summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
cd8091d)
Some test rules had equal priority for the same category.
That can cause an ambiguity in build trie and test results.
Specify different priority value for each rule from the same category.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
/* matches all packets traveling to 192.168.0.0/16 */
{
.data = {.userdata = 1, .category_mask = ACL_ALLOW_MASK,
/* matches all packets traveling to 192.168.0.0/16 */
{
.data = {.userdata = 1, .category_mask = ACL_ALLOW_MASK,
.dst_addr = IPv4(192,168,0,0),
.dst_mask_len = 16,
.src_port_low = 0,
.dst_addr = IPv4(192,168,0,0),
.dst_mask_len = 16,
.src_port_low = 0,
/* matches all packets traveling to 192.168.1.0/24 */
{
.data = {.userdata = 2, .category_mask = ACL_ALLOW_MASK,
/* matches all packets traveling to 192.168.1.0/24 */
{
.data = {.userdata = 2, .category_mask = ACL_ALLOW_MASK,
.dst_addr = IPv4(192,168,1,0),
.dst_mask_len = 24,
.src_port_low = 0,
.dst_addr = IPv4(192,168,1,0),
.dst_mask_len = 24,
.src_port_low = 0,
/* matches all packets traveling to 192.168.1.50 */
{
.data = {.userdata = 3, .category_mask = ACL_DENY_MASK,
/* matches all packets traveling to 192.168.1.50 */
{
.data = {.userdata = 3, .category_mask = ACL_DENY_MASK,
.dst_addr = IPv4(192,168,1,50),
.dst_mask_len = 32,
.src_port_low = 0,
.dst_addr = IPv4(192,168,1,50),
.dst_mask_len = 32,
.src_port_low = 0,
/* matches all packets traveling from 10.0.0.0/8 */
{
.data = {.userdata = 4, .category_mask = ACL_ALLOW_MASK,
/* matches all packets traveling from 10.0.0.0/8 */
{
.data = {.userdata = 4, .category_mask = ACL_ALLOW_MASK,
.src_addr = IPv4(10,0,0,0),
.src_mask_len = 8,
.src_port_low = 0,
.src_addr = IPv4(10,0,0,0),
.src_mask_len = 8,
.src_port_low = 0,
/* matches all packets traveling from 10.1.1.0/24 */
{
.data = {.userdata = 5, .category_mask = ACL_ALLOW_MASK,
/* matches all packets traveling from 10.1.1.0/24 */
{
.data = {.userdata = 5, .category_mask = ACL_ALLOW_MASK,
.src_addr = IPv4(10,1,1,0),
.src_mask_len = 24,
.src_port_low = 0,
.src_addr = IPv4(10,1,1,0),
.src_mask_len = 24,
.src_port_low = 0,
/* matches all packets traveling from 10.1.1.1 */
{
.data = {.userdata = 6, .category_mask = ACL_DENY_MASK,
/* matches all packets traveling from 10.1.1.1 */
{
.data = {.userdata = 6, .category_mask = ACL_DENY_MASK,
.src_addr = IPv4(10,1,1,1),
.src_mask_len = 32,
.src_port_low = 0,
.src_addr = IPv4(10,1,1,1),
.src_mask_len = 32,
.src_port_low = 0,
/* matches all packets with lower 7 bytes of VLAN tag equal to 0x64 */
{
.data = {.userdata = 7, .category_mask = ACL_ALLOW_MASK,
/* matches all packets with lower 7 bytes of VLAN tag equal to 0x64 */
{
.data = {.userdata = 7, .category_mask = ACL_ALLOW_MASK,
.vlan = 0x64,
.vlan_mask = 0x7f,
.src_port_low = 0,
.vlan = 0x64,
.vlan_mask = 0x7f,
.src_port_low = 0,
/* matches all packets with VLAN tags that have 0x5 in them */
{
.data = {.userdata = 8, .category_mask = ACL_ALLOW_MASK,
/* matches all packets with VLAN tags that have 0x5 in them */
{
