[netfilter-cvslog] r3324 - trunk/nfsim-testsuite/03NAT

rusty at netfilter.org rusty at netfilter.org
Mon Dec 13 00:32:17 CET 2004 

Author: rusty at netfilter.org
Date: 2004-12-13 00:32:16 +0100 (Mon, 13 Dec 2004)
New Revision: 3324

Modified:
   trunk/nfsim-testsuite/03NAT/10source-map.sim
   trunk/nfsim-testsuite/03NAT/17masq.sim
   trunk/nfsim-testsuite/03NAT/20tolocal.sim
   trunk/nfsim-testsuite/03NAT/21loopback.sim
Log:
Test actually reflect reality (well, reality after my patches applied).


Modified: trunk/nfsim-testsuite/03NAT/10source-map.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/10source-map.sim	2004-12-12 23:31:35 UTC (rev 3323)
+++ trunk/nfsim-testsuite/03NAT/10source-map.sim	2004-12-12 23:32:16 UTC (rev 3324)
@@ -7,23 +7,23 @@
 iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.1.2
 
 # This will map to 192.168.1.2:1024
-expect gen_ip hook:NF_IP_POST_ROUTING ip_nat_standalone.c NF_ACCEPT {IPv4 192.168.1.2 192.168.100.2 0 6 1024 80 SYN}
+expect gen_ip hook:NF_IP_POST_ROUTING iptable_nat NF_ACCEPT {IPv4 192.168.1.2 192.168.100.2 0 6 1024 80 SYN}
 gen_ip IF=eth0 192.168.0.2 192.168.100.2 0 tcp 1024 80 SYN
 
 # This will bind to 192.168.1.2:1025, since they clash.
-expect gen_ip hook:NF_IP_POST_ROUTING ip_nat_standalone.c NF_ACCEPT {IPv4 192.168.1.2 192.168.100.2 0 6 1025 80 SYN}
+expect gen_ip hook:NF_IP_POST_ROUTING iptable_nat NF_ACCEPT {IPv4 192.168.1.2 192.168.100.2 0 6 1025 80 SYN}
 gen_ip IF=eth0 192.168.0.3 192.168.100.2 0 tcp 1024 80 SYN
 
 # Different dest IP, but will bind to same port, even though
 # original would be free.
-expect gen_ip hook:NF_IP_POST_ROUTING ip_nat_standalone.c NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1025 80 SYN}
+expect gen_ip hook:NF_IP_POST_ROUTING iptable_nat NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1025 80 SYN}
 gen_ip IF=eth0 192.168.0.3 192.168.100.3 0 tcp 1024 80 SYN
 
 # Different dest port, but will bind to same port, even though
 # original would be free.
-expect gen_ip hook:NF_IP_POST_ROUTING ip_nat_standalone.c NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1025 81 SYN}
+expect gen_ip hook:NF_IP_POST_ROUTING iptable_nat NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1025 81 SYN}
 gen_ip IF=eth0 192.168.0.3 192.168.100.3 0 tcp 1024 81 SYN
 
 # Sanity: unrelated connection (new IP) should get normal port.
-expect gen_ip hook:NF_IP_POST_ROUTING ip_nat_standalone.c NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1024 82 SYN}
+expect gen_ip hook:NF_IP_POST_ROUTING iptable_nat NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1024 82 SYN}
 gen_ip IF=eth0 192.168.0.4 192.168.100.3 0 tcp 1024 82 SYN

Modified: trunk/nfsim-testsuite/03NAT/17masq.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/17masq.sim	2004-12-12 23:31:35 UTC (rev 3323)
+++ trunk/nfsim-testsuite/03NAT/17masq.sim	2004-12-12 23:32:16 UTC (rev 3324)
@@ -39,8 +39,8 @@
 ifconfig eth1 down
 ifconfig eth1 192.168.1.2 24 192.168.1.255 up
 
