tcp window { 33-55};ok
- tcp window != { 33-55};ok
-tcp checksum 23456 log drop;ok
tcp checksum 22;ok
tcp checksum != 233;ok
tcp checksum 33-45;ok
[ payload load 2b @ transport header + 14 => reg 1 ]
[ lookup reg 1 set set%d ]
-# tcp checksum 23456 log drop
-inet test-inet input
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
- [ payload load 2b @ transport header + 16 => reg 1 ]
- [ cmp eq reg 1 0x0000a05b ]
- [ log prefix (null) ]
- [ immediate reg 0 drop ]
-
# tcp checksum 22
inet test-inet input
[ meta load l4proto => reg 1 ]
[ payload load 2b @ transport header + 14 => reg 1 ]
[ lookup reg 1 set set%d ]
-# tcp checksum 23456 log drop
-ip test-ip4 input
- [ payload load 1b @ network header + 9 => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
- [ payload load 2b @ transport header + 16 => reg 1 ]
- [ cmp eq reg 1 0x0000a05b ]
- [ log prefix (null) ]
- [ immediate reg 0 drop ]
-
# tcp checksum 22
ip test-ip4 input
[ payload load 1b @ network header + 9 => reg 1 ]
[ payload load 2b @ transport header + 14 => reg 1 ]
[ lookup reg 1 set set%d ]
-# tcp checksum 23456 log drop
-ip6 test-ip6 input
- [ payload load 1b @ network header + 6 => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
- [ payload load 2b @ transport header + 16 => reg 1 ]
- [ cmp eq reg 1 0x0000a05b ]
- [ log prefix (null) ]
- [ immediate reg 0 drop ]
-
# tcp checksum 22
ip6 test-ip6 input
[ payload load 1b @ network header + 6 => reg 1 ]
- ip frag-off != { 33-55};ok
ip ttl 0 drop;ok
-ip ttl 233 log;ok
+ip ttl 233;ok
ip ttl 33-55;ok
ip ttl != 45-50;ok
ip ttl {43, 53, 45 };ok
ip ttl { 33-55};ok
- ip ttl != { 33-55};ok
-ip protocol tcp log;ok;ip protocol 6 log
-ip protocol != tcp log;ok;ip protocol != 6 log
+ip protocol tcp;ok;ip protocol 6
+ip protocol != tcp;ok;ip protocol != 6
ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept
- ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok
ip saddr 192.168.2.0/24;ok
ip saddr != 192.168.2.0/24;ok
ip saddr 192.168.3.1 ip daddr 192.168.3.100;ok
-ip saddr != 1.1.1.1 log prefix giuseppe;ok;ip saddr != 1.1.1.1 log prefix "giuseppe"
-ip saddr 1.1.1.1 log prefix example group 1;ok;ip saddr 1.1.1.1 log prefix "example" group 1
+ip saddr != 1.1.1.1;ok;ip saddr != 1.1.1.1
+ip saddr 1.1.1.1;ok;ip saddr 1.1.1.1
ip daddr 192.168.0.1-192.168.0.250;ok
ip daddr 10.0.0.0-10.255.255.255;ok
ip daddr 172.16.0.0-172.31.255.255;ok
ip daddr 192.168.0.1;ok
ip daddr 192.168.0.1 drop;ok
-ip daddr 192.168.0.2 log;ok
+ip daddr 192.168.0.2;ok
ip saddr \& 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1
ip saddr \& 0.0.0.255 \< 0.0.0.127;ok;ip saddr & 0.0.0.255 < 0.0.0.127
[ cmp eq reg 1 0x00000000 ]
[ immediate reg 0 drop ]
-# ip ttl 233 log
+# ip ttl 233
ip test-ip4 input
[ payload load 1b @ network header + 8 => reg 1 ]
[ cmp eq reg 1 0x000000e9 ]
- [ log prefix (null) ]
# ip ttl 33-55
ip test-ip4 input
[ payload load 1b @ network header + 8 => reg 1 ]
[ lookup reg 1 set set%d ]
-# ip protocol tcp log
+# ip protocol tcp
ip test-ip4 input
[ payload load 1b @ network header + 9 => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
- [ log prefix (null) ]
-# ip protocol != tcp log
+# ip protocol != tcp
ip test-ip4 input
[ payload load 1b @ network header + 9 => reg 1 ]
[ cmp neq reg 1 0x00000006 ]
- [ log prefix (null) ]
# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept
set%d test-ip4 3
[ payload load 8b @ network header + 12 => reg 1 ]
[ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ]
-# ip saddr != 1.1.1.1 log prefix giuseppe
+# ip saddr != 1.1.1.1
ip test-ip4 input
[ payload load 4b @ network header + 12 => reg 1 ]
[ cmp neq reg 1 0x01010101 ]
- [ log prefix giuseppe ]
-# ip saddr 1.1.1.1 log prefix example group 1
+# ip saddr 1.1.1.1
ip test-ip4 input
[ payload load 4b @ network header + 12 => reg 1 ]
[ cmp eq reg 1 0x01010101 ]
- [ log prefix example group 1 snaplen 0 qthreshold 0]
# ip daddr 192.168.0.1-192.168.0.250
ip test-ip4 input
[ cmp eq reg 1 0x0100a8c0 ]
[ immediate reg 0 drop ]
-# ip daddr 192.168.0.2 log
+# ip daddr 192.168.0.2
ip test-ip4 input
[ payload load 4b @ network header + 16 => reg 1 ]
[ cmp eq reg 1 0x0200a8c0 ]
- [ log prefix (null) ]
# ip saddr \& 0xff == 1
ip test-ip4 input
[ cmp eq reg 1 0x00000000 ]
[ immediate reg 0 drop ]
