new file mode 100644
@@ -0,0 +1,63 @@
+*ip;test-ip4
+*ip6;test-ip6
+*inet;test-inet
+
+:input;type filter hook input priority 0
+
+# nexthdr
+# Bug to list table.
+
+- ah nexthdr esp;ok
+- ah nexthdr ah;ok
+- ah nexthdr comp;ok
+- ah nexthdr udp;ok
+- ah nexthdr udplite;ok
+- ah nexthdr tcp;ok
+- ah nexthdr dccp;ok
+- ah nexthdr sctp;ok
+
+- ah nexthdr { esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok
+- ah nexthdr != { esp, ah, comp, udp, udplite, tcp, dccp, sctp};ok
+
+# hdrlength
+ah hdrlength 11-23;ok;ah hdrlength >= 11 ah hdrlength <= 23
+ah hdrlength != 11-23;ok;ah hdrlength < 11 ah hdrlength > 23
+ah hdrlength { 11-23};ok
+- ah hdrlength != { 11-23};ok
+ah hdrlength {11, 23, 44 };ok
+- ah hdrlength != {11-23 };ok
+
+# reserved
+ah reserved 22;ok
+ah reserved != 233;ok
+ah reserved 33-45;ok;ah reserved >= 33 ah reserved <= 45
+ah reserved != 33-45;ok;ah reserved < 33 ah reserved > 45
+ah reserved {23, 100};ok
+- ah reserved != {33, 55, 67, 88};ok
+ah reserved { 33-55};ok
+- ah reserved != { 33-55};ok
+
+#spi
+ah spi 111;ok
+ah spi != 111;ok
+ah spi 111-222;ok;ah spi >= 111 ah spi <= 222
+ah spi != 111-222;ok;ah spi < 111 ah spi > 222
+ah spi {111, 122};ok
+-ah spi != {111, 122};ok
+# BUG: invalid expression type set
+# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+
+ah spi { 111-122};ok
+-ah spi != { 111-122};ok
+# BUG: invalid expression type set
+# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+
+# sequence
+ah sequence 123;ok
+ah sequence != 123;ok
+ah sequence {23, 25, 33};ok
+-ah sequence != {23, 25, 33};ok
+ah sequence { 23-33};ok
+-ah sequence != { 33-44};ok
+ah sequence 23-33;ok;ah sequence >= 23 ah sequence <= 33
+ah sequence != 23-33;ok;ah sequence < 23 ah sequence > 33
new file mode 100644
@@ -0,0 +1,31 @@
+*ip;test-ip4
+*ip6;test-ip6
+*inet;test-inet
+
+:input;type filter hook input priority 0
+
+# BUG: Do no list table.
+-comp nexthdr esp;ok
+comp nexthdr != esp;ok
+
+-comp nexthdr {esp, ah, comp, udp, udplite, tcp, tcp, dccp, sctp};ok
+# comp flags ## 8-bit field. Reserved for future use. MUST be set to zero.
+
+# Bug comp flags: to list. List the decimal value.
+comp flags 0x00;ok
+comp flags != 0x23;ok
+comp flags 0x33-0x45;ok
+comp flags != 0x33-0x45;ok
+comp flags {0x33, 0x55, 0x67, 0x88};ok
+-comp flags != {0x33, 0x55, 0x67, 0x88};ok
+comp flags { 0x33-0x55};ok
+-comp flags != { 0x33-0x55};ok
+
+comp cpi 22;ok
+comp cpi != 233;ok
+comp cpi 33-45;ok;comp cpi >= 33 comp cpi <= 45
+comp cpi != 33-45;ok;comp cpi < 33 comp cpi > 45
+comp cpi {33, 55, 67, 88};ok
+-comp cpi != {33, 55, 67, 88};ok
+comp cpi { 33-55};ok
+-comp cpi != { 33-55};ok
new file mode 100644
@@ -0,0 +1,31 @@
+*ip;test-ip4
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+dccp sport 21-35;ok;dccp sport >= ftp dccp sport <= 35
+dccp sport != 21-35;ok;dccp sport < ftp dccp sport > 35
+dccp sport {23, 24, 25};ok;dccp sport { smtp, 24, telnet}
+- dccp sport != { 27, 34};ok
+# BUG: invalid expression type set
+# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+
+dccp sport { ftp-data - re-mail-ck};ok
+dccp sport ftp-data - re-mail-ck;ok;dccp sport >= ftp-data dccp sport <= re-mail-ck
+dccp sport { 20-50};ok;dccp sport { ftp-data-re-mail-ck}
+# dccp sport != {27-34};ok
+- BUG: invalid expression type set
+- nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+
+#dccp dport 21-35;ok
+#dccp dport != 21-35;ok
+dccp dport {23, 24, 25};ok;dccp dport { smtp, 24, telnet}
+# dccp dport != {27, 34};ok
+dccp dport { 20-50};ok;dccp dport { ftp-data-re-mail-ck}