-# Reply should not be mapped.
-expect gen_ip send:lo {IPv4 192.168.1.2 192.168.1.1 100 1 0 0 60 62}
+# Reply should not be mapped, so will come back out.
+expect gen_ip send:eth1 {IPv4 192.168.1.2 192.168.1.1 100 1 0 0 60 62}
 gen_ip IF=eth1 192.168.1.2 192.168.1.1 100 1 0 0 60 62
 
 iptables -t nat -D POSTROUTING -s 192.168.0.2 -d 192.168.1.0/24 -j MASQUERADE
@@ -50,16 +50,16 @@
 ifconfig eth1 192.168.1.1 24 192.168.1.255 up
 
 # Check port range for masquerading.
-iptables -t nat -p tcp -A POSTROUTING -o tap1 -j MASQUERADE --to-port 61000-65095
+iptables -t nat -p tcp -A POSTROUTING -o eth1 -j MASQUERADE --to-port 61000-65095
 
-expect gen_ip send:eth1 192.168.1.1 192.168.1.2 0 6 61000 80 SYN
+expect gen_ip send:eth1 {IPv4 192.168.1.1 192.168.1.2 0 6 61000 80 SYN}
 gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1024 80 SYN
 
-expect gen_ip send:eth1 192.168.1.1 192.168.1.2 0 6 61001 80 SYN
+expect gen_ip send:eth1 {IPv4 192.168.1.1 192.168.1.2 0 6 61001 80 SYN}
 gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1025 80 SYN
 
 # Test rule listing:
-expect iptables     2   200 MASQUERADE  tcp  --  \*      eth1    0.0.0.0/0            0.0.0.0/0          masq ports: 61000-65095 
+expect iptables     2   80 MASQUERADE  tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0          masq ports: 61000-65095 
 iptables -t nat -L POSTROUTING -v -n
 
-iptables -t nat -p tcp -D POSTROUTING -o tap1 -j MASQUERADE --to-port 61000-65095
+iptables -t nat -p tcp -D POSTROUTING -o eth1 -j MASQUERADE --to-port 61000-65095

Modified: trunk/nfsim-testsuite/03NAT/20tolocal.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/20tolocal.sim	2004-12-12 23:31:35 UTC (rev 3323)
+++ trunk/nfsim-testsuite/03NAT/20tolocal.sim	2004-12-12 23:32:16 UTC (rev 3324)
@@ -8,12 +8,12 @@
 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.0.1
 
 # Test sending SYN to eth0; rely on no anti-spoofing.
-expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 0 6 100 1 SYN}
-gen_ip IF=eth0 192.168.1.5 192.168.0.1 0 6 100 1 SYN
+expect gen_ip send:LOCAL {IPv4 192.168.1.5 192.168.0.1 0 6 1 2 SYN}
+gen_ip IF=eth0 192.168.1.5 192.168.0.1 0 6 1 2 SYN
 
 # ACK will cover data + 1.
-expect gen_ip send:eth1 {IPv4 192.168.1.5 192.168.0.1 0 6 100 1 SYN}
-gen_ip 192.168.0.1 192.168.0.1 0 6 1 100 RST/ACK ACK=1
+expect gen_ip send:eth1 {IPv4 192.168.0.1 192.168.1.5 0 6 1 2 RST/ACK ACK=1}
+gen_ip 192.168.0.1 192.168.1.5 0 6 1 2 RST/ACK ACK=1
 
 iptables -t nat -D POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.0.1
 
@@ -21,17 +21,15 @@
 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
 
 # Test sending SYN to eth0; rely on no anti-spoofing.
-expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 0 6 100 1 SYN}
-gen_ip IF=eth0 192.168.1.5 192.168.0.1 0 6 100 1 SYN
+expect gen_ip send:LOCAL {IPv4 192.168.1.5 192.168.0.1 0 6 1 2 SYN}
+gen_ip IF=eth0 192.168.1.5 192.168.0.1 0 6 1 2 SYN
 
 # ACK will cover data + 1.
-expect gen_ip send:eth1 {IPv4 192.168.1.5 192.168.0.1 0 6 100 1 SYN}
-gen_ip 192.168.0.1 192.168.0.1 0 6 1 100 RST/ACK ACK=1
+expect gen_ip send:eth1 {IPv4 192.168.0.1 192.168.1.5 0 6 1 2 RST/ACK ACK=1}
+gen_ip 192.168.0.1 192.168.1.5 0 6 1 2 RST/ACK ACK=1
 
