000..464b7f2
--- /dev/null
+++ b/tests/py/ip6/rt0.t.payload
@@ -0,0 +1,5 @@
+# rt nexthop fd00::1
+ip6 test-ip6 output
+ [ rt load nexthop6 => reg 1 ]
+ [ cmp eq reg 1 0x000000fd 0x00000000 0x00000000 0x01000000 ]
+
diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t
new file mode 100644
index 0000000..17fd62f
--- /dev/null
+++ b/tests/py/ip6/sets.t
@@ -0,0 +1,48 @@
+:input;type filter hook input priority 0
+:ingress;type filter hook ingress device lo priority 0
+:egress;type filter hook egress device lo priority 0
+
+*ip6;test-ip6;input
+*inet;test-inet;input
+*netdev;test-netdev;ingress,egress
+
+!w type ipv6_addr;ok
+!x type inet_proto;ok
+!y type inet_service;ok
+!z type time;ok
+
+?set2 192.168.3.4;fail
+!set2 type ipv6_addr;ok
+?set2 1234:1234::1234:1234:1234:1234:1234;ok
+?set2 1234:1234::1234:1234:1234:1234:1234;ok
+?set2 1234::1234:1234:1234;ok
+?set2 1234:1234:1234:1234:1234::1234:1234, 1234:1234::123;ok
+?set2 192.168.3.8, 192.168.3.9;fail
+?set2 1234:1234::1234:1234:1234:1234;ok
+?set2 1234:1234::1234:1234:1234:1234;ok
+?set2 1234:1234:1234::1234;ok
+
+ip6 saddr @set2 drop;ok
+ip6 saddr != @set2 drop;ok
+ip6 saddr @set33 drop;fail
+ip6 saddr != @set33 drop;fail
+
+!set3 type ipv6_addr flags interval;ok
+?set3 1234:1234:1234:1234::/64;ok
+?set3 1324:1234:1234:1235::/64;ok
+?set3 1324:1234:1234:1233::/64;ok
+?set3 1234:1234:1234:1234:1234:1234:/96;fail
+?set3 1324:1234:1234:1236::/64;ok
+
+!set4 type ipv6_addr flags interval;ok
+?set4 1234:1234:1234:1234::/64,4321:1234:1234:1234::/64;ok
+?set4 4321:1234:1234:1234:1234:1234::/96;fail
+
+!set5 type ipv6_addr . ipv6_addr;ok
+ip6 saddr . ip6 daddr @set5 drop;ok
+add @set5 { ip6 saddr . ip6 daddr };ok
+
+!map1 type ipv6_addr . ipv6_addr : mark;ok
+add @map1 { ip6 saddr . ip6 daddr : meta mark };ok
+
+delete @set5 { ip6 saddr . ip6 daddr };ok
diff --git a/tests/py/ip6/sets.t.json b/tests/py/ip6/sets.t.json
new file mode 100644
index 0000000..2029d2b
--- /dev/null
+++ b/tests/py/ip6/sets.t.json
@@ -0,0 +1,150 @@
+# ip6 saddr @set2 drop
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "@set2"
+ }
+ },
+ {
+ "drop": null
+ }
+]
+
+# ip6 saddr != @set2 drop
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "!=",
+ "right": "@set2"
+ }
+ },
+ {
+ "drop": null
+ }
+]
+
+# ip6 saddr . ip6 daddr @set5 drop
+[
+ {
+ "match": {
+ "left": {
+ "concat": [
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ }
+ ]
+ },
+ "op": "==",
+ "right": "@set5"
+ }
+ },
+ {
+ "drop": null
+ }
+]
+
+# add @set5 { ip6 saddr . ip6 daddr }
+[
+ {
+ "set": {
+ "elem": {
+ "concat": [
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ }
+ ]
+ },
+ "op": "add",
+ "set": "@set5"
+ }
+ }
+]
+
+# delete @set5 { ip6 saddr . ip6 daddr }
+[
+ {
+ "set": {
+ "elem": {
+ "concat": [
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ }
+ ]
+ },
+ "op": "delete",
+ "set": "@set5"
+ }
+ }
+]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+[
+ {
+ "map": {
+ "data": {
+ "meta": {
+ "key": "mark"
+ }
+ },
+ "elem": {
+ "concat": [
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ }
+ ]
+ },
+ "map": "@map1",
+ "op": "add"
+ }
+ }
+]
+
diff --git a/tests/py/ip6/sets.t.json.got b/tests/py/ip6/sets.t.json.got
new file mode 100644
index 0000000..114b17c
--- /dev/null
+++ b/tests/py/ip6/sets.t.json.got
@@ -0,0 +1,31 @@
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+[
+ {
+ "map": {
+ "data": {
+ "meta": {
+ "key": "mark"
+ }
+ },
+ "elem": {
+ "concat": [
+ {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ }
+ ]
+ },
+ "map": "@map1",
+ "op": "add"
+ }
+ }
+]
+
diff --git a/tests/py/ip6/sets.t.json.payload.got b/tests/py/ip6/sets.t.json.payload.got
new file mode 100644
index 0000000..18ac33b
--- /dev/null
+++ b/tests/py/ip6/sets.t.json.payload.got
@@ -0,0 +1,107 @@
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+netdev test-netdev egress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+netdev test-netdev egress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+netdev test-netdev egress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+netdev test-netdev egress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
diff --git a/tests/py/ip6/sets.t.payload b/tests/py/ip6/sets.t.payload
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/py/ip6/sets.t.payload
diff --git a/tests/py/ip6/sets.t.payload.inet b/tests/py/ip6/sets.t.payload.inet
new file mode 100644
index 0000000..2bbd557
--- /dev/null
+++ b/tests/py/ip6/sets.t.payload.inet
@@ -0,0 +1,49 @@
+# ip6 saddr @set2 drop
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set set2 ]
+ [ immediate reg 0 drop ]
+
+# ip6 saddr != @set2 drop
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set set2 0x1 ]
+ [ immediate reg 0 drop ]
+
