[netfilter-cvslog] r3399 - trunk/nfsim-testsuite/02conntrack
rusty at netfilter.org
rusty at netfilter.org
Thu Dec 16 02:11:03 CET 2004
Author: rusty at netfilter.org
Date: 2004-12-16 02:11:02 +0100 (Thu, 16 Dec 2004)
New Revision: 3399
Added:
trunk/nfsim-testsuite/02conntrack/04icmp_reply.sim
trunk/nfsim-testsuite/02conntrack/05loopback.sim
trunk/nfsim-testsuite/02conntrack/06limit.sim
trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim
trunk/nfsim-testsuite/02conntrack/10ftp-port.sim
Log:
More tests brought across from old testsuite.
Added: trunk/nfsim-testsuite/02conntrack/04icmp_reply.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/04icmp_reply.sim 2004-12-16 01:10:34 UTC (rev 3398)
+++ trunk/nfsim-testsuite/02conntrack/04icmp_reply.sim 2004-12-16 01:11:02 UTC (rev 3399)
@@ -0,0 +1,29 @@
+# Test that icmp error packets are recognized as part of same connection.
+
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 1 8 0 55 57
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1024 1025 SYN
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1024 1025
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 2
+
+# Must be related to get through now.
+iptables -A FORWARD -m state ! --state RELATED -j DROP
+
+# Send a few errors for each one.
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+gen_err IF=eth1 LEN=8 192.168.1.2 3 0 192.168.0.2 192.168.1.2 0 1 8 0 55 57
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+gen_err IF=eth1 LEN=8 192.168.1.2 3 0 192.168.0.2 192.168.1.2 0 6 1024 1025 SYN
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+gen_err IF=eth1 LEN=8 192.168.1.2 3 0 192.168.0.2 192.168.1.2 0 17 1024 1025
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+gen_err IF=eth1 LEN=8 192.168.1.2 3 0 192.168.0.2 192.168.1.2 0 2
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+gen_err IF=eth1 LEN=8 192.168.1.2 3 1 192.168.0.2 192.168.1.2 0 1 8 0 55 57
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+gen_err IF=eth1 LEN=8 192.168.1.2 3 1 192.168.0.2 192.168.1.2 0 6 1024 1025 SYN
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+gen_err IF=eth1 LEN=8 192.168.1.2 3 1 192.168.0.2 192.168.1.2 0 17 1024 1025
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+gen_err IF=eth1 LEN=8 192.168.1.2 3 1 192.168.0.2 192.168.1.2 0 2
+
Added: trunk/nfsim-testsuite/02conntrack/05loopback.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/05loopback.sim 2004-12-16 01:10:34 UTC (rev 3398)
+++ trunk/nfsim-testsuite/02conntrack/05loopback.sim 2004-12-16 01:11:02 UTC (rev 3399)
@@ -0,0 +1,12 @@
+# Loopback connection tracking: should get a single connection.
+
+expect gen_ip send:lo {IPv4 127.0.0.1 127.0.0.1 0 1 8 0 55 57}
+gen_ip 127.0.0.1 127.0.0.1 0 1 8 0 55 57
+
+expect proc icmp 1 30 src=127.0.0.1 dst=127.0.0.1 type=8 code=0 id=55 [UNREPLIED] src=127.0.0.1 dst=127.0.0.1 type=0 code=0 id=55 use=1
+proc cat /proc/net/ip_conntrack
+
+expect proc 00000001 *
+proc cat /proc/net/stat/ip_conntrack
+
+
Added: trunk/nfsim-testsuite/02conntrack/06limit.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/06limit.sim 2004-12-16 01:10:34 UTC (rev 3398)
+++ trunk/nfsim-testsuite/02conntrack/06limit.sim 2004-12-16 01:11:02 UTC (rev 3399)
@@ -0,0 +1 @@
+# FIXME: implement writable sys entries, then test adjusting ip_conntrack_max.
Added: trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim 2004-12-16 01:10:34 UTC (rev 3398)
+++ trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim 2004-12-16 01:11:02 UTC (rev 3399)
@@ -0,0 +1,148 @@
+# Tests for PASV recognition.
+
+# Drop invalid packets, in case this script has a mistake.
+iptables -A FORWARD -m state --state INVALID -j DROP
+
+# Handshake (reverse of previous cases)
+expect gen_ip send:*
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 0 6 1024 21 SYN SEQ=2000 WIN=512
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 21 1024 SYN/ACK SEQ=1000 ACK=2001 WIN=512
+expect gen_ip send:*
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 0 6 1024 21 ACK SEQ=2001 ACK=1001 WIN=512
+expect proc tcp 6 432000 ESTABLISHED src=192.168.1.2 dst=192.168.0.2 sport=1024 dport=21 src=192.168.0.2 dst=192.168.1.2 sport=21 dport=1024 [ASSURED] use=1
+proc cat /proc/net/ip_conntrack
+
+# FTP PASV response: won't work because not preceeded by \n.
