upg libotr nftables
This commit is contained in:
parent
c5ac6577fc
commit
07ec064fcc
|
@ -7,17 +7,21 @@
|
||||||
|
|
||||||
pkgname=libotr
|
pkgname=libotr
|
||||||
pkgver=4.1.1
|
pkgver=4.1.1
|
||||||
pkgrel=03
|
pkgrel=04
|
||||||
pkgdesc='Off-the-Record Messaging Library and Toolkit a thunderbird dependency w/o systemd'
|
pkgdesc='Off-the-Record Messaging Library and Toolkit a thunderbird dependency w/o systemd'
|
||||||
url='https://otr.cypherpunks.ca/'
|
url='https://otr.cypherpunks.ca/'
|
||||||
depends=('libgcrypt')
|
depends=('libgcrypt')
|
||||||
source=(https://otr.cypherpunks.ca/${pkgname}-${pkgver}.tar.gz{,.asc}
|
source=(https://otr.cypherpunks.ca/${pkgname}-${pkgver}.tar.gz{,.asc}
|
||||||
missing-include.patch)
|
missing-include.patch)
|
||||||
|
# "$pkgname-4.1.1-include-socket.h.patch")
|
||||||
|
|
||||||
prepare() {
|
prepare() {
|
||||||
cd "${srcdir}/${pkgbase}-${pkgver}"
|
cd "${srcdir}/${pkgbase}-${pkgver}"
|
||||||
# void patch for lack of systemd
|
# void patch for lack of systemd
|
||||||
patch -Np1 < ../missing-include.patch
|
patch -Np1 < ../missing-include.patch
|
||||||
|
# Arch now added the patch used by void earlier ??
|
||||||
|
# # FS#75450
|
||||||
|
# patch -d "$pkgname-$pkgver" -N -p 1 -i "${srcdir}/$pkgname-4.1.1-include-socket.h.patch"
|
||||||
}
|
}
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
|
@ -45,6 +49,8 @@ validpgpkeys=('22DF3305DF56667CE15784FCF24DE08F42C2ABAD') # OTR Dev Team
|
||||||
sha256sums=(8b3b182424251067a952fb4e6c7b95a21e644fbb27fbd5f8af2b2ed87ca419f5 # libotr-4.1.1.tar.gz
|
sha256sums=(8b3b182424251067a952fb4e6c7b95a21e644fbb27fbd5f8af2b2ed87ca419f5 # libotr-4.1.1.tar.gz
|
||||||
3a24fe5ef490292295a5be7484d1148a4dbcace3a703279c9ea8ff7947215e90 # libotr-4.1.1.tar.gz.asc
|
3a24fe5ef490292295a5be7484d1148a4dbcace3a703279c9ea8ff7947215e90 # libotr-4.1.1.tar.gz.asc
|
||||||
8d2fcb7c90f13539d219f2fab898e4cba031f5703d712f88799d92ab0c9a0b6e) # missing-include.patch
|
8d2fcb7c90f13539d219f2fab898e4cba031f5703d712f88799d92ab0c9a0b6e) # missing-include.patch
|
||||||
|
# cfda75f8c5bba2e735d2b4f1bb90f60b45fa1d554a97fff75cac467f7873ebde) # libotr-4.1.1-include-socket.h.patch
|
||||||
|
|
||||||
## 157c8c0aef8f6a9be163a2cf83948597c368082feea7fe982426a3f0b0f27ea9 libotr-4.1.1-03-x86_64.pkg.tar.lz
|
|
||||||
|
## 7750392b7347a75b6ec6b94722d951123b91ab2f11c29d2faa7b2becce21bc16 libotr-4.1.1-04-x86_64.pkg.tar.lz
|
||||||
|
|
||||||
|
|
|
@ -1,19 +1,27 @@
|
||||||
# Maintainer: Gaetan Bisson <bisson@archlinux.org>
|
# Maintainer: Levente Polyak <anthraxx@archlinux.org>
|
||||||
|
# Contributor: Gaetan Bisson <bisson@archlinux.org>
|
||||||
# Contributor: Pierre Schmitz <pierre@archlinux.de>
|
# Contributor: Pierre Schmitz <pierre@archlinux.de>
|
||||||
# Contributor: Bug <Bug2000@gmail.com>
|
# Contributor: Bug <Bug2000@gmail.com>
|
||||||
|
|
||||||
pkgname=libotr
|
pkgname=libotr
|
||||||
pkgver=4.1.1
|
pkgver=4.1.1
|
||||||
pkgrel=3
|
pkgrel=4
|
||||||
pkgdesc='Off-the-Record Messaging Library and Toolkit'
|