+# ip6 saddr . ip6 daddr @set5 drop
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ lookup reg 1 set set5 ]
+ [ immediate reg 0 drop ]
+
+# add @set5 { ip6 saddr . ip6 daddr }
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ dynset add reg_key 1 set set5 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
+# delete @set5 { ip6 saddr . ip6 daddr }
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ dynset delete reg_key 1 set set5 ]
diff --git a/tests/py/ip6/sets.t.payload.inet.got b/tests/py/ip6/sets.t.payload.inet.got
new file mode 100644
index 0000000..4cfa6a4
--- /dev/null
+++ b/tests/py/ip6/sets.t.payload.inet.got
@@ -0,0 +1,9 @@
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
diff --git a/tests/py/ip6/sets.t.payload.ip6 b/tests/py/ip6/sets.t.payload.ip6
new file mode 100644
index 0000000..c59f7b5
--- /dev/null
+++ b/tests/py/ip6/sets.t.payload.ip6
@@ -0,0 +1,38 @@
+# ip6 saddr @set2 drop
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set set2 ]
+ [ immediate reg 0 drop ]
+
+# ip6 saddr != @set2 drop
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set set2 0x1 ]
+ [ immediate reg 0 drop ]
+
+# ip6 saddr . ip6 daddr @set5 drop
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ lookup reg 1 set set5 ]
+ [ immediate reg 0 drop ]
+
+# add @set5 { ip6 saddr . ip6 daddr }
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ dynset add reg_key 1 set set5 ]
+
+# delete @set5 { ip6 saddr . ip6 daddr }
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ dynset delete reg_key 1 set set5 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
diff --git a/tests/py/ip6/sets.t.payload.ip6.got b/tests/py/ip6/sets.t.payload.ip6.got
new file mode 100644
index 0000000..8c0ee0d
--- /dev/null
+++ b/tests/py/ip6/sets.t.payload.ip6.got
@@ -0,0 +1,7 @@
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
diff --git a/tests/py/ip6/sets.t.payload.netdev b/tests/py/ip6/sets.t.payload.netdev
new file mode 100644
index 0000000..1866d26
--- /dev/null
+++ b/tests/py/ip6/sets.t.payload.netdev
@@ -0,0 +1,50 @@
+# ip6 saddr @set2 drop
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set set2 ]
+ [ immediate reg 0 drop ]
+
+# ip6 saddr != @set2 drop
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set set2 0x1 ]
+ [ immediate reg 0 drop ]
+
+# ip6 saddr . ip6 daddr @set5 drop
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ lookup reg 1 set set5 ]
+ [ immediate reg 0 drop ]
+
+# add @set5 { ip6 saddr . ip6 daddr }
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ dynset add reg_key 1 set set5 ]
+
+# delete @set5 { ip6 saddr . ip6 daddr }
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ dynset delete reg_key 1 set set5 ]
+
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
diff --git a/tests/py/ip6/sets.t.payload.netdev.got b/tests/py/ip6/sets.t.payload.netdev.got
new file mode 100644
index 0000000..792d841
--- /dev/null
+++ b/tests/py/ip6/sets.t.payload.netdev.got
@@ -0,0 +1,9 @@
+# add @map1 { ip6 saddr . ip6 daddr : meta mark }
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ payload load 16b @ network header + 24 => reg 2 ]
+ [ meta load mark => reg 3 ]
+ [ dynset add reg_key 1 set map1 sreg_data 3 ]
+
diff --git a/tests/py/ip6/snat.t b/tests/py/ip6/snat.t
new file mode 100644
index 0000000..564f089
--- /dev/null
+++ b/tests/py/ip6/snat.t
@@ -0,0 +1,6 @@
+:postrouting;type nat hook postrouting priority 0
+
+*ip6;test-ip6;postrouting
+
+tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok
+tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok
diff --git a/tests/py/ip6/snat.t.json b/tests/py/ip6/snat.t.json
new file mode 100644
index 0000000..58b0980
--- /dev/null
+++ b/tests/py/ip6/snat.t.json
@@ -0,0 +1,54 @@
+# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 80, 90 ]
+ }
+ }
+ },
+ {
+ "snat": {
+ "addr": {
+ "range": [ "2001:838:35f:1::", "2001:838:35f:2::" ]
+ },
+ "port": {
+ "range": [ 80, 100 ]
+ }
+ }
+ }
+]
+
+# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [ 80, 90 ]
+ }
+ }
+ },
+ {
+ "snat": {
+ "addr": {
+ "range": [ "2001:838:35f:1::", "2001:838:35f:2::" ]
+ },
+ "port": 100
+ }
+ }
+]
+
diff --git a/tests/py/ip6/snat.t.payload.ip6 b/tests/py/ip6/snat.t.payload.ip6
new file mode 100644
index 0000000..66a2967
--- /dev/null
+++ b/tests/py/ip6/snat.t.payload.ip6
@@ -0,0 +1,25 @@
+# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ]
+ [ immediate reg 3 0x00005000 ]
+ [ immediate reg 4 0x00006400 ]
+ [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 flags 0x2 ]
+
+# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ]
+ [ immediate reg 3 0x00006400 ]
+ [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 flags 0x2 ]
+
diff --git a/tests/py/ip6/srh.t b/tests/py/ip6/srh.t
new file mode 100644