+# dccp dport != {27-34};ok
+
+# BUG dccp type
+#dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok
+#dccp type != {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok
+#dccp type request;ok
+#dccp type != request;ok
new file mode 100644
@@ -0,0 +1,23 @@
+*ip;test-ip4
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+esp spi 100;ok
+esp spi != 100;ok
+esp spi 111-222;ok;esp spi >= 111 esp spi <= 222
+esp spi != 111-222;ok;esp spi < 111 esp spi > 222
+esp spi { 100, 102};ok
+-esp spi != { 100, 102};ok
+esp spi { 100-102};ok
+-esp spi {100-102};ok
+
+esp sequence 22;ok
+esp sequence 22-24;ok;esp sequence >= 22 esp sequence <= 24
+esp sequence != 22-24;ok;esp sequence < 22 esp sequence > 24
+esp sequence { 22, 24};ok
+- esp sequence != { 22, 24};ok
+# BUG: invalid expression type set
+# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+esp sequence { 22-25};ok
+-esp sequence != { 22-25};ok
new file mode 100644
@@ -0,0 +1,42 @@
+*ip;test-ip4
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+sctp sport 23;ok;sctp sport telnet
+sctp sport != 23;ok;sctp sport != telnet
+sctp sport 23-44;ok;sctp sport >= telnet sctp sport <= 44
+sctp sport != 23-44;ok;sctp sport < telnet sctp sport > 44
+sctp sport { 23, 24, 25};ok;sctp sport { smtp, 24, telnet}
+# sctp sport != { 23, 24, 25};ok
+sctp sport { 23-44};ok;sctp sport { telnet-44}
+# sctp sport != { 23-44};ok
+-# BUG: invalid expression type set
+-# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+
+sctp dport 23;ok;sctp dport telnet
+sctp dport != 23;ok;sctp dport != telnet
+sctp dport 23-44;ok;sctp dport >= telnet sctp dport <= 44
+sctp dport != 23-44;ok;sctp dport < telnet sctp dport > 44
+sctp dport { 23, 24, 25};ok;sctp dport { smtp, 24, telnet}
+# sctp dport != { 23, 24, 25};ok
+sctp dport { 23-44};ok;sctp dport { telnet-44}
+# sctp dport != { 23-44};ok
+
+sctp checksum 1111;ok
+sctp checksum != 11;ok
+sctp checksum 21-333;ok;sctp checksum >= 21 sctp checksum <= 333
+sctp checksum != 32-111;ok;sctp checksum < 32 sctp checksum > 111
+sctp checksum { 22, 33, 44};ok
+# sctp checksum != { 22, 33, 44};ok
+sctp checksum { 22-44};ok
+# sctp checksum != { 22-44};ok
+
+sctp vtag 22;ok
+sctp vtag != 233;ok
+sctp vtag 33-45;ok;sctp vtag >= 33 sctp vtag <= 45
+sctp vtag != 33-45;ok;sctp vtag < 33 sctp vtag > 45
+sctp vtag {33, 55, 67, 88};ok
+# sctp vtag != {33, 55, 67, 88};ok
+sctp vtag { 33-55};ok
+# sctp vtag != { 33-55};ok
new file mode 100644
@@ -0,0 +1,104 @@
+*ip;test-ip4
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+tcp dport 22;ok;tcp dport ssh
+tcp dport != 233;ok
+tcp dport 33-45;ok;tcp dport >= 33 tcp dport <= 45
+tcp dport != 33-45;ok;tcp dport < 33 tcp dport > 45
+tcp dport { 33, 55, 67, 88};ok;tcp dport { 33, 55, kerberos, bootps}
+-tcp dport != { 33, 55, 67, 88};ok
+tcp dport { 33-55};ok
+-tcp dport != { 33-55};ok
+tcp dport {telnet, http, https} accept;ok
+tcp dport vmap { 22 : accept, 23 : drop };ok;tcp dport vmap { ssh : accept, telnet : drop}
+tcp dport vmap { 25:accept, 28:drop };ok;tcp dport vmap { 28 : drop, smtp : accept}
+tcp dport { 22, 53, 80, 110 };ok;tcp dport { pop3, domain, ssh, http}
+- tcp dport != { 22, 53, 80, 110 };ok
+# BUG: invalid expression type set
+# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+
+tcp sport 22;ok;tcp sport ssh
+tcp sport != 233;ok
+tcp sport 33-45;ok;tcp sport >= 33 tcp sport <= 45
+tcp sport != 33-45;ok;tcp sport < 33 tcp sport > 45
+tcp sport { 33, 55, 67, 88};ok;tcp sport { 33, 55, kerberos, bootps}