pkgdesc='Off-the-Record Messaging Library and Toolkit'
|
||||||
url='https://otr.cypherpunks.ca/'
|
url='https://otr.cypherpunks.ca/'
|
||||||
license=('GPL' 'LGPL')
|
license=('GPL' 'LGPL')
|
||||||
arch=('x86_64')
|
arch=('x86_64')
|
||||||
depends=('libgcrypt')
|
depends=('libgcrypt')
|
||||||
validpgpkeys=('22DF3305DF56667CE15784FCF24DE08F42C2ABAD') # OTR Dev Team
|
validpgpkeys=('22DF3305DF56667CE15784FCF24DE08F42C2ABAD') # OTR Dev Team
|
||||||
source=(https://otr.cypherpunks.ca/${pkgname}-${pkgver}.tar.gz{,.asc})
|
source=(https://otr.cypherpunks.ca/${pkgname}-${pkgver}.tar.gz{,.asc}
|
||||||
|
"$pkgname-4.1.1-include-socket.h.patch")
|
||||||
sha256sums=('8b3b182424251067a952fb4e6c7b95a21e644fbb27fbd5f8af2b2ed87ca419f5'
|
sha256sums=('8b3b182424251067a952fb4e6c7b95a21e644fbb27fbd5f8af2b2ed87ca419f5'
|
||||||
'SKIP')
|
'SKIP'
|
||||||
|
'cfda75f8c5bba2e735d2b4f1bb90f60b45fa1d554a97fff75cac467f7873ebde')
|
||||||
|
|
||||||
|
prepare() {
|
||||||
|
# FS#75450
|
||||||
|
patch -d "$pkgname-$pkgver" -N -p 1 -i "${srcdir}/$pkgname-4.1.1-include-socket.h.patch"
|
||||||
|
}
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
cd "${srcdir}/${pkgname}-${pkgver}"
|
cd "${srcdir}/${pkgname}-${pkgver}"
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
From: Rhonda D'Vine <rhonda@debian.org>
|
||||||
|
Date: Thu, 12 May 2022 08:57:07 +0200
|
||||||
|
Bug-Debian: https://bugs.debian.org/1009420
|
||||||
|
Forwarded: no
|
||||||
|
Subject: test suite fails to build without the include
|
||||||
|
|
||||||
|
--- a/tests/regression/client/client.c
|
||||||
|
+++ b/tests/regression/client/client.c
|
||||||
|
@@ -29,6 +29,7 @@
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/un.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
+#include <sys/socket.h>
|
||||||
|
|
||||||
|
#include <context.h>
|
||||||
|
#include <privkey.h>
|
|
@ -8,15 +8,17 @@
|
||||||
pkgname=nftables
|
pkgname=nftables
|
||||||
epoch=1
|
epoch=1
|
||||||
pkgver=1.0.8
|
pkgver=1.0.8
|
||||||
pkgrel=01
|
pkgrel=02
|
||||||
pkgdesc='Netfilter tables userspace tools w/o systemd'
|
pkgdesc='Netfilter tables userspace tools w/o systemd'
|
||||||
url='https://netfilter.org/projects/nftables/'
|
url='https://netfilter.org/projects/nftables/'
|
||||||
depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses' 'jansson')
|
depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses' 'jansson')
|
||||||
optdepends=('python: Python bindings')
|
optdepends=('python: Python bindings')
|
||||||
makedepends=('asciidoc' 'python' 'python-setuptools')
|
makedepends=('asciidoc' 'python' 'python-setuptools' 'python-build'
|
||||||
|
'python-installer' 'python-wheel')
|
||||||
backup=('etc/nftables.conf')
|
backup=('etc/nftables.conf')
|
||||||
validpgpkeys=('37D964ACC04981C75500FB9BD55D978A8A1420E4') # Netfilter Core Team
|
validpgpkeys=('37D964ACC04981C75500FB9BD55D978A8A1420E4') # Netfilter Core Team
|
||||||
source=("https://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.xz"{,.sig}
|
