]> git.proxmox.com Git - ceph.git/blob - ceph/src/seastar/dpdk/test/test/test_acl.h
projects / ceph.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
update sources to ceph Nautilus 14.2.1
[ceph.git] / ceph / src / seastar / dpdk / test / test / test_acl.h
1 /*-
2 * BSD LICENSE
3 *
4 * Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 #ifndef TEST_ACL_H_
35 #define TEST_ACL_H_
36
37 struct ipv4_7tuple {
38 uint16_t vlan;
39 uint16_t domain;
40 uint8_t proto;
41 uint32_t ip_src;
42 uint32_t ip_dst;
43 uint16_t port_src;
44 uint16_t port_dst;
45 uint32_t allow;
46 uint32_t deny;
47 };
48
49 /**
50 * Legacy support for 7-tuple IPv4 and VLAN rule.
51 * This structure and corresponding API is deprecated.
52 */
53 struct rte_acl_ipv4vlan_rule {
54 struct rte_acl_rule_data data; /**< Miscellaneous data for the rule. */
55 uint8_t proto; /**< IPv4 protocol ID. */
56 uint8_t proto_mask; /**< IPv4 protocol ID mask. */
57 uint16_t vlan; /**< VLAN ID. */
58 uint16_t vlan_mask; /**< VLAN ID mask. */
59 uint16_t domain; /**< VLAN domain. */
60 uint16_t domain_mask; /**< VLAN domain mask. */
61 uint32_t src_addr; /**< IPv4 source address. */
62 uint32_t src_mask_len; /**< IPv4 source address mask. */
63 uint32_t dst_addr; /**< IPv4 destination address. */
64 uint32_t dst_mask_len; /**< IPv4 destination address mask. */
65 uint16_t src_port_low; /**< L4 source port low. */
66 uint16_t src_port_high; /**< L4 source port high. */
67 uint16_t dst_port_low; /**< L4 destination port low. */
68 uint16_t dst_port_high; /**< L4 destination port high. */
69 };
70
71 /**
72 * Specifies fields layout inside rte_acl_rule for rte_acl_ipv4vlan_rule.
73 */
74 enum {
75 RTE_ACL_IPV4VLAN_PROTO_FIELD,
76 RTE_ACL_IPV4VLAN_VLAN1_FIELD,
77 RTE_ACL_IPV4VLAN_VLAN2_FIELD,
78 RTE_ACL_IPV4VLAN_SRC_FIELD,
79 RTE_ACL_IPV4VLAN_DST_FIELD,
80 RTE_ACL_IPV4VLAN_SRCP_FIELD,
81 RTE_ACL_IPV4VLAN_DSTP_FIELD,
82 RTE_ACL_IPV4VLAN_NUM_FIELDS
83 };
84
85 /**
86 * Macro to define rule size for rte_acl_ipv4vlan_rule.
87 */
88 #define RTE_ACL_IPV4VLAN_RULE_SZ \
89 RTE_ACL_RULE_SZ(RTE_ACL_IPV4VLAN_NUM_FIELDS)
90
91 /*
92 * That effectively defines order of IPV4VLAN classifications:
93 * - PROTO
94 * - VLAN (TAG and DOMAIN)
95 * - SRC IP ADDRESS
96 * - DST IP ADDRESS
97 * - PORTS (SRC and DST)
98 */
99 enum {
100 RTE_ACL_IPV4VLAN_PROTO,
101 RTE_ACL_IPV4VLAN_VLAN,
102 RTE_ACL_IPV4VLAN_SRC,
103 RTE_ACL_IPV4VLAN_DST,
104 RTE_ACL_IPV4VLAN_PORTS,
105 RTE_ACL_IPV4VLAN_NUM
106 };
107
108 /* rules for invalid layout test */
109 struct rte_acl_ipv4vlan_rule invalid_layout_rules[] = {
110 /* test src and dst address */
111 {
112 .data = {.userdata = 1, .category_mask = 1},
113 .src_addr = IPv4(10,0,0,0),
114 .src_mask_len = 24,
115 },
116 {
117 .data = {.userdata = 2, .category_mask = 1},
118 .dst_addr = IPv4(10,0,0,0),
119 .dst_mask_len = 24,
120 },
121 /* test src and dst ports */
122 {
123 .data = {.userdata = 3, .category_mask = 1},
124 .dst_port_low = 100,
125 .dst_port_high = 100,
126 },
127 {
128 .data = {.userdata = 4, .category_mask = 1},
129 .src_port_low = 100,
130 .src_port_high = 100,
131 },
132 /* test proto */
133 {
134 .data = {.userdata = 5, .category_mask = 1},
135 .proto = 0xf,
136 .proto_mask = 0xf
137 },
138 {
139 .data = {.userdata = 6, .category_mask = 1},
140 .dst_port_low = 0xf,
141 .dst_port_high = 0xf,
142 }
143 };
144
145 /* these might look odd because they don't match up the rules. This is
146 * intentional, as the invalid layout test presumes returning the correct
147 * results using the wrong data layout.