-iptables -t nat -D POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.0.1
-
 # Now, try a local packet to that interface.
-expect gen_up send:lo {IPv4 192.168.0.1 192.168.0.1 64 1 8 0 22 23}
+expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 64 1 8 0 22 23}
 gen_ip 192.168.0.1 192.168.0.1 64 1 8 0 22 23
 
 iptables -t nat -D POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

Modified: trunk/nfsim-testsuite/03NAT/21loopback.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/21loopback.sim	2004-12-12 23:31:35 UTC (rev 3323)
+++ trunk/nfsim-testsuite/03NAT/21loopback.sim	2004-12-12 23:32:16 UTC (rev 3324)
@@ -9,21 +9,23 @@
 expect gen_ip send:eth0 {IPv4 192.168.0.1 192.168.0.2 33 17 100 101}
 gen_ip 192.168.0.1 192.168.0.1 33 17 100 101
 
-expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 \[UNREPLIED\] src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
+expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 [UNREPLIED] src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
 proc cat /proc/net/ip_conntrack
 
-# We will expire this to check that reply doesn't create connection.
 time +15
 
-# Reply should not cause new conntrack.
-expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 33 17 101 100}
-gen_ip IF=eth0 192.168.0.2 192.168.0.1 100 17 101 100
+expect proc udp 17 15 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 [UNREPLIED] src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
+proc cat /proc/net/ip_conntrack
 
-expect proc udp 17 15 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
+# Reply should not cause new conntrack, just refresh this.
+expect gen_ip send:LOCAL {IPv4 192.168.0.1 192.168.0.1 33 17 101 100}
+gen_ip IF=eth0 192.168.0.2 192.168.0.1 33 17 101 100
+
+expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
 proc cat /proc/net/ip_conntrack
 
 # After that timeout, we'll be empty.
-time +15
+time infinity
 expect ! proc *
 proc cat /proc/net/ip_conntrack
 
@@ -33,24 +35,26 @@
 # Map remote to local interface.
 iptables -t nat -A OUTPUT -d 192.168.0.2 -j DNAT --to-dest 192.168.0.1
 
-expect gen_ip send:eth0 {IPv4 192.168.0.1 192.168.0.1 33 17 100 101}
+expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 33 17 100 101}
 gen_ip 192.168.0.1 192.168.0.2 33 17 100 101
 
-expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.2 sport=100 dport=101 \[UNREPLIED\] src=192.168.0.1 dst=192.168.0.1 sport=101 dport=100 use=1
+expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.2 sport=100 dport=101 [UNREPLIED] src=192.168.0.1 dst=192.168.0.1 sport=101 dport=100 use=1
 proc cat /proc/net/ip_conntrack
 
 # We will expire this to check that reply doesn't create connection.
 time +15
+expect proc udp 17 15 src=192.168.0.1 dst=192.168.0.2 sport=100 dport=101 [UNREPLIED] src=192.168.0.1 dst=192.168.0.1 sport=101 dport=100 use=1
+proc cat /proc/net/ip_conntrack
 
 # Reply should not cause new conntrack.
-expect gen_ip send:lo {IPv4 192.168.0.2 192.168.0.1 33 17 101 100}
-gen_ip 192.168.0.1 192.168.0.1 100 17 101 100
+expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 33 17 101 100}
+gen_ip 192.168.0.1 192.168.0.1 33 17 101 100
 
-expect proc udp 17 15 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
+expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.2 sport=100 dport=101 src=192.168.0.1 dst=192.168.0.1 sport=101 dport=100 use=1
 proc cat /proc/net/ip_conntrack
 
 # After that timeout, we'll be empty.
-time +15
+time +30
 expect ! proc *
 proc cat /proc/net/ip_conntrack

More information about the netfilter-cvslog mailing list