source=("https://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.xz"{,.sig}
|
||||||
|
'meta-stash-context-statement-length.patch'
|
||||||
'nftables.conf')
|
'nftables.conf')
|
||||||
# 'nftables.service')
|
# 'nftables.service')
|
||||||
|
|
||||||
|
@ -38,20 +40,27 @@ prepare() {
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
cd $pkgname-$pkgver
|
cd $pkgname-$pkgver
|
||||||
autoreconf -fi #FIXME: To remove with 01.patch
|
# autoreconf -fi #FIXME: To remove with 01.patch
|
||||||
./configure \
|
./configure \
|
||||||
--prefix=/usr \
|
--prefix=/usr \
|
||||||
--sbindir=/usr/bin \
|
--sbindir=/usr/bin \
|
||||||
--sysconfdir=/usr/share \
|
--sysconfdir=/usr/share \
|
||||||
--with-json \
|
--with-json \
|
||||||
|
--disable-python \
|
||||||
--with-cli=readline \
|
--with-cli=readline \
|
||||||
--disable-debug
|
--disable-debug
|
||||||
make
|
make
|
||||||
|
|
||||||
|
# Building the Python module separately due to the automatic build resulting
|
||||||
|
# in an incorrect directory structure and unimportable module (see FS#79229)
|
||||||
|
cd py
|
||||||
|
python -m build --wheel --no-isolation
|
||||||
}
|
}
|
||||||
|
|
||||||
package() {
|
package() {
|
||||||
pushd $pkgname-$pkgver
|
pushd $pkgname-$pkgver
|
||||||
make DESTDIR="$pkgdir" install
|
make DESTDIR="$pkgdir" install
|
||||||
|
python -m installer --destdir="$pkgdir" py/dist/*.whl
|
||||||
popd
|
popd
|
||||||
# basic safe firewall config
|
# basic safe firewall config
|
||||||
install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
|
install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
|
||||||
|
@ -67,7 +76,8 @@ license=('GPL2')
|
||||||
|
|
||||||
sha256sums=(9373740de41a82dbc98818e0a46a073faeb8a8d0689fa4fa1a74399c32bf3d50 # nftables-1.0.8.tar.xz
|
sha256sums=(9373740de41a82dbc98818e0a46a073faeb8a8d0689fa4fa1a74399c32bf3d50 # nftables-1.0.8.tar.xz
|
||||||
eadbbad3eb70bc08a7a8c5598807f81b81860b571243f2e308dae01a97c656ae # nftables-1.0.8.tar.xz.sig
|
eadbbad3eb70bc08a7a8c5598807f81b81860b571243f2e308dae01a97c656ae # nftables-1.0.8.tar.xz.sig
|
||||||
|
3c428a2e5037ff5ea54be060c46a48bf659cd783c8ce5f5ee943fec6ddc61da6 # meta-stash-context-statement-length.patch
|
||||||
2aff88019097d21dbfa4713f5b54c184751c86376e458b683f8d90f3abd232a8) # nftables.conf
|
2aff88019097d21dbfa4713f5b54c184751c86376e458b683f8d90f3abd232a8) # nftables.conf
|
||||||
|
|
||||||
## 751183c89602c67916e54c1452a133e9bdca65e730618f4e8a893f833033c7ff nftables-1:1.0.8-01-x86_64.pkg.tar.lz
|
## ad2c0fbfa0ff9956a6a898cead950b8a3b3205dc3d350fbc06f01eae18c6adec nftables-1:1.0.8-02-x86_64.pkg.tar.lz
|
||||||
|
|
||||||
|
|
|
@ -3,22 +3,25 @@
|
||||||
pkgname=nftables
|
pkgname=nftables
|
||||||
epoch=1
|
epoch=1
|
||||||
pkgver=1.0.8
|
pkgver=1.0.8
|
||||||
pkgrel=1
|
pkgrel=2
|
||||||
pkgdesc='Netfilter tables userspace tools'
|
pkgdesc='Netfilter tables userspace tools'
|
||||||
arch=('x86_64')
|
arch=('x86_64')
|
||||||
url='https://netfilter.org/projects/nftables/'
|
url='https://netfilter.org/projects/nftables/'
|
||||||