148 */
149 struct ipv4_7tuple invalid_layout_data[] = {
150 {.ip_src = IPv4(10,0,1,0)}, /* should not match */
151 {.ip_src = IPv4(10,0,0,1), .allow = 2}, /* should match 2 */
152 {.port_src = 100, .allow = 4}, /* should match 4 */
153 {.port_dst = 0xf, .allow = 6}, /* should match 6 */
154 };
155
156 #define ACL_ALLOW 0
157 #define ACL_DENY 1
158 #define ACL_ALLOW_MASK 0x1
159 #define ACL_DENY_MASK 0x2
160
161 /* ruleset for ACL unit test */
162 struct rte_acl_ipv4vlan_rule acl_test_rules[] = {
163 /* destination IP addresses */
164 /* matches all packets traveling to 192.168.0.0/16 */
165 {
166 .data = {.userdata = 1, .category_mask = ACL_ALLOW_MASK,
167 .priority = 230},
168 .dst_addr = IPv4(192,168,0,0),
169 .dst_mask_len = 16,
170 .src_port_low = 0,
171 .src_port_high = 0xffff,
172 .dst_port_low = 0,
173 .dst_port_high = 0xffff,
174 },
175 /* matches all packets traveling to 192.168.1.0/24 */
176 {
177 .data = {.userdata = 2, .category_mask = ACL_ALLOW_MASK,
178 .priority = 330},
179 .dst_addr = IPv4(192,168,1,0),
180 .dst_mask_len = 24,
181 .src_port_low = 0,
182 .src_port_high = 0xffff,
183 .dst_port_low = 0,
184 .dst_port_high = 0xffff,
185 },
186 /* matches all packets traveling to 192.168.1.50 */
187 {
188 .data = {.userdata = 3, .category_mask = ACL_DENY_MASK,
189 .priority = 230},
190 .dst_addr = IPv4(192,168,1,50),
191 .dst_mask_len = 32,
192 .src_port_low = 0,
193 .src_port_high = 0xffff,
194 .dst_port_low = 0,
195 .dst_port_high = 0xffff,
196 },
197
198 /* source IP addresses */
199 /* matches all packets traveling from 10.0.0.0/8 */
200 {
201 .data = {.userdata = 4, .category_mask = ACL_ALLOW_MASK,
202 .priority = 240},
203 .src_addr = IPv4(10,0,0,0),
204 .src_mask_len = 8,
205 .src_port_low = 0,
206 .src_port_high = 0xffff,
207 .dst_port_low = 0,
208 .dst_port_high = 0xffff,
209 },
210 /* matches all packets traveling from 10.1.1.0/24 */
211 {
212 .data = {.userdata = 5, .category_mask = ACL_ALLOW_MASK,
213 .priority = 340},
214 .src_addr = IPv4(10,1,1,0),
215 .src_mask_len = 24,
216 .src_port_low = 0,
217 .src_port_high = 0xffff,
218 .dst_port_low = 0,
219 .dst_port_high = 0xffff,
220 },
221 /* matches all packets traveling from 10.1.1.1 */
222 {
223 .data = {.userdata = 6, .category_mask = ACL_DENY_MASK,
224 .priority = 240},
225 .src_addr = IPv4(10,1,1,1),
226 .src_mask_len = 32,
227 .src_port_low = 0,
228 .src_port_high = 0xffff,
229 .dst_port_low = 0,
230 .dst_port_high = 0xffff,
231 },
232
233 /* VLAN tag */
234 /* matches all packets with lower 7 bytes of VLAN tag equal to 0x64 */
235 {
236 .data = {.userdata = 7, .category_mask = ACL_ALLOW_MASK,
237 .priority = 260},
238 .vlan = 0x64,
239 .vlan_mask = 0x7f,
240 .src_port_low = 0,
241 .src_port_high = 0xffff,
242 .dst_port_low = 0,
243 .dst_port_high = 0xffff,
244 },
245 /* matches all packets with VLAN tags that have 0x5 in them */
246 {
247 .data = {.userdata = 8, .category_mask = ACL_ALLOW_MASK,
248 .priority = 260},
249 .vlan = 0x5,
250 .vlan_mask = 0x5,
251 .src_port_low = 0,
252 .src_port_high = 0xffff,
253 .dst_port_low = 0,
254 .dst_port_high = 0xffff,
255 },
