[netfilter-cvslog] r3436 - trunk/nfsim-testsuite/01iptables

rusty at netfilter.org rusty at netfilter.org
Fri Dec 17 11:33:26 CET 2004 

Author: rusty at netfilter.org
Date: 2004-12-17 11:33:26 +0100 (Fri, 17 Dec 2004)
New Revision: 3436

Added:
   trunk/nfsim-testsuite/01iptables/30LOG.sim
Log:
Test for ipt_LOG: not exhaustive (needs AH, ESP and truncated packet tests, at least) but takes it out of bottom 10 covered files.


Added: trunk/nfsim-testsuite/01iptables/30LOG.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/30LOG.sim	2004-12-17 10:32:22 UTC (rev 3435)
+++ trunk/nfsim-testsuite/01iptables/30LOG.sim	2004-12-17 10:33:26 UTC (rev 3436)
@@ -0,0 +1,198 @@
+# Test for the LOG target.
+
+# Don't want conntrack to interfere with fragments.
+
+rmmod -a
+insmod ip_tables
+insmod iptable_filter
+insmod ipt_LOG
+
+# FORWARD has input and output interfaces
+iptables -A FORWARD -j LOG
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+iptables -D FORWARD -j LOG
+
+# INPUT has only input interface, has MAC.
+iptables -A INPUT -j LOG
+expect gen_ip send:LOCAL {IPv4 192.168.0.3 192.168.1.1 0 3}
+expect gen_ip <4>IN=eth0 OUT= MAC=00:00:00:00:00:00 SRC=192.168.0.3 DST=192.168.1.1 LEN=20 TOS=0x00 PREC=0x00 TTL=255 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.1 0 3
+iptables -D INPUT -j LOG
+
+# OUTPUT has only output interface
+iptables -A OUTPUT -j LOG
+expect gen_ip send:eth1 {IPv4 192.168.1.1 192.168.1.2 0 3}
+expect gen_ip <4>IN= OUT=eth1 SRC=192.168.1.1 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=255 ID=0 PROTO=3
+gen_ip 192.168.1.1 192.168.1.2 0 3
+iptables -D OUTPUT -j LOG
+
+iptables -A FORWARD -j LOG
+
+# Test fragments
+expect gen_ip send:eth1 {IPv4 FRAG=8 192.168.0.3 192.168.1.2}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=30 TOS=0x00 PREC=0x00 TTL=254 ID=0 FRAG:1 PROTO=3
+gen_ip IF=eth0 FRAG=8,10 192.168.0.3 192.168.1.2 20 3
+
+expect gen_ip send:eth1 {IPv4 FRAG=8 192.168.0.3 192.168.1.2}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=30 TOS=0x00 PREC=0x00 TTL=254 ID=0 FRAG:1 PROTO=TCP
+gen_ip IF=eth0 FRAG=8,10 192.168.0.3 192.168.1.2 20 6 1 2 SYN
+
+expect gen_ip send:eth1 {IPv4 FRAG=8 192.168.0.3 192.168.1.2}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=30 TOS=0x00 PREC=0x00 TTL=254 ID=0 FRAG:1 PROTO=UDP
+gen_ip IF=eth0 FRAG=8,10 192.168.0.3 192.168.1.2 20 17 1 2
+
+expect gen_ip send:eth1 {IPv4 FRAG=8 192.168.0.3 192.168.1.2}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=30 TOS=0x00 PREC=0x00 TTL=254 ID=0 FRAG:1 PROTO=ICMP
+gen_ip IF=eth0 FRAG=8,10 192.168.0.3 192.168.1.2 20 1 3 0
+
+expect gen_ip send:eth1 {IPv4 CE 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 CE PROTO=3
+gen_ip IF=eth0 CE 192.168.0.3 192.168.1.2 0 3
+
+expect gen_ip send:eth1 {IPv4 MF 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 MF PROTO=3
+gen_ip IF=eth0 MF 192.168.0.3 192.168.1.2 0 3
+
+expect gen_ip send:eth1 {IPv4 DF 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 DF PROTO=3
+gen_ip IF=eth0 DF 192.168.0.3 192.168.1.2 0 3
+
+# Test for UDP.
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 17 1 2}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=UDP SPT=1 DPT=2 LEN=8
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+
+# Test for TCP (all flags)
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 SYN}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 WINDOW=0 RES=0x00 SYN URGP=0
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 SYN
+
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 ACK}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 WINDOW=0 RES=0x00 ACK URGP=0
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 ACK
+
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 RST}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 WINDOW=0 RES=0x00 RST URGP=0
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 RST
+
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 FIN}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 WINDOW=0 RES=0x00 FIN URGP=0
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 FIN
+
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 URG}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 WINDOW=0 RES=0x00 URG URGP=0
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 URG
+
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 PSH}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 WINDOW=0 RES=0x00 PSH URGP=0
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 PSH
+
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 CWR}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 WINDOW=0 RES=0x00 CWR URGP=0
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 CWR
+
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 ECE}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 WINDOW=0 RES=0x00 ECE URGP=0
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 ECE
+
+# TCP with options
