blob: 5252724ceead153412b0605949325fcf7af88880 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
# ip saddr 192.168.1.3 counter name "cnt2"
ip test-ip4 output
[ payload load 4b @ network header + 12 => reg 1 ]
[ cmp eq reg 1 0x0301a8c0 ]
[ objref type 1 name cnt2 ]
# counter name tcp dport map {443 : "cnt1", 80 : "cnt2", 22 : "cnt1"}
__objmap%d test-ip4 43
__objmap%d test-ip4 0
element 0000bb01 : 0 [end] element 00005000 : 0 [end] element 00001600 : 0 [end]
ip test-ip4 output
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ objref sreg 1 set __objmap%d ]
# ip saddr 192.168.1.3 quota name "qt1"
ip test-ip4 output
[ payload load 4b @ network header + 12 => reg 1 ]
[ cmp eq reg 1 0x0301a8c0 ]
[ objref type 2 name qt1 ]
# quota name tcp dport map {443 : "qt1", 80 : "qt2", 22 : "qt1"}
__objmap%d test-ip4 43
__objmap%d test-ip4 0
element 0000bb01 : 0 [end] element 00005000 : 0 [end] element 00001600 : 0 [end]
ip test-ip4 output
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ objref sreg 1 set __objmap%d ]
# ct helper set "cthelp1"
ip test-ip4 output
[ objref type 3 name cthelp1 ]
# ct helper set tcp dport map {21 : "cthelp1", 2121 : "cthelp1" }
__objmap%d test-ip4 43
__objmap%d test-ip4 0
element 00001500 : 0 [end] element 00004908 : 0 [end]
ip test-ip4 output
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ objref sreg 1 set __objmap%d ]
# ip saddr 192.168.1.3 limit name "lim1"
ip test-ip4 output
[ payload load 4b @ network header + 12 => reg 1 ]
[ cmp eq reg 1 0x0301a8c0 ]
[ objref type 4 name lim1 ]
# limit name tcp dport map {443 : "lim1", 80 : "lim2", 22 : "lim1"}
__objmap%d test-ip4 43 size 3
__objmap%d test-ip4 0
element 0000bb01 : 0 [end] element 00005000 : 0 [end] element 00001600 : 0 [end]
ip test-ip4 output
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ objref sreg 1 set __objmap%d ]
# ct timeout set "cttime1"
ip test-ip4 output
[ objref type 7 name cttime1 ]
# ct expectation set "ctexpect1"
ip test-ip4 output
[ objref type 9 name ctexpect1 ]
# synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"}
__objmap%d test-ip4 43 size 2
__objmap%d test-ip4 0
element 0000bb01 : 0 [end] element 00005000 : 0 [end]
ip test-ip4 output
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ objref sreg 1 set __objmap%d ]
|