[netfilter-cvslog] r3324 - trunk/nfsim-testsuite/03NAT
rusty at netfilter.org
rusty at netfilter.org
Mon Dec 13 00:32:17 CET 2004
Author: rusty at netfilter.org
Date: 2004-12-13 00:32:16 +0100 (Mon, 13 Dec 2004)
New Revision: 3324
Modified:
trunk/nfsim-testsuite/03NAT/10source-map.sim
trunk/nfsim-testsuite/03NAT/17masq.sim
trunk/nfsim-testsuite/03NAT/20tolocal.sim
trunk/nfsim-testsuite/03NAT/21loopback.sim
Log:
Test actually reflect reality (well, reality after my patches applied).
Modified: trunk/nfsim-testsuite/03NAT/10source-map.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/10source-map.sim 2004-12-12 23:31:35 UTC (rev 3323)
+++ trunk/nfsim-testsuite/03NAT/10source-map.sim 2004-12-12 23:32:16 UTC (rev 3324)
@@ -7,23 +7,23 @@
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.1.2
# This will map to 192.168.1.2:1024
-expect gen_ip hook:NF_IP_POST_ROUTING ip_nat_standalone.c NF_ACCEPT {IPv4 192.168.1.2 192.168.100.2 0 6 1024 80 SYN}
+expect gen_ip hook:NF_IP_POST_ROUTING iptable_nat NF_ACCEPT {IPv4 192.168.1.2 192.168.100.2 0 6 1024 80 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.100.2 0 tcp 1024 80 SYN
# This will bind to 192.168.1.2:1025, since they clash.
-expect gen_ip hook:NF_IP_POST_ROUTING ip_nat_standalone.c NF_ACCEPT {IPv4 192.168.1.2 192.168.100.2 0 6 1025 80 SYN}
+expect gen_ip hook:NF_IP_POST_ROUTING iptable_nat NF_ACCEPT {IPv4 192.168.1.2 192.168.100.2 0 6 1025 80 SYN}
gen_ip IF=eth0 192.168.0.3 192.168.100.2 0 tcp 1024 80 SYN
# Different dest IP, but will bind to same port, even though
# original would be free.
-expect gen_ip hook:NF_IP_POST_ROUTING ip_nat_standalone.c NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1025 80 SYN}
+expect gen_ip hook:NF_IP_POST_ROUTING iptable_nat NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1025 80 SYN}
gen_ip IF=eth0 192.168.0.3 192.168.100.3 0 tcp 1024 80 SYN
# Different dest port, but will bind to same port, even though
# original would be free.
-expect gen_ip hook:NF_IP_POST_ROUTING ip_nat_standalone.c NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1025 81 SYN}
+expect gen_ip hook:NF_IP_POST_ROUTING iptable_nat NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1025 81 SYN}
gen_ip IF=eth0 192.168.0.3 192.168.100.3 0 tcp 1024 81 SYN
# Sanity: unrelated connection (new IP) should get normal port.
-expect gen_ip hook:NF_IP_POST_ROUTING ip_nat_standalone.c NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1024 82 SYN}
+expect gen_ip hook:NF_IP_POST_ROUTING iptable_nat NF_ACCEPT {IPv4 192.168.1.2 192.168.100.3 0 6 1024 82 SYN}
gen_ip IF=eth0 192.168.0.4 192.168.100.3 0 tcp 1024 82 SYN
Modified: trunk/nfsim-testsuite/03NAT/17masq.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/17masq.sim 2004-12-12 23:31:35 UTC (rev 3323)
+++ trunk/nfsim-testsuite/03NAT/17masq.sim 2004-12-12 23:32:16 UTC (rev 3324)
@@ -39,8 +39,8 @@
ifconfig eth1 down
ifconfig eth1 192.168.1.2 24 192.168.1.255 up
-# Reply should not be mapped.
-expect gen_ip send:lo {IPv4 192.168.1.2 192.168.1.1 100 1 0 0 60 62}
+# Reply should not be mapped, so will come back out.