license=('GPL2')
|
license=('GPL2')
|
||||||
depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses' 'jansson')
|
depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses' 'jansson')
|
||||||
optdepends=('python: Python bindings')
|
optdepends=('python: Python bindings')
|
||||||
makedepends=('asciidoc' 'python' 'python-setuptools')
|
makedepends=('asciidoc' 'python' 'python-setuptools' 'python-build'
|
||||||
|
'python-installer' 'python-wheel')
|
||||||
backup=('etc/nftables.conf')
|
backup=('etc/nftables.conf')
|
||||||
validpgpkeys=('37D964ACC04981C75500FB9BD55D978A8A1420E4') # Netfilter Core Team
|
validpgpkeys=('37D964ACC04981C75500FB9BD55D978A8A1420E4') # Netfilter Core Team
|
||||||
source=("https://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.xz"{,.sig}
|
source=("https://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.xz"{,.sig}
|
||||||
|
'meta-stash-context-statement-length.patch'
|
||||||
'nftables.conf'
|
'nftables.conf'
|
||||||
'nftables.service')
|
'nftables.service')
|
||||||
install=nftables.install
|
install=nftables.install
|
||||||
sha256sums=('9373740de41a82dbc98818e0a46a073faeb8a8d0689fa4fa1a74399c32bf3d50'
|
sha256sums=('9373740de41a82dbc98818e0a46a073faeb8a8d0689fa4fa1a74399c32bf3d50'
|
||||||
'SKIP'
|
'SKIP'
|
||||||
|
'3c428a2e5037ff5ea54be060c46a48bf659cd783c8ce5f5ee943fec6ddc61da6'
|
||||||
'2aff88019097d21dbfa4713f5b54c184751c86376e458b683f8d90f3abd232a8'
|
'2aff88019097d21dbfa4713f5b54c184751c86376e458b683f8d90f3abd232a8'
|
||||||
'deffeef36fe658867dd9203ec13dec85047a6d224ea63334dcf60db97e1809ea')
|
'deffeef36fe658867dd9203ec13dec85047a6d224ea63334dcf60db97e1809ea')
|
||||||
|
|
||||||
|
@ -38,20 +41,26 @@ prepare() {
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
cd $pkgname-$pkgver
|
cd $pkgname-$pkgver
|
||||||
autoreconf -fi #FIXME: To remove with 01.patch
|
|
||||||
./configure \
|
./configure \
|
||||||
--prefix=/usr \
|
--prefix=/usr \
|
||||||
--sbindir=/usr/bin \
|
--sbindir=/usr/bin \
|
||||||
--sysconfdir=/usr/share \
|
--sysconfdir=/usr/share \
|
||||||
--with-json \
|
--with-json \
|
||||||
--with-cli=readline \
|
--with-cli=readline \
|
||||||
|
--disable-python \
|
||||||
--disable-debug
|
--disable-debug
|
||||||
make
|
make
|
||||||
|
|
||||||
|
# Building the Python module separately due to the automatic build resulting
|
||||||
|
# in an incorrect directory structure and unimportable module (see FS#79229)
|
||||||
|
cd py
|
||||||
|
python -m build --wheel --no-isolation
|
||||||
}
|
}
|
||||||
|
|
||||||
package() {
|
package() {
|
||||||
pushd $pkgname-$pkgver
|
pushd $pkgname-$pkgver
|
||||||
make DESTDIR="$pkgdir" install
|
make DESTDIR="$pkgdir" install
|
||||||
|
python -m installer --destdir="$pkgdir" py/dist/*.whl
|
||||||
popd
|
popd
|
||||||
# basic safe firewall config
|
# basic safe firewall config
|
||||||
install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
|
install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
|
||||||
|
|
|
@ -3,5 +3,8 @@ python
|
||||||
autoconf