256 /* matches all packets with VLAN tag 5 */
257 {
258 .data = {.userdata = 9, .category_mask = ACL_DENY_MASK,
259 .priority = 360},
260 .vlan = 0x5,
261 .vlan_mask = 0xffff,
262 .src_port_low = 0,
263 .src_port_high = 0xffff,
264 .dst_port_low = 0,
265 .dst_port_high = 0xffff,
266 },
267
268 /* VLAN domain */
269 /* matches all packets with lower 7 bytes of domain equal to 0x64 */
270 {
271 .data = {.userdata = 10, .category_mask = ACL_ALLOW_MASK,
272 .priority = 250},
273 .domain = 0x64,
274 .domain_mask = 0x7f,
275 .src_port_low = 0,
276 .src_port_high = 0xffff,
277 .dst_port_low = 0,
278 .dst_port_high = 0xffff,
279 },
280 /* matches all packets with domains that have 0x5 in them */
281 {
282 .data = {.userdata = 11, .category_mask = ACL_ALLOW_MASK,
283 .priority = 350},
284 .domain = 0x5,
285 .domain_mask = 0x5,
286 .src_port_low = 0,
287 .src_port_high = 0xffff,
288 .dst_port_low = 0,
289 .dst_port_high = 0xffff,
290 },
291 /* matches all packets with domain 5 */
292 {
293 .data = {.userdata = 12, .category_mask = ACL_DENY_MASK,
294 .priority = 350},
295 .domain = 0x5,
296 .domain_mask = 0xffff,
297 .src_port_low = 0,
298 .src_port_high = 0xffff,
299 .dst_port_low = 0,
300 .dst_port_high = 0xffff,
301 },
302
303 /* destination port */
304 /* matches everything with dst port 80 */
305 {
306 .data = {.userdata = 13, .category_mask = ACL_ALLOW_MASK,
307 .priority = 310},
308 .dst_port_low = 80,
309 .dst_port_high = 80,
310 .src_port_low = 0,
311 .src_port_high = 0xffff,
312 },
313 /* matches everything with dst port 22-1023 */
314 {
315 .data = {.userdata = 14, .category_mask = ACL_ALLOW_MASK,
316 .priority = 210},
317 .dst_port_low = 22,
318 .dst_port_high = 1023,
319 .src_port_low = 0,
320 .src_port_high = 0xffff,
321 },
322 /* matches everything with dst port 1020 */
323 {
324 .data = {.userdata = 15, .category_mask = ACL_DENY_MASK,
325 .priority = 310},
326 .dst_port_low = 1020,
327 .dst_port_high = 1020,
328 .src_port_low = 0,
329 .src_port_high = 0xffff,
330 },
331 /* matches everything with dst portrange 1000-2000 */
332 {
333 .data = {.userdata = 16, .category_mask = ACL_DENY_MASK,
334 .priority = 210},
335 .dst_port_low = 1000,
336 .dst_port_high = 2000,
337 .src_port_low = 0,
338 .src_port_high = 0xffff,
339 },
340
341 /* source port */
342 /* matches everything with src port 80 */
343 {
344 .data = {.userdata = 17, .category_mask = ACL_ALLOW_MASK,
345 .priority = 320},
346 .src_port_low = 80,
347 .src_port_high = 80,
348 .dst_port_low = 0,
349 .dst_port_high = 0xffff,
350 },
351 /* matches everything with src port 22-1023 */
352 {
353 .data = {.userdata = 18, .category_mask = ACL_ALLOW_MASK,
354 .priority = 220},
355 .src_port_low = 22,
356 .src_port_high = 1023,
357 .dst_port_low = 0,
358 .dst_port_high = 0xffff,
359 },
360 /* matches everything with src port 1020 */
361 {
362 .data = {.userdata = 19, .category_mask = ACL_DENY_MASK,
363 .priority = 320},
364 .src_port_low = 1020,
365 .src_port_high = 1020,
366 .dst_port_low = 0,
367 .dst_port_high = 0xffff,
368 },
369 /* matches everything with src portrange 1000-2000 */
370 {