index 0000000..fbaff41
--- /dev/null
+++ b/tests/py/ip6/srh.t
@@ -0,0 +1,22 @@
+:input;type filter hook input priority 0
+
+*ip6;test-ip6;input
+
+srh last-entry 0;ok
+srh last-entry 127;ok
+srh last-entry { 0, 4-127, 255 };ok
+
+srh flags 0;ok
+srh flags 127;ok
+srh flags { 0, 4-127, 255 };ok
+
+srh tag 0;ok
+srh tag 127;ok
+srh tag { 0, 4-127, 0xffff };ok;srh tag { 0, 4-127, 65535 }
+
+srh sid[1] dead::beef;ok
+srh sid[2] dead::beef;ok
+
+srh last-entry { 0, 4-127, 256 };fail
+srh flags { 0, 4-127, 256 };fail
+srh tag { 0, 4-127, 0x10000 };fail
diff --git a/tests/py/ip6/srh.t.json b/tests/py/ip6/srh.t.json
new file mode 100644
index 0000000..2d16f1c
--- /dev/null
+++ b/tests/py/ip6/srh.t.json
@@ -0,0 +1,194 @@
+# srh last-entry 0
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "last-entry",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": 0
+ }
+ }
+]
+
+# srh last-entry 127
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "last-entry",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": 127
+ }
+ }
+]
+
+# srh last-entry { 0, 4-127, 255 }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "last-entry",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 0,
+ { "range": [ 4, 127 ] },
+ 255
+ ]
+ }
+ }
+ }
+]
+
+# srh flags 0
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "flags",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": 0
+ }
+ }
+]
+
+# srh flags 127
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "flags",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": 127
+ }
+ }
+]
+
+# srh flags { 0, 4-127, 255 }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "flags",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 0,
+ { "range": [ 4, 127 ] },
+ 255
+ ]
+ }
+ }
+ }
+]
+
+# srh tag 0
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "tag",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": 0
+ }
+ }
+]
+
+# srh tag 127
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "tag",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": 127
+ }
+ }
+]
+
+# srh tag { 0, 4-127, 0xffff }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "tag",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 0,
+ { "range": [ 4, 127 ] },
+ "0xffff"
+ ]
+ }
+ }
+ }
+]
+
+# srh sid[1] dead::beef
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "sid[1]",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": "dead::beef"
+ }
+ }
+]
+
+# srh sid[2] dead::beef
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "sid[2]",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": "dead::beef"
+ }
+ }
+]
+
diff --git a/tests/py/ip6/srh.t.json.output b/tests/py/ip6/srh.t.json.output
new file mode 100644
index 0000000..f801b81
--- /dev/null
+++ b/tests/py/ip6/srh.t.json.output
@@ -0,0 +1,22 @@
+# srh tag { 0, 4-127, 0xffff }
+[
+ {
+ "match": {
+ "left": {
+ "exthdr": {
+ "field": "tag",
+ "name": "srh"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 0,
+ { "range": [ 4, 127 ] },
+ 65535
+ ]
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/srh.t.payload b/tests/py/ip6/srh.t.payload
new file mode 100644
index 0000000..364940a
--- /dev/null
+++ b/tests/py/ip6/srh.t.payload
@@ -0,0 +1,64 @@
+# srh last-entry 0
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# srh last-entry 127
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 4 => reg 1 ]
+ [ cmp eq reg 1 0x0000007f ]
+
+# srh last-entry { 0, 4-127, 255 }
+__set%d test-ip6 7 size 5
+__set%d test-ip6 0
+ element 00000000 : 0 [end] element 00000001 : 1 [end] element 00000004 : 0 [end] element 00000080 : 1 [end] element 000000ff : 0 [end] userdata = { \x01\x04\x01\x00\x00\x00 }
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 4 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# srh flags 0
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 5 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# srh flags 127
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 5 => reg 1 ]
+ [ cmp eq reg 1 0x0000007f ]
+
+# srh flags { 0, 4-127, 255 }
+__set%d test-ip6 7 size 5
+__set%d test-ip6 0
+ element 00000000 : 0 [end] element 00000001 : 1 [end] element 00000004 : 0 [end] element 00000080 : 1 [end] element 000000ff : 0 [end] userdata = { \x01\x04\x01\x00\x00\x00 }
+ip6 test-ip6 input
+ [ exthdr load ipv6 1b @ 43 + 5 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# srh tag 0
+ip6 test-ip6 input
+ [ exthdr load ipv6 2b @ 43 + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# srh tag 127
+ip6 test-ip6 input
+ [ exthdr load ipv6 2b @ 43 + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00007f00 ]
+
+# srh tag { 0, 4-127, 0xffff }
+__set%d test-ip6 7 size 5
+__set%d test-ip6 0