.data = {.userdata = 8, .category_mask = ACL_ALLOW_MASK,
.vlan = 0x5,
.vlan_mask = 0x5,
.src_port_low = 0,
.vlan = 0x5,
.vlan_mask = 0x5,
.src_port_low = 0,
/* matches all packets with VLAN tag 5 */
{
.data = {.userdata = 9, .category_mask = ACL_DENY_MASK,
/* matches all packets with VLAN tag 5 */
{
.data = {.userdata = 9, .category_mask = ACL_DENY_MASK,
.vlan = 0x5,
.vlan_mask = 0xffff,
.src_port_low = 0,
.vlan = 0x5,
.vlan_mask = 0xffff,
.src_port_low = 0,
/* matches all packets with lower 7 bytes of domain equal to 0x64 */
{
.data = {.userdata = 10, .category_mask = ACL_ALLOW_MASK,
/* matches all packets with lower 7 bytes of domain equal to 0x64 */
{
.data = {.userdata = 10, .category_mask = ACL_ALLOW_MASK,
.domain = 0x64,
.domain_mask = 0x7f,
.src_port_low = 0,
.domain = 0x64,
.domain_mask = 0x7f,
.src_port_low = 0,
/* matches all packets with domains that have 0x5 in them */
{
.data = {.userdata = 11, .category_mask = ACL_ALLOW_MASK,
/* matches all packets with domains that have 0x5 in them */
{
.data = {.userdata = 11, .category_mask = ACL_ALLOW_MASK,
.domain = 0x5,
.domain_mask = 0x5,
.src_port_low = 0,
.domain = 0x5,
.domain_mask = 0x5,
.src_port_low = 0,
/* matches all packets with domain 5 */
{
.data = {.userdata = 12, .category_mask = ACL_DENY_MASK,
/* matches all packets with domain 5 */
{
.data = {.userdata = 12, .category_mask = ACL_DENY_MASK,
.domain = 0x5,
.domain_mask = 0xffff,
.src_port_low = 0,
.domain = 0x5,
.domain_mask = 0xffff,
.src_port_low = 0,
/* matches everything with dst port 80 */
{
.data = {.userdata = 13, .category_mask = ACL_ALLOW_MASK,
/* matches everything with dst port 80 */
{
.data = {.userdata = 13, .category_mask = ACL_ALLOW_MASK,
.dst_port_low = 80,
.dst_port_high = 80,
.src_port_low = 0,
.dst_port_low = 80,
.dst_port_high = 80,
.src_port_low = 0,
/* matches everything with dst port 22-1023 */
{
.data = {.userdata = 14, .category_mask = ACL_ALLOW_MASK,
/* matches everything with dst port 22-1023 */
{
.data = {.userdata = 14, .category_mask = ACL_ALLOW_MASK,
.dst_port_low = 22,
.dst_port_high = 1023,
.src_port_low = 0,
.dst_port_low = 22,
.dst_port_high = 1023,
.src_port_low = 0,
/* matches everything with dst port 1020 */
{
.data = {.userdata = 15, .category_mask = ACL_DENY_MASK,
/* matches everything with dst port 1020 */
{
.data = {.userdata = 15, .category_mask = ACL_DENY_MASK,
.dst_port_low = 1020,
.dst_port_high = 1020,
.src_port_low = 0,
.dst_port_low = 1020,
.dst_port_high = 1020,
.src_port_low = 0,
/* matches everything with dst portrange 1000-2000 */
{
.data = {.userdata = 16, .category_mask = ACL_DENY_MASK,
/* matches everything with dst portrange 1000-2000 */
{
.data = {.userdata = 16, .category_mask = ACL_DENY_MASK,
.dst_port_low = 1000,
.dst_port_high = 2000,
.src_port_low = 0,
.dst_port_low = 1000,
.dst_port_high = 2000,
.src_port_low = 0,
/* matches everything with src port 80 */
{
.data = {.userdata = 17, .category_mask = ACL_ALLOW_MASK,
/* matches everything with src port 80 */
{
.data = {.userdata = 17, .category_mask = ACL_ALLOW_MASK,