371 .data = {.userdata = 20, .category_mask = ACL_DENY_MASK,
372 .priority = 220},
373 .src_port_low = 1000,
374 .src_port_high = 2000,
375 .dst_port_low = 0,
376 .dst_port_high = 0xffff,
377 },
378
379 /* protocol number */
380 /* matches all packets with protocol number either 0x64 or 0xE4 */
381 {
382 .data = {.userdata = 21, .category_mask = ACL_ALLOW_MASK,
383 .priority = 270},
384 .proto = 0x64,
385 .proto_mask = 0x7f,
386 .src_port_low = 0,
387 .src_port_high = 0xffff,
388 .dst_port_low = 0,
389 .dst_port_high = 0xffff,
390 },
391 /* matches all packets with protocol that have 0x5 in them */
392 {
393 .data = {.userdata = 22, .category_mask = ACL_ALLOW_MASK,
394 .priority = 1},
395 .proto = 0x5,
396 .proto_mask = 0x5,
397 .src_port_low = 0,
398 .src_port_high = 0xffff,
399 .dst_port_low = 0,
400 .dst_port_high = 0xffff,
401 },
402 /* matches all packets with protocol 5 */
403 {
404 .data = {.userdata = 23, .category_mask = ACL_DENY_MASK,
405 .priority = 370},
406 .proto = 0x5,
407 .proto_mask = 0xff,
408 .src_port_low = 0,
409 .src_port_high = 0xffff,
410 .dst_port_low = 0,
411 .dst_port_high = 0xffff,
412 },
413
414 /* rules combining various fields */
415 {
416 .data = {.userdata = 24, .category_mask = ACL_ALLOW_MASK,
417 .priority = 400},
418 /** make sure that unmasked bytes don't fail! */
419 .dst_addr = IPv4(1,2,3,4),
420 .dst_mask_len = 16,
421 .src_addr = IPv4(5,6,7,8),
422 .src_mask_len = 24,
423 .proto = 0x5,
424 .proto_mask = 0xff,
425 .src_port_low = 0,
426 .src_port_high = 0xffff,
427 .dst_port_low = 22,
428 .dst_port_high = 1024,
429 .vlan = 0x8100,
430 .vlan_mask = 0xffff,
431 .domain = 0x64,
432 .domain_mask = 0xffff,
433 },
434 {
435 .data = {.userdata = 25, .category_mask = ACL_DENY_MASK,
436 .priority = 400},
437 .dst_addr = IPv4(5,6,7,8),
438 .dst_mask_len = 24,
439 .src_addr = IPv4(1,2,3,4),
440 .src_mask_len = 16,
441 .proto = 0x5,
442 .proto_mask = 0xff,
443 .src_port_low = 0,
444 .src_port_high = 0xffff,
445 .dst_port_low = 22,
446 .dst_port_high = 1024,
447 .vlan = 0x8100,
448 .vlan_mask = 0xffff,
449 .domain = 0x64,
450 .domain_mask = 0xffff,
451 },
452 {
453 .data = {.userdata = 26, .category_mask = ACL_ALLOW_MASK,
454 .priority = 500},
455 .dst_addr = IPv4(1,2,3,4),
456 .dst_mask_len = 8,
457 .src_addr = IPv4(5,6,7,8),
458 .src_mask_len = 32,
459 .proto = 0x5,
460 .proto_mask = 0xff,
461 .src_port_low = 0,
462 .src_port_high = 0xffff,
463 .dst_port_low = 22,
464 .dst_port_high = 1024,
465 .vlan = 0x64,
466 .vlan_mask = 0xffff,
467 },
468 {
469 .data = {.userdata = 27, .category_mask = ACL_DENY_MASK,
470 .priority = 500},
471 .dst_addr = IPv4(5,6,7,8),
472 .dst_mask_len = 32,
473 .src_addr = IPv4(1,2,3,4),
474 .src_mask_len = 8,
475 .proto = 0x5,
476 .proto_mask = 0xff,
477 .src_port_low = 0,
478 .src_port_high = 0xffff,
479 .dst_port_low = 22,
480 .dst_port_high = 1024,
481 .vlan = 0x64,
482 .vlan_mask = 0xffff,
483 },
484 };
485
486 /* data for ACL unit test */
487 struct ipv4_7tuple acl_test_data[] = {
488 /* testing single rule aspects */
489 {.ip_src = IPv4(10,0,0,0), .allow = 4}, /* should match 4 */
