1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
|
# frag nexthdr tcp
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
# frag nexthdr != icmp
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
[ cmp neq reg 1 0x00000001 ]
# frag nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
__set%d test-inet 3
__set%d test-inet 0
element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
[ lookup reg 1 set __set%d ]
# frag nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp}
__set%d test-inet 3
__set%d test-inet 0
element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
[ lookup reg 1 set __set%d 0x1 ]
# frag nexthdr esp
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000032 ]
# frag nexthdr ah
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000033 ]
# frag reserved 22
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000016 ]
# frag reserved != 233
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
[ cmp neq reg 1 0x000000e9 ]
# frag reserved 33-45
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
[ cmp gte reg 1 0x00000021 ]
[ cmp lte reg 1 0x0000002d ]
# frag reserved != 33-45
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
[ range neq reg 1 0x00000021 0x0000002d ]
# frag reserved { 33, 55, 67, 88}
__set%d test-inet 3
__set%d test-inet 0
element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
[ lookup reg 1 set __set%d ]
# frag reserved != { 33, 55, 67, 88}
__set%d test-inet 3
__set%d test-inet 0
element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 1 => reg 1 ]
[ lookup reg 1 set __set%d 0x1 ]
# frag frag-off 22
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
[ cmp eq reg 1 0x0000b000 ]
# frag frag-off != 233
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
[ cmp neq reg 1 0x00004807 ]
# frag frag-off 33-45
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
[ cmp gte reg 1 0x00000801 ]
[ cmp lte reg 1 0x00006801 ]
# frag frag-off != 33-45
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
[ range neq reg 1 0x00000801 0x00006801 ]
# frag frag-off { 33, 55, 67, 88}
__set%d test-inet 3
__set%d test-inet 0
element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
[ lookup reg 1 set __set%d ]
# frag frag-off != { 33, 55, 67, 88}
__set%d test-inet 3
__set%d test-inet 0
element 00000801 : 0 [end] element 0000b801 : 0 [end] element 00001802 : 0 [end] element 0000c002 : 0 [end]
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 2b @ 44 + 2 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x0000f8ff ) ^ 0x00000000 ]
[ lookup reg 1 set __set%d 0x1 ]
# frag id 1
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# frag id 22
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
[ cmp eq reg 1 0x16000000 ]
# frag id != 33
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
[ cmp neq reg 1 0x21000000 ]
# frag id 33-45
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
[ cmp gte reg 1 0x21000000 ]
[ cmp lte reg 1 0x2d000000 ]
# frag id != 33-45
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
[ range neq reg 1 0x21000000 0x2d000000 ]
# frag id { 33, 55, 67, 88}
__set%d test-inet 3
__set%d test-inet 0
element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
[ lookup reg 1 set __set%d ]
# frag id != { 33, 55, 67, 88}
__set%d test-inet 3
__set%d test-inet 0
element 21000000 : 0 [end] element 37000000 : 0 [end] element 43000000 : 0 [end] element 58000000 : 0 [end]
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 4b @ 44 + 4 => reg 1 ]
[ lookup reg 1 set __set%d 0x1 ]
# frag reserved2 1
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x00000006 ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000002 ]
# frag more-fragments 0
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000000 ]
# frag more-fragments 1
inet test-inet output
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 44 + 3 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x00000001 ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000001 ]
|