1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
# iifname . ip protocol . th dport vmap { "eth0" . tcp . 22 : accept, "eth1" . udp . 67 : drop }
__map%d test-netdev b size 2
__map%d test-netdev 0
element 30687465 00000000 00000000 00000000 00000006 00001600 : accept 0 [end] element 31687465 00000000 00000000 00000000 00000011 00004300 : drop 0 [end]
netdev test-netdev ingress
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ meta load iifname => reg 1 ]
[ payload load 1b @ network header + 9 => reg 2 ]
[ payload load 2b @ transport header + 2 => reg 13 ]
[ lookup reg 1 set __map%d dreg 0 ]
# ip saddr . @ih,32,32 { 1.1.1.1 . 0x14, 2.2.2.2 . 0x1e }
__set%d test-netdev 3 size 2
__set%d test-netdev 0
element 01010101 14000000 : 0 [end] element 02020202 1e000000 : 0 [end]
netdev test-netdev ingress
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ payload load 4b @ network header + 12 => reg 1 ]
[ payload load 4b @ inner header + 4 => reg 9 ]
[ lookup reg 1 set __set%d ]
# udp length . @th,160,128 vmap { 47-63 . 0xe373135363130333131303735353203 : accept }
__map%d test-netdev 8f size 1
__map%d test-netdev 0
element 00002f00 3531370e 33303136 37303131 03323535 - 00003f00 3531370e 33303136 37303131 03323535 : accept 0 [end]
netdev test-netdev ingress
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000011 ]
[ payload load 2b @ transport header + 4 => reg 1 ]
[ payload load 16b @ transport header + 20 => reg 9 ]
[ lookup reg 1 set __map%d dreg 0 ]
|
