const struct proto_ctx *ctx, unsigned int *shift);
bool payload_expr_trim_force(struct expr *expr, struct expr *mask,
unsigned int *shift);
+bool stmt_payload_expr_trim(struct stmt *stmt, const struct proto_ctx *ctx);
extern void payload_expr_expand(struct list_head *list, struct expr *expr,
const struct proto_ctx *ctx);
extern void payload_expr_complete(struct expr *expr,
* decoding changed '(payload & mask) ^ bits_to_set' into
* 'payload | bits_to_set', discarding the redundant "& 0xfff...".
*/
-static void stmt_payload_binop_postprocess(struct rule_pp_ctx *ctx)
+static void stmt_payload_binop_postprocess(struct rule_pp_ctx *ctx,
+ const struct proto_ctx *pctx)
{
struct expr *expr, *binop, *payload, *value, *mask;
struct stmt *stmt = ctx->stmt;
unsigned int shift_unused;
mpz_t tmp;
+ if (stmt_payload_expr_trim(stmt, pctx))
+ return;
+
mpz_init(tmp);
mpz_set(tmp, mask->value);
}
case OP_OR: /* IIb */
stmt_payload_binop_pp(ctx, expr);
+ if (stmt_payload_expr_trim(stmt, pctx))
+ return;
if (!payload_is_known(expr->left))
return;
break;
+ case OP_XOR:
+ if (stmt_payload_expr_trim(stmt, pctx))
+ return;
+
+ return;
default: /* No idea what to do */
return;
}
payload_expr_complete(stmt->payload.expr, &dl->pctx);
if (!payload_is_known(stmt->payload.expr))
- stmt_payload_binop_postprocess(ctx);
+ stmt_payload_binop_postprocess(ctx, &dl->pctx);
expr_postprocess(ctx, &stmt->payload.expr);
return true;
}
+/**
+ * stmt_payload_expr_trim - adjust payload len/offset according to mask
+ *
+ * @stmt: the payload statement
+ * @pctx: protocol context
+ *
+ * Infer offset to header field from mask, walk the template list to determine
+ * if offset falls within a matching header field.
+ *
+ * Trim the payload expression length accordingly, adjust the payload offset
+ * and return true if payload statement expressions has been updated.
+ *
+ * @return: true if @stmt was adjusted.
+ */
+bool stmt_payload_expr_trim(struct stmt *stmt, const struct proto_ctx *pctx)
+{
+ struct expr *expr = stmt->payload.val;
+ const struct proto_hdr_template *tmpl;
+ const struct proto_desc *desc;
+ struct expr *payload, *mask;
+ uint32_t offset, i, shift;
+ unsigned int mask_offset;
+ mpz_t bitmask, tmp, tmp2;
+ unsigned long n;
+
+ assert(stmt->ops->type == STMT_PAYLOAD);
+ assert(expr->etype == EXPR_BINOP);
+
+ payload = expr->left;
+ mask = expr->right;
+
+ if (payload->etype != EXPR_PAYLOAD ||
+ mask->etype != EXPR_VALUE)
+ return false;
+
+ if (payload_is_known(payload) ||
+ !pctx->protocol[payload->payload.base].desc ||
+ payload->len % (2 * BITS_PER_BYTE) != 0)
+ return false;
+
+ switch (expr->op) {
+ case OP_AND:
+ /* infer offset from first 0 in mask */
+ n = mpz_scan0(mask->value, 0);
+ if (n == ULONG_MAX)
+ return false;
+
+ mask_offset = payload->len - n;
+ break;
+ case OP_OR:
+ case OP_XOR:
+ /* infer offset from first 1 in mask */
+ n = mpz_scan1(mask->value, 0);
+ if (n == ULONG_MAX)
+ return false;
+
+ mask_offset = payload->len - n;
+ break;
+ default:
+ return false;
+ }
+
+ offset = payload->payload.offset + mask_offset;
+
+ desc = pctx->protocol[payload->payload.base].desc;
+ for (i = 1; i < array_size(desc->templates); i++) {
+ tmpl = &desc->templates[i];
+
+ if (tmpl->len == 0)
+ return false;
+
+ /* Is this inferred offset within this header field? */
+ if (tmpl->offset + tmpl->len >= offset) {
+ /* Infer shift to reach this header field. */
+ if ((tmpl->offset % (2 * BITS_PER_BYTE)) < 8) {
+ shift = BITS_PER_BYTE - (tmpl->offset % BITS_PER_BYTE + tmpl->len);
+ shift += BITS_PER_BYTE;
+ } else {
+ shift = (2 * BITS_PER_BYTE) - (tmpl->offset % (2 * BITS_PER_BYTE) + tmpl->len);
+ }
+
+ /* Build bitmask to fetch this header field. */
+ mpz_init2(bitmask, payload->len);
+ mpz_bitmask(bitmask, tmpl->len);
+ if (shift)
+ mpz_lshift_ui(bitmask, shift);
+
+ /* Check if mask expression falls within this header
+ * bitfield, if the mask expression is over this header
+ * field, then skip this delinearization, this could be
+ * a raw expression.