|
autoconf
|
||||||
automake
|
automake
|
||||||
python-setuptools
|
python-setuptools
|
||||||
|
python-build
|
||||||
|
python-installer
|
||||||
|
python-wheel
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,245 @@
|
||||||
|
From 5f1676ac9f1aeb36d7695c3c354dade013a1e4f3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
Date: Tue, 18 Jul 2023 23:10:01 +0200
|
||||||
|
Subject: [PATCH] meta: stash context statement length when generating
|
||||||
|
payload/meta dependency
|
||||||
|
|
||||||
|
... meta mark set ip dscp
|
||||||
|
|
||||||
|
generates an implicit dependency from the inet family to match on meta
|
||||||
|
nfproto ip.
|
||||||
|
|
||||||
|
The length of this implicit expression is incorrectly adjusted to the
|
||||||
|
statement length, ie. relational to compare meta nfproto takes 4 bytes
|
||||||
|
instead of 1 byte. The evaluation of 'ip dscp' under the meta mark
|
||||||
|
statement triggers this implicit dependency which should not consider
|
||||||
|
the context statement length since it is added before the statement
|
||||||
|
itself.
|
||||||
|
|
||||||
|
This problem shows when listing the ruleset, since netlink_parse_cmp()
|
||||||
|
where left->len < right->len, hence handling the implicit dependency as
|
||||||
|
a concatenation, but it is actually a bug in the evaluation step that
|
||||||
|
leads to incorrect bytecode.
|
||||||
|
|
||||||
|
Fixes: 3c64ea7995cb ("evaluate: honor statement length in integer evaluation")
|
||||||
|
Fixes: edecd58755a8 ("evaluate: support shifts larger than the width of the left operand")
|
||||||
|
Tested-by: Brian Davidson <davidson.brian@gmail.com>
|
||||||
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
---
|
||||||
|
src/payload.c | 13 ++++++
|
||||||
|
tests/py/inet/meta.t | 5 +++
|
||||||
|
tests/py/inet/meta.t.json | 86 ++++++++++++++++++++++++++++++++++++
|
||||||
|
tests/py/inet/meta.t.payload | 40 +++++++++++++++++
|
||||||
|
4 files changed, 144 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/payload.c b/src/payload.c
|
||||||
|
index f67b5407..7862745b 100644
|
||||||
|
--- a/src/payload.c
|
||||||
|
+++ b/src/payload.c
|
||||||
|
@@ -409,6 +409,7 @@ static int payload_add_dependency(struct eval_ctx *ctx,
|
||||||
|
const struct proto_hdr_template *tmpl;
|
||||||
|
struct expr *dep, *left, *right;
|
||||||
|
struct proto_ctx *pctx;
|
||||||
|
+ unsigned int stmt_len;
|
||||||
|
struct stmt *stmt;
|
||||||
|
int protocol;
|
||||||
|
|
||||||
|
@@ -429,11 +430,16 @@ static int payload_add_dependency(struct eval_ctx *ctx,
|
||||||
|
constant_data_ptr(protocol, tmpl->len));
|
||||||
|
|
||||||
|
dep = relational_expr_alloc(&expr->location, OP_EQ, left, right);
|
||||||
|
+
|
||||||
|
+ stmt_len = ctx->stmt_len;
|
||||||
|
+ ctx->stmt_len = 0;
|
||||||
|
+
|
||||||
|
stmt = expr_stmt_alloc(&dep->location, dep);
|
||||||
|
if (stmt_evaluate(ctx, stmt) < 0) {
|
||||||
|
return expr_error(ctx->msgs, expr,
|
||||||
|
"dependency statement is invalid");
|
||||||
|
}
|
||||||
|