+expect gen_ip send:eth1 {IPv4 192.168.1.2 192.168.1.1 100 1 0 0 60 62}
gen_ip IF=eth1 192.168.1.2 192.168.1.1 100 1 0 0 60 62
iptables -t nat -D POSTROUTING -s 192.168.0.2 -d 192.168.1.0/24 -j MASQUERADE
@@ -50,16 +50,16 @@
ifconfig eth1 192.168.1.1 24 192.168.1.255 up
# Check port range for masquerading.
-iptables -t nat -p tcp -A POSTROUTING -o tap1 -j MASQUERADE --to-port 61000-65095
+iptables -t nat -p tcp -A POSTROUTING -o eth1 -j MASQUERADE --to-port 61000-65095
-expect gen_ip send:eth1 192.168.1.1 192.168.1.2 0 6 61000 80 SYN
+expect gen_ip send:eth1 {IPv4 192.168.1.1 192.168.1.2 0 6 61000 80 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1024 80 SYN
-expect gen_ip send:eth1 192.168.1.1 192.168.1.2 0 6 61001 80 SYN
+expect gen_ip send:eth1 {IPv4 192.168.1.1 192.168.1.2 0 6 61001 80 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1025 80 SYN
# Test rule listing:
-expect iptables 2 200 MASQUERADE tcp -- \* eth1 0.0.0.0/0 0.0.0.0/0 masq ports: 61000-65095
+expect iptables 2 80 MASQUERADE tcp -- * eth1 0.0.0.0/0 0.0.0.0/0 masq ports: 61000-65095
iptables -t nat -L POSTROUTING -v -n
-iptables -t nat -p tcp -D POSTROUTING -o tap1 -j MASQUERADE --to-port 61000-65095
+iptables -t nat -p tcp -D POSTROUTING -o eth1 -j MASQUERADE --to-port 61000-65095
Modified: trunk/nfsim-testsuite/03NAT/20tolocal.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/20tolocal.sim 2004-12-12 23:31:35 UTC (rev 3323)
+++ trunk/nfsim-testsuite/03NAT/20tolocal.sim 2004-12-12 23:32:16 UTC (rev 3324)