+ element 00000000 : 0 [end] element 00000100 : 1 [end] element 00000400 : 0 [end] element 00008000 : 1 [end] element 0000ffff : 0 [end] userdata = { \x01\x04\x01\x00\x00\x00 }
+ip6 test-ip6 input
+ [ exthdr load ipv6 2b @ 43 + 6 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# srh sid[1] dead::beef
+ip6 test-ip6 input
+ [ exthdr load ipv6 16b @ 43 + 8 => reg 1 ]
+ [ cmp eq reg 1 0x0000adde 0x00000000 0x00000000 0xefbe0000 ]
+
+# srh sid[2] dead::beef
+ip6 test-ip6 input
+ [ exthdr load ipv6 16b @ 43 + 24 => reg 1 ]
+ [ cmp eq reg 1 0x0000adde 0x00000000 0x00000000 0xefbe0000 ]
+
diff --git a/tests/py/ip6/tproxy.t b/tests/py/ip6/tproxy.t
new file mode 100644
index 0000000..d4c6bff
--- /dev/null
+++ b/tests/py/ip6/tproxy.t
@@ -0,0 +1,14 @@
+:y;type filter hook prerouting priority -150
+
+*ip6;x;y
+
+tproxy;fail
+tproxy to [2001:db8::1];fail
+tproxy to [2001:db8::1]:50080;fail
+tproxy to :50080;fail
+meta l4proto 6 tproxy to [2001:db8::1];ok
+meta l4proto 17 tproxy to [2001:db8::1]:50080;ok
+meta l4proto 6 tproxy to :50080;ok
+meta l4proto 6 tproxy ip6 to [2001:db8::1];ok;meta l4proto 6 tproxy to [2001:db8::1]
+meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;ok;meta l4proto 17 tproxy to [2001:db8::1]:50080
+meta l4proto 6 tproxy ip6 to :50080;ok;meta l4proto 6 tproxy to :50080
diff --git a/tests/py/ip6/tproxy.t.json b/tests/py/ip6/tproxy.t.json
new file mode 100644
index 0000000..0e02d49
--- /dev/null
+++ b/tests/py/ip6/tproxy.t.json
@@ -0,0 +1,125 @@
+# meta l4proto 6 tproxy to [2001:db8::1]
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "tproxy": {
+ "addr": "2001:db8::1"
+ }
+ }
+]
+
+# meta l4proto 17 tproxy to [2001:db8::1]:50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 17
+ }
+ },
+ {
+ "tproxy": {
+ "addr": "2001:db8::1",
+ "port": 50080
+ }
+ }
+]
+
+# meta l4proto 6 tproxy to :50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "tproxy": {
+ "port": 50080
+ }
+ }
+]
+
+# meta l4proto 6 tproxy ip6 to [2001:db8::1]
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "tproxy": {
+ "addr": "2001:db8::1",
+ "family": "ip6"
+ }
+ }
+]
+
+# meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 17
+ }
+ },
+ {
+ "tproxy": {
+ "addr": "2001:db8::1",
+ "family": "ip6",
+ "port": 50080
+ }
+ }
+]
+
+# meta l4proto 6 tproxy ip6 to :50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "tproxy": {
+ "family": "ip6",
+ "port": 50080
+ }
+ }
+]
+
diff --git a/tests/py/ip6/tproxy.t.json.output b/tests/py/ip6/tproxy.t.json.output
new file mode 100644
index 0000000..461738b
--- /dev/null
+++ b/tests/py/ip6/tproxy.t.json.output
@@ -0,0 +1,60 @@
+# meta l4proto 6 tproxy ip6 to [2001:db8::1]
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "tproxy": {
+ "addr": "2001:db8::1"
+ }
+ }
+]
+
+# meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 17
+ }
+ },
+ {
+ "tproxy": {
+ "addr": "2001:db8::1",
+ "port": 50080
+ }
+ }
+]
+
+# meta l4proto 6 tproxy ip6 to :50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "tproxy": {
+ "port": 50080
+ }
+ }
+]
diff --git a/tests/py/ip6/tproxy.t.payload b/tests/py/ip6/tproxy.t.payload
new file mode 100644
index 0000000..9f28e80
--- /dev/null
+++ b/tests/py/ip6/tproxy.t.payload
@@ -0,0 +1,44 @@
+# meta l4proto 6 tproxy to [2001:db8::1]
+ip6 x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ]
+ [ tproxy ip6 addr reg 1 ]
+
+# meta l4proto 17 tproxy to [2001:db8::1]:50080
+ip6 x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ]
+ [ immediate reg 2 0x0000a0c3 ]
+ [ tproxy ip6 addr reg 1 port reg 2 ]
+
+# meta l4proto 6 tproxy to :50080
+ip6 x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x0000a0c3 ]
+ [ tproxy ip6 port reg 1 ]
+
+# meta l4proto 6 tproxy ip6 to [2001:db8::1]
+ip6 x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ]
+ [ tproxy ip6 addr reg 1 ]
+
+# meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080
+ip6 x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ]
+ [ immediate reg 2 0x0000a0c3 ]
+ [ tproxy ip6 addr reg 1 port reg 2 ]
+
+# meta l4proto 6 tproxy ip6 to :50080
+ip6 x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x0000a0c3 ]
+ [ tproxy ip6 port reg 1 ]
+
diff --git a/tests/py/ip6/vmap.t b/tests/py/ip6/vmap.t
new file mode 100644
index 0000000..2d54b82
--- /dev/null
+++ b/tests/py/ip6/vmap.t
@@ -0,0 +1,58 @@
+:input;type filter hook input priority 0
+:ingress;type filter hook ingress device lo priority 0
+:egress;type filter hook egress device lo priority 0
+
+*ip6;test-ip6;input
+*inet;test-inet;input
+*netdev;test-netdev;ingress,egress
+
+ip6 saddr vmap { abcd::3 : accept };ok
+ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234:1234;fail
+
+# Ipv6 address combinations
+# from src/scanner.l
+ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 0:1234:1234:1234:1234:1234:1234:1234 : accept}
+ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:0:1234:1234:1234:1234:1234:1234 : accept}
+ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:0:1234:1234:1234:1234:1234 : accept}
+ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:0:1234:1234:1234:1234 : accept}
+ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:0:1234:1234:1234 : accept}
+ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:0:1234:1234 : accept}
+ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:0:1234 : accept}
+ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept};ok;ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:0 : accept}
+ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept};ok
+ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept};ok
+ip6 saddr vmap { ::1234:1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234::1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234::1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234::1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:1234:: : accept};ok
+ip6 saddr vmap { ::1234:1234:1234 : accept};ok
+ip6 saddr vmap { 1234::1234:1234 : accept};ok
+ip6 saddr vmap { 1234:1234::1234 : accept};ok
+ip6 saddr vmap { 1234:1234:1234:: : accept};ok
+ip6 saddr vmap { ::1234:1234 : accept};ok;ip6 saddr vmap { ::18.52.18.52 : accept}
+ip6 saddr vmap { 1234::1234 : accept};ok
+ip6 saddr vmap { 1234:1234:: : accept};ok
+ip6 saddr vmap { ::1234 : accept};ok
+ip6 saddr vmap { 1234:: : accept};ok
+ip6 saddr vmap { ::/64 : accept};ok
+
+ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::aaaa : drop}
+ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::bbbb : drop}
+ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::cccc : drop}
+ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop};ok;ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:0 : accept, ::dddd: drop}
+
+# rule without comma:
+filter-input ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:bbbb:::accept::adda : drop};fail
diff --git a/tests/py/ip6/vmap.t.json b/tests/py/ip6/vmap.t.json
new file mode 100644
index 0000000..1b867ff
--- /dev/null
+++ b/tests/py/ip6/vmap.t.json
@@ -0,0 +1,1037 @@
+# ip6 saddr vmap { abcd::3 : accept }
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "abcd::3",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::1234:1234:1234:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234::1234:1234:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234::1234:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234::1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234::1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234::1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:1234::1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:1234:1234::",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::1234:1234:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234::1234:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234::1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234::1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234::1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234::1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:1234::",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::1234:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234::1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234::1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234::1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234::1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234::",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234::1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234::1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234::1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234::1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234::1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234::1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:: : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234::",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { ::1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234::1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234::1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234::1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234::1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:: : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234::",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { ::1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234::1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234::1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:: : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234::",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { ::1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:: : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234::",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { ::/64 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ {
+ "prefix": {
+ "addr": "::",
+ "len": 64
+ }
+ },
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:1234:aaaa::",
+ {
+ "accept": null
+ }
+ ],
+ [
+ "::aaaa",
+ {
+ "drop": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:1234:aaaa::",
+ {
+ "accept": null
+ }
+ ],
+ [
+ "::bbbb",
+ {
+ "drop": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:1234:aaaa::",
+ {
+ "accept": null
+ }
+ ],
+ [
+ "::cccc",
+ {
+ "drop": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:1234:aaaa::",
+ {
+ "accept": null
+ }
+ ],
+ [
+ "::dddd",
+ {
+ "drop": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/vmap.t.json.output b/tests/py/ip6/vmap.t.json.output
new file mode 100644
index 0000000..affe383
--- /dev/null
+++ b/tests/py/ip6/vmap.t.json.output
@@ -0,0 +1,336 @@
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "0:1234:1234:1234:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:0:1234:1234:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:0:1234:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:0:1234:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:0:1234:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:0:1234:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:1234:0:1234",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "1234:1234:1234:1234:1234:1234:1234:0",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap { ::1234:1234 : accept}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::18.52.18.52",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::aaaa",
+ {
+ "drop": null
+ }
+ ],
+ [
+ "1234:1234:1234:1234:1234:1234:aaaa:0",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::bbbb",
+ {
+ "drop": null
+ }
+ ],
+ [
+ "1234:1234:1234:1234:1234:1234:aaaa:0",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::cccc",
+ {
+ "drop": null
+ }
+ ],
+ [
+ "1234:1234:1234:1234:1234:1234:aaaa:0",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop}
+[
+ {
+ "vmap": {
+ "key": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "data": {
+ "set": [
+ [
+ "::dddd",
+ {
+ "drop": null
+ }
+ ],
+ [
+ "1234:1234:1234:1234:1234:1234:aaaa:0",
+ {
+ "accept": null
+ }
+ ]
+ ]
+ }
+ }
+ }
+]
+
diff --git a/tests/py/ip6/vmap.t.payload.inet b/tests/py/ip6/vmap.t.payload.inet
new file mode 100644
index 0000000..931cc6b
--- /dev/null
+++ b/tests/py/ip6/vmap.t.payload.inet
@@ -0,0 +1,420 @@
+# ip6 saddr vmap { abcd::3 : accept }
+__map%d test-inet b
+__map%d test-inet 0
+ element 0000cdab 00000000 00000000 03000000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34120000 34123412 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00003412 34123412 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34120000 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 00003412 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 34120000 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 00003412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 34123412 34120000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 34123412 00003412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00000000 34123412 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00003412 34120000 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 00000000 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 00003412 34120000 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 00000000 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 00003412 34120000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 34123412 00000000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00000000 34120000 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00003412 00000000 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 00000000 34120000 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 00003412 00000000 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 00000000 34120000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 00003412 00000000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00000000 00000000 34123412 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00003412 00000000 34120000 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 00000000 00000000 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 00003412 00000000 34120000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:: : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 00000000 00000000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00000000 00000000 34120000 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00003412 