+ ctx->stmt_len = stmt_len;
|
||||||
|
|
||||||
|
if (ctx->inner_desc) {
|
||||||
|
if (tmpl->meta_key)
|
||||||
|
@@ -543,6 +549,7 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
|
||||||
|
const struct hook_proto_desc *h;
|
||||||
|
const struct proto_desc *desc;
|
||||||
|
struct proto_ctx *pctx;
|
||||||
|
+ unsigned int stmt_len;
|
||||||
|
struct stmt *stmt;
|
||||||
|
uint16_t type;
|
||||||
|
|
||||||
|
@@ -559,12 +566,18 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
|
||||||
|
"protocol specification is invalid "
|
||||||
|
"for this family");
|
||||||
|
|
||||||
|
+ stmt_len = ctx->stmt_len;
|
||||||
|
+ ctx->stmt_len = 0;
|
||||||
|
+
|
||||||
|
stmt = meta_stmt_meta_iiftype(&expr->location, type);
|
||||||
|
if (stmt_evaluate(ctx, stmt) < 0) {
|
||||||
|
return expr_error(ctx->msgs, expr,
|
||||||
|
"dependency statement is invalid");
|
||||||
|
}
|
||||||
|
*res = stmt;
|
||||||
|
+
|
||||||
|
+ ctx->stmt_len = stmt_len;
|
||||||
|
+
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/tests/py/inet/meta.t b/tests/py/inet/meta.t
|
||||||
|
index 374738a7..5c062b39 100644
|
||||||
|
--- a/tests/py/inet/meta.t
|
||||||
|
+++ b/tests/py/inet/meta.t
|
||||||
|
@@ -25,3 +25,8 @@ meta mark set ct mark >> 8;ok
|
||||||
|
meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 };ok
|
||||||
|
ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 1.2.3.6-1.2.3.8 . 0x00000200-0x00000300 };ok
|
||||||
|
ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 5.6.7.8 . 0x00000200 };ok
|
||||||
|
+
|
||||||
|
+meta mark set ip dscp;ok
|
||||||
|
+meta mark set ip dscp | 0x40;ok
|
||||||
|
+meta mark set ip6 dscp;ok
|
||||||
|
+meta mark set ip6 dscp | 0x40;ok
|
||||||
|
diff --git a/tests/py/inet/meta.t.json b/tests/py/inet/meta.t.json
|
||||||
|
index 92a1f9bf..3ba0fd1d 100644
|
||||||
|
--- a/tests/py/inet/meta.t.json
|
||||||
|
+++ b/tests/py/inet/meta.t.json
|
||||||
|
@@ -440,3 +440,89 @@
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
+# meta mark set ip dscp
|
||||||
|
+[
|
||||||
|
+ {
|
||||||
|
+ "mangle": {
|
||||||
|
+ "key": {
|
||||||
|
+ "meta": {
|
||||||
|
+ "key": "mark"
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ "value": {
|
||||||
|
+ "payload": {
|
||||||
|
+ "field": "dscp",
|
||||||
|
+ "protocol": "ip"
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+]
|
||||||
|
+
|
||||||
|
+# meta mark set ip dscp | 0x40
|
||||||
|
+[
|
||||||
|
+ {
|
||||||
|
+ "mangle": {
|
||||||
|
+ "key": {
|
||||||
|
+ "meta": {
|
||||||
|
+ "key": "mark"
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ "value": {
|
||||||
|
+ "|": [
|
||||||
|
+ {
|
||||||
|
+ "payload": {
|
||||||
|
+ "field": "dscp",
|
||||||
|
+ "protocol": "ip"
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ 64
|
||||||
|
+ ]
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+]
|
||||||
|
+
|
||||||
|
+# meta mark set ip6 dscp
|
||||||
|
+[
|
||||||
|
+ {
|
||||||
|
+ "mangle": {
|
||||||
|
+ "key": {
|
||||||
|
+ "meta": {
|
||||||
|
+ "key": "mark"