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 47 6 21 1024 ACK SEQ=1001 ACK=2001 WIN=512 DATA 227 Entering Passive Mode (192,168,0,2,7,236)\r\n
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+
+# Still shouldn't detect, because seq number doesn't place immediately after \n
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 47 6 21 1024 ACK SEQ=1049 ACK=2001 WIN=512 DATA 227 Entering Passive Mode (192,168,0,2,7,236)\r\n
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 47 6 21 1024 ACK SEQ=1047 ACK=2001 WIN=512 DATA 227 Entering Passive Mode (192,168,0,2,7,236)\r\n
+
+# Don't confuse with \n's going the other way.
+expect gen_ip send:*
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 10 6 1024 21 ACK SEQ=2001 ACK=1048 WIN=512 DATA Hi guys!\r\n
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 47 6 21 1024 ACK SEQ=1047 ACK=2011 WIN=512 DATA 227 Entering Passive Mode (192,168,0,2,7,236)\r\n
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+
+# Send CR:
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 1 6 21 1024 ACK SEQ=1095 ACK=2011 WIN=512 DATA \n
+
+# These partials should all fail.
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 1 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 2
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 2 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 22
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 3 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 4 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 5 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 6 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x x
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 7 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 8 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (1
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 9 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (19
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 10 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 11 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 12 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,1
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 13 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,16
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 14 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 15 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168,
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 16 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168,0
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 17 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168,0,
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 18 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168,0,2
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 19 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168,0,2,
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 20 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168,0,2,7
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 21 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168,0,2,7,
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 22 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168,0,2,7,2
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 23 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168,0,2,7,23
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 24 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 x (192,168,0,2,7,236
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+
+# This one should work.
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 47 6 21 1024 ACK SEQ=1096 ACK=2011 WIN=512 DATA 227 Entering Passive Mode (192,168,0,2,7,236)\r\n
+expect proc *
+proc cat /proc/net/ip_conntrack_expect
Added: trunk/nfsim-testsuite/02conntrack/10ftp-port.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/10ftp-port.sim 2004-12-16 01:10:34 UTC (rev 3398)
+++ trunk/nfsim-testsuite/02conntrack/10ftp-port.sim 2004-12-16 01:11:02 UTC (rev 3399)
@@ -0,0 +1,140 @@
+# Test ftp module's tracking code for PORT commands.
+
+# Drop invalid packets, in case this script has a mistake.
+iptables -A FORWARD -m state --state INVALID -j DROP
+
+# Handshake
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1024 21 SYN SEQ=1000 WIN=512
+expect gen_ip send:*
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 0 6 21 1024 SYN/ACK SEQ=2000 ACK=1001 WIN=512
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1024 21 ACK SEQ=1001 ACK=2001 WIN=512
+expect proc tcp 6 432000 ESTABLISHED src=192.168.0.2 dst=192.168.1.2 sport=1024 dport=21 src=192.168.1.2 dst=192.168.0.2 sport=21 dport=1024 [ASSURED] use=1
+proc cat /proc/net/ip_conntrack
+
+# FTP PORT COMMAND: won't work because not preceeded by \n.
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 24 6 1024 21 ACK SEQ=1001 ACK=2001 WIN=512 DATA PORT 192,168,0,2,7,236\r\n
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+
+# Still shouldn't detect, because seq number doesn't place immediately after \n
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 24 6 1024 21 ACK SEQ=1026 ACK=2001 WIN=512 DATA PORT 192,168,0,2,7,236\r\n
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 24 6 1024 21 ACK SEQ=1024 ACK=2001 WIN=512 DATA PORT 192,168,0,2,7,236\r\n
+
+# Don't confuse with \n's going the other way.
+expect gen_ip send:*
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 10 6 21 1024 ACK SEQ=2001 ACK=1040 WIN=512 DATA Hi guys!\r\n
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 24 6 1024 21 ACK SEQ=1026 ACK=2011 WIN=512 DATA PORT 192,168,0,2,7,236\r\n
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+
+# Send CR:
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 1 6 1024 21 ACK SEQ=1064 ACK=2011 WIN=512 DATA \n
+
+# These partials should all fail.
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 1 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA P
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 2 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PO
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 3 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA POR
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 4 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 5 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 6 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 1
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 7 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 19
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 8 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 9 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 10 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,1
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 11 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,16
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 12 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 13 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 14 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,0
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 15 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,0,
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 16 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,0,2
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 17 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,0,2,
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 18 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,0,2,7
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 19 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,0,2,7,
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 20 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,0,2,7,2
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 21 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,0,2,7,23
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+expect gen_ip *NF_DROP*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 22 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,0,2,7,236
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+
+# This one should work.
+expect gen_ip send:*
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 24 6 1024 21 ACK SEQ=1065 ACK=2011 WIN=512 DATA PORT 192,168,0,2,7,236\r\n
+expect proc *
+proc cat /proc/net/ip_conntrack_expect
More information about the netfilter-cvslog
mailing list