00000000 00000000 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 00000000 00000000 34120000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:: : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 00003412 00000000 00000000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00000000 00000000 00000000 34123412 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00003412 00000000 00000000 34120000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:: : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 00000000 00000000 00000000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234 : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00000000 00000000 00000000 34120000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:: : accept}
+__map%d test-inet b
+__map%d test-inet 0
+ element 00003412 00000000 00000000 00000000 : accept 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::/64 : accept}
+__map%d test-inet f
+__map%d test-inet 0
+ element 00000000 00000000 00000000 00000000 : accept 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 aaaa0000 : drop 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 bbbb0000 : drop 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 cccc0000 : drop 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop}
+__map%d test-inet b
+__map%d test-inet 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 dddd0000 : drop 0 [end]
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
diff --git a/tests/py/ip6/vmap.t.payload.ip6 b/tests/py/ip6/vmap.t.payload.ip6
new file mode 100644
index 0000000..6e077b2
--- /dev/null
+++ b/tests/py/ip6/vmap.t.payload.ip6
@@ -0,0 +1,336 @@
+# ip6 saddr vmap { abcd::3 : accept }
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 0000cdab 00000000 00000000 03000000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34120000 34123412 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00003412 34123412 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34120000 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 00003412 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 34120000 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 00003412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 34123412 34120000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 34123412 00003412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00000000 34123412 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00003412 34120000 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 00000000 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 00003412 34120000 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 00000000 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 00003412 34120000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 34123412 00000000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00000000 34120000 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00003412 00000000 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 00000000 34120000 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 00003412 00000000 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 00000000 34120000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 00003412 00000000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00000000 00000000 34123412 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00003412 00000000 34120000 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 00000000 00000000 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 00003412 00000000 34120000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:: : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 00000000 00000000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00000000 00000000 34120000 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00003412 00000000 00000000 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 00000000 00000000 34120000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:: : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 00003412 00000000 00000000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00000000 00000000 00000000 34123412 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00003412 00000000 00000000 34120000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:: : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 00000000 00000000 00000000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234 : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00000000 00000000 00000000 34120000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:: : accept}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 00003412 00000000 00000000 00000000 : accept 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::/64 : accept}
+__map%d test-ip6 f