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ "value": {
|
||||||
|
+ "payload": {
|
||||||
|
+ "field": "dscp",
|
||||||
|
+ "protocol": "ip6"
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+]
|
||||||
|
+
|
||||||
|
+# meta mark set ip6 dscp | 0x40
|
||||||
|
+[
|
||||||
|
+ {
|
||||||
|
+ "mangle": {
|
||||||
|
+ "key": {
|
||||||
|
+ "meta": {
|
||||||
|
+ "key": "mark"
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ "value": {
|
||||||
|
+ "|": [
|
||||||
|
+ {
|
||||||
|
+ "payload": {
|
||||||
|
+ "field": "dscp",
|
||||||
|
+ "protocol": "ip6"
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ 64
|
||||||
|
+ ]
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+]
|
||||||
|
+
|
||||||
|
diff --git a/tests/py/inet/meta.t.payload b/tests/py/inet/meta.t.payload
|
||||||
|
index ea540907..c53b5077 100644
|
||||||
|
--- a/tests/py/inet/meta.t.payload
|
||||||
|
+++ b/tests/py/inet/meta.t.payload
|
||||||
|
@@ -133,3 +133,43 @@ inet test-inet input
|
||||||
|
[ meta load mark => reg 9 ]
|
||||||
|
[ lookup reg 1 set __set%d ]
|
||||||
|
|
||||||
|
+# meta mark set ip dscp
|
||||||
|
+inet test-inet input
|
||||||
|
+ [ meta load nfproto => reg 1 ]
|
||||||
|
+ [ cmp eq reg 1 0x00000002 ]
|
||||||
|
+ [ payload load 1b @ network header + 1 => reg 1 ]
|
||||||
|
+ [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ]
|
||||||
|
+ [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
|
||||||
|
+ [ meta set mark with reg 1 ]
|
||||||
|
+
|
||||||
|
+# meta mark set ip dscp | 0x40
|
||||||
|
+inet test-inet input
|
||||||
|
+ [ meta load nfproto => reg 1 ]
|
||||||
|
+ [ cmp eq reg 1 0x00000002 ]
|
||||||
|
+ [ payload load 1b @ network header + 1 => reg 1 ]
|
||||||
|
+ [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ]
|
||||||
|
+ [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
|
||||||
|
+ [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ]
|
||||||
|
+ [ meta set mark with reg 1 ]
|
||||||
|
+
|
||||||
|
+# meta mark set ip6 dscp
|
||||||
|
+inet test-inet input
|
||||||
|
+ [ meta load nfproto => reg 1 ]
|
||||||
|
+ [ cmp eq reg 1 0x0000000a ]
|
||||||
|
+ [ payload load 2b @ network header + 0 => reg 1 ]
|
||||||
|
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
|
||||||
|
+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
|
||||||
|
+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
|
||||||
|
+ [ meta set mark with reg 1 ]
|
||||||
|
+
|
||||||
|
+# meta mark set ip6 dscp | 0x40
|
||||||
|
+inet test-inet input
|
||||||
|
+ [ meta load nfproto => reg 1 ]
|
||||||
|
+ [ cmp eq reg 1 0x0000000a ]
|
||||||
|
+ [ payload load 2b @ network header + 0 => reg 1 ]
|
||||||
|
+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
|
||||||
|
+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
|
||||||
|
+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
|
||||||
|
+ [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ]
|
||||||
|
+ [ meta set mark with reg 1 ]
|
||||||
|
+
|
Loading…
Reference in New Issue