[netfilter-cvslog] r3412 - in trunk/nfsim-testsuite: . 01iptables

rusty at netfilter.org rusty at netfilter.org
Thu Dec 16 08:05:08 CET 2004 

Author: rusty at netfilter.org
Date: 2004-12-16 08:05:08 +0100 (Thu, 16 Dec 2004)
New Revision: 3412

Added:
   trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim
   trunk/nfsim-testsuite/01iptables/26ipt_ttl-out-of-range.sim
Modified:
   trunk/nfsim-testsuite/expected-failures
Log:
peejix: Here's a little nfsim testsuite against ipt_ttl match.


Added: trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim	2004-12-16 07:04:14 UTC (rev 3411)
+++ trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim	2004-12-16 07:05:08 UTC (rev 3412)
@@ -0,0 +1,17 @@
+# Test for match function.
+# These should get NF_DROP verdict.
+expect gen_ip hook:NF_IP_PRE_ROUTING iptable_nat NF_DROP *
+
+iptables -t nat -I PREROUTING -m ttl --ttl-eq 50 -j DROP
+gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+
+iptables -t nat -I PREROUTING -m ttl --ttl-gt 51 -j DROP
+gen_ip IF=eth0 TTL=55 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+
+iptables -t nat -I PREROUTING -m ttl --ttl-lt 50 -j DROP
+gen_ip IF=eth0 TTL=49 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+
+# This packet with TTL=51 should be NF_ACCEPT'ed
+expect gen_ip hook:NF_IP_PRE_ROUTING iptable_nat NF_ACCEPT *
+gen_ip IF=eth0 TTL=51 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+

Added: trunk/nfsim-testsuite/01iptables/26ipt_ttl-out-of-range.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/26ipt_ttl-out-of-range.sim	2004-12-16 07:04:14 UTC (rev 3411)
+++ trunk/nfsim-testsuite/01iptables/26ipt_ttl-out-of-range.sim	2004-12-16 07:05:08 UTC (rev 3412)
@@ -0,0 +1,7 @@
+# This should fail but it doesn't because patch was lost
+# somewhere in the outter limit.
+# https://lists.netfilter.org/pipermail/netfilter-cvslog/2004-July/003454.html
+expect iptables iptables: command failed
+iptables -A INPUT -m ttl --ttl-eq -1
+iptables -A INPUT -m ttl --ttl-gt 300
+iptables -A INPUT -m ttl --ttl-lt -2000

Modified: trunk/nfsim-testsuite/expected-failures
===================================================================
--- trunk/nfsim-testsuite/expected-failures	2004-12-16 07:04:14 UTC (rev 3411)
+++ trunk/nfsim-testsuite/expected-failures	2004-12-16 07:05:08 UTC (rev 3412)
@@ -19,3 +19,4 @@
 2.6.10*:03NAT/13ip_nat_fill.sim
 2.6.10*:03NAT/17masq.sim
 2.6.10*:03NAT/21loopback.sim
+*:01iptables/26ipt_ttl-out-of-range.sim

More information about the netfilter-cvslog mailing list