+__map%d test-ip6 0
+ element 00000000 00000000 00000000 00000000 : accept 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 aaaa0000 : drop 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 bbbb0000 : drop 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 cccc0000 : drop 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop}
+__map%d test-ip6 b
+__map%d test-ip6 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 dddd0000 : drop 0 [end]
+ip6 test-ip6 input
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
diff --git a/tests/py/ip6/vmap.t.payload.netdev b/tests/py/ip6/vmap.t.payload.netdev
new file mode 100644
index 0000000..45f2c0b
--- /dev/null
+++ b/tests/py/ip6/vmap.t.payload.netdev
@@ -0,0 +1,420 @@
+# ip6 saddr vmap { abcd::3 : accept }
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 0000cdab 00000000 00000000 03000000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34120000 34123412 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00003412 34123412 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34120000 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 00003412 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 34120000 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 00003412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 34123412 34120000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 34123412 00003412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00000000 34123412 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00003412 34120000 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 00000000 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 00003412 34120000 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 00000000 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 00003412 34120000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 34123412 00000000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00000000 34120000 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00003412 00000000 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 00000000 34120000 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 00003412 00000000 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 00000000 34120000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 00003412 00000000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00000000 00000000 34123412 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00003412 00000000 34120000 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 00000000 00000000 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234::1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 00003412 00000000 34120000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:1234:: : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 00000000 00000000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00000000 00000000 34120000 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00003412 00000000 00000000 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234::1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 00000000 00000000 34120000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:1234:: : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 00003412 00000000 00000000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234:1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00000000 00000000 00000000 34123412 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234::1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00003412 00000000 00000000 34120000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:1234:: : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 00000000 00000000 00000000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::1234 : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00000000 00000000 00000000 34120000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { 1234:: : accept}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00003412 00000000 00000000 00000000 : accept 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap { ::/64 : accept}
+__map%d test-netdev f
+__map%d test-netdev 0
+ element 00000000 00000000 00000000 00000000 : accept 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 aaaa0000 : drop 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 bbbb0000 : drop 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 cccc0000 : drop 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
+# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 34123412 34123412 34123412 0000aaaa : accept 0 [end] element 00000000 00000000 00000000 dddd0000 : drop 0 [end]
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 0 ]
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-20 23:20:50 +0000