+ */
+ switch (expr->op) {
+ case OP_AND:
+ /* Inverted bitmask to fetch untouched bits. */
+ mpz_init_bitmask(tmp, payload->len);
+ mpz_xor(tmp, bitmask, tmp);
+
+ /* Get untouched bits out of the header field. */
+ mpz_init2(tmp2, payload->len);
+ mpz_and(tmp2, mask->value, tmp);
+
+ /* Modified any bits out of the header field? */
+ if (mpz_cmp(tmp, tmp2) != 0) {
+ mpz_clear(tmp);
+ mpz_clear(tmp2);
+ mpz_clear(bitmask);
+ return false;
+ }
+ mpz_clear(tmp2);
+ break;
+ case OP_OR:
+ case OP_XOR:
+ mpz_init2(tmp, payload->len);
+
+ /* Get modified bits in header field. */
+ mpz_and(tmp, mask->value, bitmask);
+
+ /* Modified any bits out of the header field? */
+ if (mpz_cmp(tmp, mask->value) != 0) {
+ mpz_clear(tmp);
+ mpz_clear(bitmask);
+ return false;
+ }
+ break;
+ default:
+ assert(0);
+ break;
+ }
+ mpz_clear(tmp);
+
+ /* Clear unrelated bits for this header field. Shrink
+ * to "real size". Shift bits when needed.
+ */
+ mpz_and(mask->value, bitmask, mask->value);
+ mpz_clear(bitmask);
+
+ mask->len -= (tmpl->offset - payload->payload.offset);
+ if (shift) {
+ mask->len -= shift;
+ mpz_rshift_ui(mask->value, shift);
+ }
+ payload->payload.offset = tmpl->offset;
+ payload->len = tmpl->len;
+
+ expr_free(stmt->payload.expr);
+ stmt->payload.expr = expr_get(payload);
+
+ if (expr->op == OP_AND) {
+ /* Reduce 'expr AND 0x0', otherwise listing
+ * shows:
+ *
+ * ip dscp set ip dscp & 0x0
+ *
+ * instead of the more compact:
+ *
+ * ip dscp set 0x0
+ */
+ if (mpz_cmp_ui(mask->value, 0) == 0) {
+ expr = stmt->payload.val;
+ stmt->payload.val = expr_get(mask);
+ expr_free(expr);
+ }
+ }
+ return true;
+ }
+ }
+
+ return false;
+}
+
/**
* payload_expr_expand - expand raw merged adjacent payload expressions into its
* original components
ip saddr 1.2.3.4 counter ip daddr 3.4.5.6;ok
ip dscp 1/6;ok;ip dscp & 0x3f == lephb
+
+ip ecn set ip ecn | ect0;ok
+ip ecn set ip ecn | ect1;ok
+ip ecn set ip ecn & ect0;ok
+ip ecn set ip ecn & ect1;ok
+tcp flags set tcp flags & (fin | syn | rst | psh | ack | urg);ok
+tcp flags set tcp flags | ecn | cwr;ok
+ip dscp set ip dscp | lephb;ok
+ip dscp set ip dscp & lephb;ok
+ip dscp set ip dscp & 0x1f;ok
+ip dscp set ip dscp & 0x4f;fail
+ip version set ip version | 1;ok
+ip version set ip version & 1;ok
+ip version set ip version | 0x1f;fail
+ip hdrlength set ip hdrlength | 1;ok
+ip hdrlength set ip hdrlength & 1;ok
+ip hdrlength set ip hdrlength | 0x1f;fail
}
}
]
+
+# ip ecn set ip ecn | ect0
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "ecn",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "payload": {
+ "field": "ecn",
+ "protocol": "ip"
+ }
+ },
+ "ect0"
+ ]
+ }
+ }
+ }
+]
+
+# ip ecn set ip ecn | ect1
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "ecn",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "payload": {
+ "field": "ecn",
+ "protocol": "ip"
+ }
+ },
+ "ect1"
+ ]
+ }
+ }
+ }
+]
+
+# ip ecn set ip ecn & ect0
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "ecn",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "&": [
+ {
+ "payload": {
+ "field": "ecn",
+ "protocol": "ip"
+ }
+ },
+ "ect0"
+ ]
+ }
+ }
+ }
+]
+
+# ip ecn set ip ecn & ect1
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "ecn",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "&": [
+ {
+ "payload": {
+ "field": "ecn",
+ "protocol": "ip"
+ }
+ },
+ "ect1"
+ ]
+ }
+ }
+ }
+]
+
+# tcp flags set tcp flags & (fin | syn | rst | psh | ack | urg)
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "flags",
+ "protocol": "tcp"
+ }
+ },
+ "value": {
+ "&": [
+ {
+ "payload": {
+ "field": "flags",
+ "protocol": "tcp"
+ }
+ },
+ {
+ "|": [
+ "fin",
+ "syn",
+ "rst",
+ "psh",
+ "ack",
+ "urg"
+ ]
+ }
+ ]
+ }
+ }
+ }
+]
+
+# tcp flags set tcp flags | ecn | cwr
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "flags",
+ "protocol": "tcp"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "payload": {
+ "field": "flags",
+ "protocol": "tcp"
+ }
+ },
+ "ecn",
+ "cwr"
+ ]
+ }
+ }
+ }
+]
+
+# ip dscp set ip dscp | lephb
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip"
+ }
+ },
+ "lephb"
+ ]
+ }
+ }
+ }
+]
+
+# ip dscp set ip dscp & lephb
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "&": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip"
+ }
+ },
+ "lephb"
+ ]
+ }
+ }
+ }
+]
+
+# ip dscp set ip dscp & 0x1f
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "&": [
+ {
+ "payload": {
+ "field": "dscp",
+ "protocol": "ip"
+ }
+ },
+ 31
+ ]
+ }
+ }
+ }
+]
+
+# ip version set ip version | 1
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "version",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "payload": {
+ "field": "version",
+ "protocol": "ip"
+ }
+ },
+ 1
+ ]
+ }
+ }
+ }
+]
+
+# ip version set ip version & 1
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "version",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "&": [
+ {
+ "payload": {
+ "field": "version",
+ "protocol": "ip"
+ }
+ },
+ 1
+ ]
+ }
+ }
+ }
+]
+
+# ip hdrlength set ip hdrlength | 1
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "hdrlength",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "|": [
+ {
+ "payload": {
+ "field": "hdrlength",
+ "protocol": "ip"
+ }
+ },
+ 1
+ ]
+ }
+ }
+ }
+]
+
+# ip hdrlength set ip hdrlength & 1
+[
+ {
+ "mangle": {
+ "key": {
+ "payload": {
+ "field": "hdrlength",
+ "protocol": "ip"
+ }
+ },
+ "value": {
+ "&": [
+ {
+ "payload": {
+ "field": "hdrlength",
+ "protocol": "ip"
+ }
+ },
+ 1
+ ]
+ }
+ }
+ }
+]
+
[ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
[ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000001 ]
+
+# ip ecn set ip ecn | ect0
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000200 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect1
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000100 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect0
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect1