490 {.ip_src = IPv4(10,1,1,2), .allow = 5}, /* should match 5 */
491 {.ip_src = IPv4(10,1,1,1), .allow = 5,
492 .deny = 6}, /* should match 5, 6 */
493 {.ip_dst = IPv4(10,0,0,0)}, /* should not match */
494 {.ip_dst = IPv4(10,1,1,2)}, /* should not match */
495 {.ip_dst = IPv4(10,1,1,1)}, /* should not match */
496
497 {.ip_src = IPv4(192,168,2,50)}, /* should not match */
498 {.ip_src = IPv4(192,168,1,2)}, /* should not match */
499 {.ip_src = IPv4(192,168,1,50)}, /* should not match */
500 {.ip_dst = IPv4(192,168,2,50), .allow = 1}, /* should match 1 */
501 {.ip_dst = IPv4(192,168,1,49), .allow = 2}, /* should match 2 */
502 {.ip_dst = IPv4(192,168,1,50), .allow = 2,
503 .deny = 3}, /* should match 2, 3 */
504
505 {.vlan = 0x64, .allow = 7}, /* should match 7 */
506 {.vlan = 0xfE4, .allow = 7}, /* should match 7 */
507 {.vlan = 0xE2}, /* should not match */
508 {.vlan = 0xD, .allow = 8}, /* should match 8 */
509 {.vlan = 0x6}, /* should not match */
510 {.vlan = 0x5, .allow = 8, .deny = 9}, /* should match 8, 9 */
511
512 {.domain = 0x64, .allow = 10}, /* should match 10 */
513 {.domain = 0xfE4, .allow = 10}, /* should match 10 */
514 {.domain = 0xE2}, /* should not match */
515 {.domain = 0xD, .allow = 11}, /* should match 11 */
516 {.domain = 0x6}, /* should not match */
517 {.domain = 0x5, .allow = 11, .deny = 12}, /* should match 11, 12 */
518
519 {.port_dst = 80, .allow = 13}, /* should match 13 */
520 {.port_dst = 79, .allow = 14}, /* should match 14 */
521 {.port_dst = 81, .allow = 14}, /* should match 14 */
522 {.port_dst = 21}, /* should not match */
523 {.port_dst = 1024, .deny = 16}, /* should match 16 */
524 {.port_dst = 1020, .allow = 14, .deny = 15}, /* should match 14, 15 */
525
526 {.port_src = 80, .allow = 17}, /* should match 17 */
527 {.port_src = 79, .allow = 18}, /* should match 18 */
528 {.port_src = 81, .allow = 18}, /* should match 18 */
529 {.port_src = 21}, /* should not match */
530 {.port_src = 1024, .deny = 20}, /* should match 20 */
531 {.port_src = 1020, .allow = 18, .deny = 19}, /* should match 18, 19 */
532
533 {.proto = 0x64, .allow = 21}, /* should match 21 */
534 {.proto = 0xE4, .allow = 21}, /* should match 21 */
535 {.proto = 0xE2}, /* should not match */
536 {.proto = 0xD, .allow = 22}, /* should match 22 */
537 {.proto = 0x6}, /* should not match */
538 {.proto = 0x5, .allow = 22, .deny = 23}, /* should match 22, 23 */
539
540 /* testing matching multiple rules at once */
541 {.vlan = 0x5, .ip_src = IPv4(10,1,1,1),
542 .allow = 5, .deny = 9}, /* should match 5, 9 */
543 {.vlan = 0x5, .ip_src = IPv4(192,168,2,50),
544 .allow = 8, .deny = 9}, /* should match 8, 9 */
545 {.vlan = 0x55, .ip_src = IPv4(192,168,1,49),
546 .allow = 8}, /* should match 8 */
547 {.port_dst = 80, .port_src = 1024,
548 .allow = 13, .deny = 20}, /* should match 13,20 */
549 {.port_dst = 79, .port_src = 1024,
550 .allow = 14, .deny = 20}, /* should match 14,20 */
551 {.proto = 0x5, .ip_dst = IPv4(192,168,2,50),
552 .allow = 1, .deny = 23}, /* should match 1, 23 */
553
554 {.proto = 0x5, .ip_dst = IPv4(192,168,1,50),
555 .allow = 2, .deny = 23}, /* should match 2, 23 */