-# ip ttl 233 log
+# ip ttl 233
inet test-inet input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
[ payload load 1b @ network header + 8 => reg 1 ]
[ cmp eq reg 1 0x000000e9 ]
- [ log prefix (null) ]
# ip ttl 33-55
inet test-inet input
[ payload load 1b @ network header + 8 => reg 1 ]
[ lookup reg 1 set set%d ]
-# ip protocol tcp log
+# ip protocol tcp
inet test-inet input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
[ payload load 1b @ network header + 9 => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
- [ log prefix (null) ]
-# ip protocol != tcp log
+# ip protocol != tcp
inet test-inet input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
[ payload load 1b @ network header + 9 => reg 1 ]
[ cmp neq reg 1 0x00000006 ]
- [ log prefix (null) ]
# ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept
set%d test-inet 3
[ payload load 8b @ network header + 12 => reg 1 ]
[ cmp eq reg 1 0x0103a8c0 0x6403a8c0 ]
-# ip saddr != 1.1.1.1 log prefix giuseppe
+# ip saddr != 1.1.1.1
inet test-inet input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
[ payload load 4b @ network header + 12 => reg 1 ]
[ cmp neq reg 1 0x01010101 ]
- [ log prefix giuseppe ]
-# ip saddr 1.1.1.1 log prefix example group 1
+# ip saddr 1.1.1.1
inet test-inet input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
[ payload load 4b @ network header + 12 => reg 1 ]
[ cmp eq reg 1 0x01010101 ]
- [ log prefix example group 1 snaplen 0 qthreshold 0]
# ip daddr 192.168.0.1-192.168.0.250
inet test-inet input
[ cmp eq reg 1 0x0100a8c0 ]
[ immediate reg 0 drop ]
-# ip daddr 192.168.0.2 log
+# ip daddr 192.168.0.2
inet test-inet input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
[ payload load 4b @ network header + 16 => reg 1 ]
[ cmp eq reg 1 0x0200a8c0 ]
- [ log prefix (null) ]
# ip saddr \& 0xff == 1
inet test-inet input
ip6 length { 33-55};ok
- ip6 length != { 33-55};ok
-ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log;ok;ip6 nexthdr { 132, 51, 108, 136, 17, 33, 6} log
+ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp};ok;ip6 nexthdr { 132, 51, 108, 136, 17, 33, 6}
ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok;ip6 nexthdr { 6, 136, 108, 33, 50, 17, 132, 58, 51}
- ip6 nexthdr != {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6};ok
ip6 nexthdr esp;ok;ip6 nexthdr 50
ip6 nexthdr 33-44;ok
ip6 nexthdr != 33-44;ok
-ip6 hoplimit 1 log;ok
+ip6 hoplimit 1;ok
ip6 hoplimit != 233;ok
ip6 hoplimit 33-45;ok
ip6 hoplimit != 33-45;ok
[ payload load 2b @ network header + 4 => reg 1 ]
[ lookup reg 1 set set%d ]
-# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log
+# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp}
set%d test-inet 3
set%d test-inet 0
element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
[ cmp eq reg 1 0x0000000a ]
[ payload load 1b @ network header + 6 => reg 1 ]
[ lookup reg 1 set set%d ]
- [ log prefix (null) ]
# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
set%d test-inet 3
[ cmp lt reg 1 0x00000021 ]
[ cmp gt reg 1 0x0000002c ]
-# ip6 hoplimit 1 log
+# ip6 hoplimit 1
inet test-inet input
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ payload load 1b @ network header + 7 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
- [ log prefix (null) ]
# ip6 hoplimit != 233
inet test-inet input
[ payload load 2b @ network header + 4 => reg 1 ]
[ lookup reg 1 set set%d ]
-# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp} log
+# ip6 nexthdr {udp, ah, comp, udplite, tcp, dccp, sctp}
set%d test-ip6 3
set%d test-ip6 0
element 00000011 : 0 [end] element 00000033 : 0 [end] element 0000006c : 0 [end] element 00000088 : 0 [end] element 00000006 : 0 [end] element 00000021 : 0 [end] element 00000084 : 0 [end]
ip6 test-ip6 input
[ payload load 1b @ network header + 6 => reg 1 ]
[ lookup reg 1 set set%d ]
- [ log prefix (null) ]
# ip6 nexthdr {esp, ah, comp, udp, udplite, tcp, dccp, sctp, icmpv6}
set%d test-ip6 3
[ cmp lt reg 1 0x00000021 ]
[ cmp gt reg 1 0x0000002c ]
-# ip6 hoplimit 1 log
+# ip6 hoplimit 1
ip6 test-ip6 input
[ payload load 1b @ network header + 7 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
- [ log prefix (null) ]
# ip6 hoplimit != 233
ip6 test-ip6 input
projects / thirdparty / nftables.git / commitdiff