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# tcp flags set tcp flags & (fin | syn | rst | psh | ack | urg)
+ip test-ip4 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 12 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00003fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ transport header + 12 csum_type 1 csum_off 16 csum_flags 0x0 ]
+
+# tcp flags set tcp flags | ecn | cwr
+ip test-ip4 input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 12 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00003fff ) ^ 0x0000c000 ]
+ [ payload write reg 1 => 2b @ transport header + 12 csum_type 1 csum_off 16 csum_flags 0x0 ]
+
+# ip dscp set ip dscp | lephb
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fbff ) ^ 0x00000400 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & lephb
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000007ff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & 0x1f
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00007fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version | 1
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ffef ) ^ 0x00000010 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version & 1
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength | 1
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fffe ) ^ 0x00000001 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength & 1
+ip test-ip4 input
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fff1 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
[ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
[ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000001 ]
+
+# ip ecn set ip ecn | ect0
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000200 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000100 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect0
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# tcp flags set tcp flags & (fin | syn | rst | psh | ack | urg)
+bridge test-bridge input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 12 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00003fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ transport header + 12 csum_type 1 csum_off 16 csum_flags 0x0 ]
+
+# tcp flags set tcp flags | ecn | cwr
+bridge test-bridge input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 12 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00003fff ) ^ 0x0000c000 ]
+ [ payload write reg 1 => 2b @ transport header + 12 csum_type 1 csum_off 16 csum_flags 0x0 ]
+
+# ip dscp set ip dscp | lephb
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fbff ) ^ 0x00000400 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & lephb
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000007ff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & 0x1f
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00007fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version | 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ffef ) ^ 0x00000010 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version & 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength | 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fffe ) ^ 0x00000001 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength & 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fff1 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect0
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000200 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000100 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect0
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp | lephb
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fbff ) ^ 0x00000400 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+# ip dscp set ip dscp & lephb
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000007ff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & 0x1f
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00007fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version | 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ffef ) ^ 0x00000010 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version & 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength | 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fffe ) ^ 0x00000001 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength & 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fff1 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect0
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000200 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000100 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect0
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp | lephb
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fbff ) ^ 0x00000400 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+# ip dscp set ip dscp & lephb
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000007ff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & 0x1f
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00007fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version | 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ffef ) ^ 0x00000010 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version & 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength | 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fffe ) ^ 0x00000001 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength & 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fff1 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect0
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000200 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000100 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect0
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp | lephb
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fbff ) ^ 0x00000400 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+# ip dscp set ip dscp & lephb
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000007ff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & 0x1f