.src_port_low = 80,
.src_port_high = 80,
.dst_port_low = 0,
.src_port_low = 80,
.src_port_high = 80,
.dst_port_low = 0,
/* matches everything with src port 22-1023 */
{
.data = {.userdata = 18, .category_mask = ACL_ALLOW_MASK,
/* matches everything with src port 22-1023 */
{
.data = {.userdata = 18, .category_mask = ACL_ALLOW_MASK,
.src_port_low = 22,
.src_port_high = 1023,
.dst_port_low = 0,
.src_port_low = 22,
.src_port_high = 1023,
.dst_port_low = 0,
/* matches everything with src port 1020 */
{
.data = {.userdata = 19, .category_mask = ACL_DENY_MASK,
/* matches everything with src port 1020 */
{
.data = {.userdata = 19, .category_mask = ACL_DENY_MASK,
.src_port_low = 1020,
.src_port_high = 1020,
.dst_port_low = 0,
.src_port_low = 1020,
.src_port_high = 1020,
.dst_port_low = 0,
/* matches everything with src portrange 1000-2000 */
{
.data = {.userdata = 20, .category_mask = ACL_DENY_MASK,
/* matches everything with src portrange 1000-2000 */
{
.data = {.userdata = 20, .category_mask = ACL_DENY_MASK,
.src_port_low = 1000,
.src_port_high = 2000,
.dst_port_low = 0,
.src_port_low = 1000,
.src_port_high = 2000,
.dst_port_low = 0,
/* matches all packets with protocol number either 0x64 or 0xE4 */
{
.data = {.userdata = 21, .category_mask = ACL_ALLOW_MASK,
/* matches all packets with protocol number either 0x64 or 0xE4 */
{
.data = {.userdata = 21, .category_mask = ACL_ALLOW_MASK,
.proto = 0x64,
.proto_mask = 0x7f,
.src_port_low = 0,
.proto = 0x64,
.proto_mask = 0x7f,
.src_port_low = 0,
/* matches all packets with protocol 5 */
{
.data = {.userdata = 23, .category_mask = ACL_DENY_MASK,
/* matches all packets with protocol 5 */
{
.data = {.userdata = 23, .category_mask = ACL_DENY_MASK,
.proto = 0x5,
.proto_mask = 0xff,
.src_port_low = 0,
.proto = 0x5,
.proto_mask = 0xff,
.src_port_low = 0,
/* rules combining various fields */
{
.data = {.userdata = 24, .category_mask = ACL_ALLOW_MASK,
/* rules combining various fields */
{
.data = {.userdata = 24, .category_mask = ACL_ALLOW_MASK,
/** make sure that unmasked bytes don't fail! */
.dst_addr = IPv4(1,2,3,4),
.dst_mask_len = 16,
/** make sure that unmasked bytes don't fail! */
.dst_addr = IPv4(1,2,3,4),
.dst_mask_len = 16,
},
{
.data = {.userdata = 25, .category_mask = ACL_DENY_MASK,
},
{
.data = {.userdata = 25, .category_mask = ACL_DENY_MASK,
.dst_addr = IPv4(5,6,7,8),
.dst_mask_len = 24,
.src_addr = IPv4(1,2,3,4),
.dst_addr = IPv4(5,6,7,8),
.dst_mask_len = 24,
.src_addr = IPv4(1,2,3,4),
},
{
.data = {.userdata = 26, .category_mask = ACL_ALLOW_MASK,
},
{
.data = {.userdata = 26, .category_mask = ACL_ALLOW_MASK,
.dst_addr = IPv4(1,2,3,4),
.dst_mask_len = 8,
.src_addr = IPv4(5,6,7,8),
.dst_addr = IPv4(1,2,3,4),
.dst_mask_len = 8,
.src_addr = IPv4(5,6,7,8),
},
{
.data = {.userdata = 27, .category_mask = ACL_DENY_MASK,
},
{
.data = {.userdata = 27, .category_mask = ACL_DENY_MASK,
.dst_addr = IPv4(5,6,7,8),
.dst_mask_len = 32,
.src_addr = IPv4(1,2,3,4),
.dst_addr = IPv4(5,6,7,8),
.dst_mask_len = 32,
.src_addr = IPv4(1,2,3,4),