+- tcp sport != { 33, 55, 67, 88};ok
+tcp sport { 33-55};ok
+- tcp sport != { 33-55};ok
+tcp sport vmap { 25:accept, 28:drop };ok;tcp sport vmap { 28 : drop, smtp : accept}
+
+tcp sport 8080 drop;ok;tcp sport http-alt drop
+tcp sport 1024 tcp dport 22;ok;tcp sport 1024 tcp dport ssh
+tcp sport 1024 tcp dport 22 tcp sequence 0;ok;tcp sport 1024 tcp dport ssh tcp sequence 0
+
+tcp sequence 0 tcp sport 1024 tcp dport 22;ok;tcp sport 1024 tcp dport ssh tcp sequence 0
+tcp sequence 0 tcp sport { 1024, 1022} tcp dport 22;ok
+
+tcp sequence 22;ok
+tcp sequence != 233;ok
+tcp sequence 33-45;ok;tcp sequence >= 33 tcp sequence <= 45
+tcp sequence != 33-45;ok;tcp sequence < 33 tcp sequence > 45
+tcp sequence { 33, 55, 67, 88};ok
+-tcp sequence != { 33, 55, 67, 88};ok
+tcp sequence { 33-55};ok
+-tcp sequence != { 33-55};ok
+
+tcp ackseq 42949672 drop;ok
+tcp ackseq 22;ok
+tcp ackseq != 233;ok
+tcp ackseq 33-45;ok;tcp ackseq >= 33 tcp ackseq <= 45
+tcp ackseq != 33-45;ok;tcp ackseq < 33 tcp ackseq > 45
+tcp ackseq { 33, 55, 67, 88};ok
+-tcp ackseq != { 33, 55, 67, 88};ok
+tcp ackseq { 33-55};ok
+-tcp ackseq != { 33-55};ok
+
+# BUG doff
+-tcp doff 22;ok
+-tcp doff != 233;ok
+-tcp doff 33-45;ok
+-tcp doff != 33-45;ok
+-tcp doff { 33, 55, 67, 88};ok
+-tcp doff != { 33, 55, 67, 88};ok
+-tcp doff { 33-55};ok
+-tcp doff != { 33-55};ok
+
+# BUG reserved
+# BUG: It is accepted but it is not shown then. tcp reserver
+
+tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop;ok
+-tcp flags != { fin, urg, ecn, cwr} drop;ok
+tcp flags cwr;ok
+tcp flags != cwr;ok
+
+tcp window 22222;ok
+tcp window 22;ok
+tcp window != 233;ok
+tcp window 33-45;ok;tcp window >= 33 tcp window <= 45
+tcp window != 33-45;ok;tcp window < 33 tcp window > 45
+tcp window { 33, 55, 67, 88};ok
+-tcp window != { 33, 55, 67, 88};ok
+tcp window { 33-55};ok
+-tcp window != { 33-55};ok
+
+tcp checksum 23456 log drop;ok
+tcp checksum 22;ok
+tcp checksum != 233;ok
+tcp checksum 33-45;ok;tcp checksum >= 33 tcp checksum <= 45
+tcp checksum != 33-45;ok;tcp checksum < 33 tcp checksum > 45
+tcp checksum { 33, 55, 67, 88};ok
+-tcp checksum != { 33, 55, 67, 88};ok
+tcp checksum { 33-55};ok
+-tcp checksum != { 33-55};ok
+
+tcp urgptr 1234 accept;ok
+tcp urgptr 22;ok
+tcp urgptr != 233;ok
+tcp urgptr 33-45;ok;tcp urgptr >= 33 tcp urgptr <= 45
+tcp urgptr != 33-45;ok;tcp urgptr < 33 tcp urgptr > 45
+tcp urgptr { 33, 55, 67, 88};ok
+-tcp urgptr != { 33, 55, 67, 88};ok
+tcp urgptr { 33-55};ok
+-tcp urgptr != { 33-55};ok
new file mode 100644
@@ -0,0 +1,49 @@
+*ip;test-ip4
+*ip;test-ip6
+*ip;test-inet
+:input;type filter hook input priority 0
+
+udp sport 80 accept;ok;udp sport http accept
+udp sport != 60 accept;ok
+udp sport 50-70 accept;ok;udp sport >= re-mail-ck udp sport <= gopher accept
+udp sport != 50-60 accept;ok;udp sport < re-mail-ck udp sport > 60 accept
+udp sport { 49, 50} drop;ok;udp sport { re-mail-ck, tacacs} drop
+- udp sport != { 50, 60} accept;ok
+# BUG: invalid expression type set
+# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+udp sport { 12-40};ok
+-udp sport != { 13-24};ok
+
+udp dport 80 accept;ok;udp dport http accept
+udp dport != 60 accept;ok
+udp dport 70-75 accept;ok;udp dport >= gopher udp dport <= 75 accept
+udp dport != 50-60 accept;ok;udp dport < re-mail-ck udp dport > 60 accept
+udp dport { 49, 50} drop;ok;udp dport { re-mail-ck, tacacs} drop
+-udp dport != { 50, 60} accept;ok
+# BUG: invalid expression type set
+# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+udp dport { 70-75} accept;ok;udp dport { gopher-75} accept