@@ -8,12 +8,12 @@
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.0.1
# Test sending SYN to eth0; rely on no anti-spoofing.
-expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 0 6 100 1 SYN}
-gen_ip IF=eth0 192.168.1.5 192.168.0.1 0 6 100 1 SYN
+expect gen_ip send:LOCAL {IPv4 192.168.1.5 192.168.0.1 0 6 1 2 SYN}
+gen_ip IF=eth0 192.168.1.5 192.168.0.1 0 6 1 2 SYN
# ACK will cover data + 1.
-expect gen_ip send:eth1 {IPv4 192.168.1.5 192.168.0.1 0 6 100 1 SYN}
-gen_ip 192.168.0.1 192.168.0.1 0 6 1 100 RST/ACK ACK=1
+expect gen_ip send:eth1 {IPv4 192.168.0.1 192.168.1.5 0 6 1 2 RST/ACK ACK=1}
+gen_ip 192.168.0.1 192.168.1.5 0 6 1 2 RST/ACK ACK=1
iptables -t nat -D POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.0.1
@@ -21,17 +21,15 @@
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
# Test sending SYN to eth0; rely on no anti-spoofing.
-expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 0 6 100 1 SYN}
-gen_ip IF=eth0 192.168.1.5 192.168.0.1 0 6 100 1 SYN
+expect gen_ip send:LOCAL {IPv4 192.168.1.5 192.168.0.1 0 6 1 2 SYN}
+gen_ip IF=eth0 192.168.1.5 192.168.0.1 0 6 1 2 SYN
# ACK will cover data + 1.
-expect gen_ip send:eth1 {IPv4 192.168.1.5 192.168.0.1 0 6 100 1 SYN}
-gen_ip 192.168.0.1 192.168.0.1 0 6 1 100 RST/ACK ACK=1
+expect gen_ip send:eth1 {IPv4 192.168.0.1 192.168.1.5 0 6 1 2 RST/ACK ACK=1}
+gen_ip 192.168.0.1 192.168.1.5 0 6 1 2 RST/ACK ACK=1
-iptables -t nat -D POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.0.1
-
# Now, try a local packet to that interface.
-expect gen_up send:lo {IPv4 192.168.0.1 192.168.0.1 64 1 8 0 22 23}
+expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 64 1 8 0 22 23}
gen_ip 192.168.0.1 192.168.0.1 64 1 8 0 22 23
iptables -t nat -D POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
Modified: trunk/nfsim-testsuite/03NAT/21loopback.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/21loopback.sim 2004-12-12 23:31:35 UTC (rev 3323)
+++ trunk/nfsim-testsuite/03NAT/21loopback.sim 2004-12-12 23:32:16 UTC (rev 3324)
@@ -9,21 +9,23 @@
expect gen_ip send:eth0 {IPv4 192.168.0.1 192.168.0.2 33 17 100 101}
gen_ip 192.168.0.1 192.168.0.1 33 17 100 101
-expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 \[UNREPLIED\] src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
+expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 [UNREPLIED] src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
proc cat /proc/net/ip_conntrack
-# We will expire this to check that reply doesn't create connection.
time +15
-# Reply should not cause new conntrack.
-expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 33 17 101 100}
-gen_ip IF=eth0 192.168.0.2 192.168.0.1 100 17 101 100
+expect proc udp 17 15 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 [UNREPLIED] src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
+proc cat /proc/net/ip_conntrack
-expect proc udp 17 15 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
+# Reply should not cause new conntrack, just refresh this.
+expect gen_ip send:LOCAL {IPv4 192.168.0.1 192.168.0.1 33 17 101 100}
+gen_ip IF=eth0 192.168.0.2 192.168.0.1 33 17 101 100
+
+expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
proc cat /proc/net/ip_conntrack
# After that timeout, we'll be empty.
-time +15
+time infinity
expect ! proc *
proc cat /proc/net/ip_conntrack
@@ -33,24 +35,26 @@
# Map remote to local interface.
iptables -t nat -A OUTPUT -d 192.168.0.2 -j DNAT --to-dest 192.168.0.1
-expect gen_ip send:eth0 {IPv4 192.168.0.1 192.168.0.1 33 17 100 101}
+expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 33 17 100 101}
gen_ip 192.168.0.1 192.168.0.2 33 17 100 101
-expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.2 sport=100 dport=101 \[UNREPLIED\] src=192.168.0.1 dst=192.168.0.1 sport=101 dport=100 use=1
+expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.2 sport=100 dport=101 [UNREPLIED] src=192.168.0.1 dst=192.168.0.1 sport=101 dport=100 use=1
proc cat /proc/net/ip_conntrack
# We will expire this to check that reply doesn't create connection.
time +15
+expect proc udp 17 15 src=192.168.0.1 dst=192.168.0.2 sport=100 dport=101 [UNREPLIED] src=192.168.0.1 dst=192.168.0.1 sport=101 dport=100 use=1
+proc cat /proc/net/ip_conntrack
# Reply should not cause new conntrack.
-expect gen_ip send:lo {IPv4 192.168.0.2 192.168.0.1 33 17 101 100}
-gen_ip 192.168.0.1 192.168.0.1 100 17 101 100
+expect gen_ip send:lo {IPv4 192.168.0.1 192.168.0.1 33 17 101 100}
+gen_ip 192.168.0.1 192.168.0.1 33 17 101 100
-expect proc udp 17 15 src=192.168.0.1 dst=192.168.0.1 sport=100 dport=101 src=192.168.0.2 dst=192.168.0.1 sport=101 dport=100 use=1
+expect proc udp 17 30 src=192.168.0.1 dst=192.168.0.2 sport=100 dport=101 src=192.168.0.1 dst=192.168.0.1 sport=101 dport=100 use=1
proc cat /proc/net/ip_conntrack
# After that timeout, we'll be empty.
-time +15
+time +30
expect ! proc *
proc cat /proc/net/ip_conntrack
More information about the netfilter-cvslog
mailing list