Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / af4a414eb74d1456121023e6b3aa76af6c16f89a / . / src / scripts / vnet / urpf
blob: 1268ff50b72c4e49a29ee085136da6d07a819c1b [file] [log] [blame]
Neale Ranns3ee44042016-10-03 13:05:48 +0100[diff] [blame]1
2create loop int
3
4set int state loop0 up
5set int ip addr loop0 10.10.10.10/24
6
7packet-generator new {
8 name transit-deny
9 limit 1
10 node ip4-input
11 size 64-64
Neale Ranns3ee44042016-10-03 13:05:48 +0100[diff] [blame]12 data {
13 UDP: 1.2.3.4 -> 2.2.2.2
14 UDP: 3000 -> 3001
15 length 128 checksum 0 incrementing 1
16 }
17}
18
19packet-generator new {
20 name transit-allow
21 limit 1
22 node ip4-input
23 size 64-64
Neale Ranns3ee44042016-10-03 13:05:48 +0100[diff] [blame]24 data {
25 UDP: 1.1.1.1 -> 2.2.2.2
26 UDP: 3000 -> 3001
27 length 128 checksum 0 incrementing 1
28 }
29}
30
31packet-generator new {
32 name transit-allow-from-excemption
33 limit 1
34 node ip4-input
35 size 64-64
Neale Ranns3ee44042016-10-03 13:05:48 +0100[diff] [blame]36 data {
37 UDP: 11.11.12.13 -> 2.2.2.2
38 UDP: 6000 -> 6001
39 length 128 checksum 0 incrementing 1
40 }
41}
42
43packet-generator new {
44 name for-us-allow-from-excemption
45 limit 1
46 node ip4-input
47 size 64-64
Neale Ranns3ee44042016-10-03 13:05:48 +0100[diff] [blame]48 data {
49 UDP: 11.11.12.13 -> 10.10.10.10
50 UDP: 6000 -> 6001
51 length 128 checksum 0 incrementing 1
52 }
53}
54
55packet-generator new {
56 name for-us-allow
57 limit 1
58 node ip4-input
59 size 64-64
Neale Ranns3ee44042016-10-03 13:05:48 +0100[diff] [blame]60 data {
61 UDP: 1.1.1.1 -> 10.10.10.10
62 UDP: 3000 -> 3001
63 length 128 checksum 0 incrementing 1
64 }
65}
66
67tr add pg-input 100
68
69set int ip addr pg0 10.10.11.10/24
70
71set interface ip source-check pg0 strict
72
73ip route add 1.1.1.1/32 via 10.10.11.11 pg0
74ip route add 2.2.2.2/32 via 10.10.10.11 loop0
75
76ip urpf-accept 11.11.0.0/16
77
78#set interface ip source-check pg0 strict del
79#set interface ip source-check pg0 loose
80
81#ip urpf-accept del 11.11.0.0/16