+- udp dport != { 50-60} accept;ok
+
+udp length 6666;ok
+udp length != 6666;ok
+udp length 50-65 accept;ok;udp length >= 50 udp length <= 65 accept
+udp length != 50-65 accept;ok;udp length < 50 udp length > 65 accept
+udp length { 50, 65} accept;ok
+-udp length != { 50, 65} accept;ok
+udp length { 35-50};ok
+-udp length != { 35-50};ok
+
+udp checksum 6666 drop;ok
+- udp checksum != { 444, 555} accept;ok
+# BUG: invalid expression type set
+# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+
+udp checksum 22;ok
+udp checksum != 233;ok
+udp checksum 33-45;ok;udp checksum >= 33 udp checksum <= 45
+udp checksum != 33-45;ok;udp checksum < 33 udp checksum > 45
+udp checksum { 33, 55, 67, 88};ok
+-udp checksum != { 33, 55, 67, 88};ok
+udp checksum { 33-55};ok
+-udp checksum != { 33-55};ok
new file mode 100644
@@ -0,0 +1,42 @@
+*ip;test-ip4
+*ip6;test-ip6
+*inet;test-inet
+:input;type filter hook input priority 0
+
+udplite sport 80 accept;ok;udplite sport http accept
+udplite sport != 60 accept;okudplite sport http != accept
+udplite sport 50-70 accept;ok;udplite sport >= re-mail-ck udplite sport <= gopher accept
+udplite sport != 50-60 accept;ok;udplite sport < re-mail-ck udplite sport > 60 accept
+udplite sport { 49, 50} drop;ok;udplite sport { re-mail-ck, tacacs} drop
+-udplite sport != { 50, 60} accept;ok
+udplite sport { 12-40};ok
+-udplite sport != { 13-24};ok
+
+udplite dport 80 accept;ok;udplite dport http accept
+udplite dport != 60 accept;ok
+udplite dport 70-75 accept;ok;udplite dport >= gopher udplite dport <= 75 accept
+udplite dport != 50-60 accept;ok;udplite dport < re-mail-ck udplite dport > 60 accept
+udplite dport { 49, 50} drop;ok;udplite dport { re-mail-ck, tacacs} drop
+-udplite dport != { 50, 60} accept;ok
+udplite dport { 70-75} accept;ok;udplite dport { gopher-75} accept
+-udplite dport != { 50-60} accept;ok
+
+-udplite csumcov 6666;ok
+-udplite csumcov != 6666;ok
+-udplite csumcov 50-65 accept;ok
+-udplite csumcov != 50-65 accept;ok
+-udplite csumcov { 50, 65} accept;ok
+-udplite csumcov != { 50, 65} accept;ok
+-udplite csumcov { 35-50};ok
+-udplite csumcov != { 35-50};ok
+
+udplite checksum 6666 drop;ok
+-udplite checksum != { 444, 555} accept;ok
+udplite checksum 22;ok
+udplite checksum != 233;ok
+udplite checksum 33-45;ok;udplite checksum >= 33 udplite checksum <= 45
+udplite checksum != 33-45;ok;udplite checksum < 33 udplite checksum > 45
+udplite checksum { 33, 55, 67, 88};ok
+-udplite checksum != { 33, 55, 67, 88};ok
+udplite checksum { 33-55};ok
+-udplite checksum != { 33-55};ok
"inet" folder contains the test files that are executed in ipv4, ipv6 and inet family of tables. These test files are executed with nft-tests.py Signed-off-by: Ana Rey <anarey@gmail.com> --- tests/inet/ah.t | 63 +++++++++++++++++++++++++++++++ tests/inet/comp.t | 31 +++++++++++++++ tests/inet/dccp.t | 31 +++++++++++++++ tests/inet/esp.t | 23 ++++++++++++ tests/inet/sctp.t | 42 +++++++++++++++++++++ tests/inet/tcp.t | 104 +++++++++++++++++++++++++++++++++++++++++++++++++++ tests/inet/udp.t | 49 ++++++++++++++++++++++++ tests/inet/udplite.t | 42 +++++++++++++++++++++ 8 files changed, 385 insertions(+) create mode 100644 tests/inet/ah.t create mode 100644 tests/inet/comp.t create mode 100644 tests/inet/dccp.t create mode 100644 tests/inet/esp.t create mode 100644 tests/inet/sctp.t create mode 100644 tests/inet/tcp.t create mode 100644 tests/inet/udp.t create mode 100644 tests/inet/udplite.t