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00007fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version | 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ffef ) ^ 0x00000010 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version & 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength | 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fffe ) ^ 0x00000001 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength & 1
+bridge test-bridge input
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fff1 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
[ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
[ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000001 ]
+
+# ip ecn set ip ecn | ect0
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000200 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000100 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect0
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# tcp flags set tcp flags & (fin | syn | rst | psh | ack | urg)
+inet test-inet input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 12 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00003fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ transport header + 12 csum_type 1 csum_off 16 csum_flags 0x0 ]
+
+# tcp flags set tcp flags | ecn | cwr
+inet test-inet input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 12 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00003fff ) ^ 0x0000c000 ]
+ [ payload write reg 1 => 2b @ transport header + 12 csum_type 1 csum_off 16 csum_flags 0x0 ]
+
+# ip dscp set ip dscp | lephb
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fbff ) ^ 0x00000400 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & lephb
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000007ff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & 0x1f
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00007fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version | 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ffef ) ^ 0x00000010 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version & 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength | 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fffe ) ^ 0x00000001 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength & 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fff1 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect0
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000200 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000100 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect0
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp | lephb
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fbff ) ^ 0x00000400 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & lephb
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000007ff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & 0x1f
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00007fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version | 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ffef ) ^ 0x00000010 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version & 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength | 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fffe ) ^ 0x00000001 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength & 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fff1 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect0
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000200 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000100 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect0
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp | lephb
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fbff ) ^ 0x00000400 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & lephb
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000007ff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & 0x1f
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00007fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version | 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ffef ) ^ 0x00000010 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version & 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength | 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fffe ) ^ 0x00000001 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength & 1
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fff1 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
[ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
[ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000001 ]
+
+# ip ecn set ip ecn | ect0
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000200 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000100 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect0
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp | lephb
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fbff ) ^ 0x00000400 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & lephb
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x000007ff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & 0x1f
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00007fff ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version | 1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ffef ) ^ 0x00000010 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version & 1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength | 1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fffe ) ^ 0x00000001 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength & 1
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 2b @ network header + 0 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x0000fff1 ) ^ 0x00000000 ]
+ [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
projects / thirdparty / nftables.git / commitdiff
