1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
# hbh hdrlength 22
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000016 ]
# hbh hdrlength != 233
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
[ cmp neq reg 1 0x000000e9 ]
# hbh hdrlength 33-45
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
[ cmp gte reg 1 0x00000021 ]
[ cmp lte reg 1 0x0000002d ]
# hbh hdrlength != 33-45
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
[ range neq reg 1 0x00000021 0x0000002d ]
# hbh hdrlength {33, 55, 67, 88}
__set%d test-inet 3
__set%d test-inet 0
element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
[ lookup reg 1 set __set%d ]
# hbh hdrlength != {33, 55, 67, 88}
__set%d test-inet 3
__set%d test-inet 0
element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 1 => reg 1 ]
[ lookup reg 1 set __set%d 0x1 ]
# hbh nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
__set%d test-inet 3
__set%d test-inet 0
element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
[ lookup reg 1 set __set%d ]
# hbh nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
__set%d test-inet 3
__set%d test-inet 0
element 00000032 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000011 : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end] element 0000003a : 0 [end]
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
[ lookup reg 1 set __set%d 0x1 ]
# hbh nexthdr 22
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000016 ]
# hbh nexthdr != 233
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
[ cmp neq reg 1 0x000000e9 ]
# hbh nexthdr 33-45
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
[ cmp gte reg 1 0x00000021 ]
[ cmp lte reg 1 0x0000002d ]
# hbh nexthdr != 33-45
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
[ range neq reg 1 0x00000021 0x0000002d ]
# hbh nexthdr {33, 55, 67, 88}
__set%d test-inet 3
__set%d test-inet 0
element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
[ lookup reg 1 set __set%d ]
# hbh nexthdr != {33, 55, 67, 88}
__set%d test-inet 3
__set%d test-inet 0
element 00000021 : 0 [end] element 00000037 : 0 [end] element 00000043 : 0 [end] element 00000058 : 0 [end]
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
[ lookup reg 1 set __set%d 0x1 ]
# hbh nexthdr ip
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000000 ]
# hbh nexthdr != ip
inet test-inet filter-input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ exthdr load ipv6 1b @ 0 + 0 => reg 1 ]
[ cmp neq reg 1 0x00000000 ]
|