556 {.vlan = 0x64, .domain = 0x5,
557 .allow = 11, .deny = 12}, /* should match 11, 12 */
558 {.proto = 0x5, .port_src = 80,
559 .allow = 17, .deny = 23}, /* should match 17, 23 */
560 {.proto = 0x5, .port_dst = 80,
561 .allow = 13, .deny = 23}, /* should match 13, 23 */
562 {.proto = 0x51, .port_src = 5000}, /* should not match */
563 {.ip_src = IPv4(192,168,1,50),
564 .ip_dst = IPv4(10,0,0,0),
565 .proto = 0x51,
566 .port_src = 5000,
567 .port_dst = 5000}, /* should not match */
568
569 /* test full packet rules */
570 {
571 .ip_dst = IPv4(1,2,100,200),
572 .ip_src = IPv4(5,6,7,254),
573 .proto = 0x5,
574 .vlan = 0x8100,
575 .domain = 0x64,
576 .port_src = 12345,
577 .port_dst = 80,
578 .allow = 24,
579 .deny = 23
580 }, /* should match 23, 24 */
581 {
582 .ip_dst = IPv4(5,6,7,254),
583 .ip_src = IPv4(1,2,100,200),
584 .proto = 0x5,
585 .vlan = 0x8100,
586 .domain = 0x64,
587 .port_src = 12345,
588 .port_dst = 80,
589 .allow = 13,
590 .deny = 25
591 }, /* should match 13, 25 */
592 {
593 .ip_dst = IPv4(1,10,20,30),
594 .ip_src = IPv4(5,6,7,8),
595 .proto = 0x5,
596 .vlan = 0x64,
597 .port_src = 12345,
598 .port_dst = 80,
599 .allow = 26,
600 .deny = 23
601 }, /* should match 23, 26 */
602 {
603 .ip_dst = IPv4(5,6,7,8),
604 .ip_src = IPv4(1,10,20,30),
605 .proto = 0x5,
606 .vlan = 0x64,
607 .port_src = 12345,
608 .port_dst = 80,
609 .allow = 13,
610 .deny = 27
611 }, /* should match 13, 27 */
612 {
613 .ip_dst = IPv4(2,2,3,4),
614 .ip_src = IPv4(4,6,7,8),
615 .proto = 0x5,
616 .vlan = 0x64,
617 .port_src = 12345,
618 .port_dst = 80,
619 .allow = 13,
620 .deny = 23
621 }, /* should match 13, 23 */
622 {
623 .ip_dst = IPv4(1,2,3,4),
624 .ip_src = IPv4(4,6,7,8),
625 .proto = 0x5,
626 .vlan = 0x64,
627 .port_src = 12345,
628 .port_dst = 80,
629 .allow = 13,
630 .deny = 23
631 }, /* should match 13, 23 */
632
633
634 /* visual separator! */
635 {
636 .ip_dst = IPv4(1,2,100,200),
637 .ip_src = IPv4(5,6,7,254),
638 .proto = 0x55,
639 .vlan = 0x8000,
640 .domain = 0x6464,
641 .port_src = 12345,
642 .port_dst = 8080,
643 .allow = 10
644 }, /* should match 10 */
645 {
646 .ip_dst = IPv4(5,6,7,254),
647 .ip_src = IPv4(1,2,100,200),
648 .proto = 0x55,
649 .vlan = 0x8100,
650 .domain = 0x6464,
651 .port_src = 12345,
652 .port_dst = 180,
653 .allow = 10
654 }, /* should match 10 */
655 {
656 .ip_dst = IPv4(1,10,20,30),
657 .ip_src = IPv4(5,6,7,8),
658 .proto = 0x55,
659 .vlan = 0x64,
660 .port_src = 12345,
661 .port_dst = 180,
662 .allow = 7
663 }, /* should match 7 */
664 {
665 .ip_dst = IPv4(5,6,7,8),
666 .ip_src = IPv4(1,10,20,30),
667 .proto = 0x55,
668 .vlan = 0x64,
669 .port_src = 12345,
670 .port_dst = 180,
671 .allow = 7
672 }, /* should match 7 */
673 {
674 .ip_dst = IPv4(2,2,3,4),
675 .ip_src = IPv4(4,6,7,8),
676 .proto = 0x55,
677 .vlan = 0x64,
678 .port_src = 12345,
679 .port_dst = 180,
680 .allow = 7
681 }, /* should match 7 */
682 {
683 .ip_dst = IPv4(1,2,3,4),
684 .ip_src = IPv4(4,6,7,8),
685 .proto = 0x50,
686 .vlan = 0x6466,
687 .port_src = 12345,
688 .port_dst = 12345,
689 }, /* should not match */
690 };
691
692 #endif /* TEST_ACL_H_ */
Ceph