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 SYN OPT=5,2,0,0}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=44 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 WINDOW=0 RES=0x00 SYN URGP=0
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 SYN OPT=5,2,0,0
+iptables -D FORWARD -j LOG
+
+# Test TCP logging options
+iptables -A FORWARD -j LOG --log-tcp-sequence
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 SYN SEQ=100 ACK=2000 OPT=5,2,0,0}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=44 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 SEQ=100 ACK=2000 WINDOW=0 RES=0x00 SYN URGP=0
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 SYN SEQ=100 ACK=2000 OPT=5,2,0,0
+iptables -D FORWARD -j LOG --log-tcp-sequence
+
+iptables -A FORWARD -j LOG --log-tcp-options
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 SYN SEQ=100 ACK=2000 OPT=5,2,0,0}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.1.2 LEN=44 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=1 DPT=2 WINDOW=0 RES=0x00 SYN URGP=0 OPT (05020000)
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1 2 SYN SEQ=100 ACK=2000 OPT=5,2,0,0
+iptables -D FORWARD -j LOG --log-tcp-options
+
+# Test ICMP errors.
+iptables -A FORWARD -j LOG
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 20 1 8 0 1 2}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=2
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 20 1 8 0 1 2
+
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 20 1 0 0 1 2}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=1 SEQ=2
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 20 1 0 0 1 2
+
+# For some reason ipt_LOG doesn't print out inner packet on ICMP_PARAMETERPROB.
+expect gen_err send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+expect gen_err <4>IN=eth1 OUT=eth0 SRC=192.168.1.2 DST=192.168.0.2 LEN=56 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=ICMP TYPE=12 CODE=0 PARAMETER=0
+gen_err IF=eth1 192.168.1.2 12 0 192.168.0.2 192.168.1.2 0 1 8 0 55 57
+
+expect gen_err send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+expect gen_err <4>IN=eth1 OUT=eth0 SRC=192.168.1.2 DST=192.168.0.2 LEN=56 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.0.2 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=255 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=55 SEQ=57 ]
+gen_err IF=eth1 192.168.1.2 3 0 192.168.0.2 192.168.1.2 0 1 8 0 55 57
+
+expect gen_err send:eth0 {IPv4 192.168.1.2 192.168.0.2 *}
+expect gen_err <4>IN=eth1 OUT=eth0 SRC=192.168.1.2 DST=192.168.0.2 LEN=56 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=ICMP TYPE=3 CODE=4 [SRC=192.168.0.2 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=255 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=55 SEQ=57 ] MTU=0
+
+gen_err IF=eth1 192.168.1.2 3 4 192.168.0.2 192.168.1.2 0 1 8 0 55 57
+iptables -D FORWARD -j LOG
+
+# Test level settings (delete by name to check name -> number mapping)
+iptables -A FORWARD -j LOG --log-level 0
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <0>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+iptables -D FORWARD -j LOG --log-level emerg
+
+iptables -A FORWARD -j LOG --log-level 1
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <1>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+iptables -D FORWARD -j LOG --log-level alert
+
+iptables -A FORWARD -j LOG --log-level 2
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <2>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+iptables -D FORWARD -j LOG --log-level crit
+
+iptables -A FORWARD -j LOG --log-level 3
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <3>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+iptables -D FORWARD -j LOG --log-level err
+
+iptables -A FORWARD -j LOG --log-level 4
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <4>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+iptables -D FORWARD -j LOG --log-level warning
+
+iptables -A FORWARD -j LOG --log-level 5
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <5>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+iptables -D FORWARD -j LOG --log-level notice
+
+iptables -A FORWARD -j LOG --log-level 6
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <6>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+iptables -D FORWARD -j LOG --log-level info
+
+iptables -A FORWARD -j LOG --log-level 7
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <7>IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+iptables -D FORWARD -j LOG --log-level debug
+
+# Test prefix
+iptables -A FORWARD -j LOG --log-prefix Barthol:
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+expect gen_ip <4>Barthol:IN=eth0 OUT=eth1 SRC=192.168.0.3 DST=192.168.1.2 LEN=20 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=3
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+iptables -D FORWARD -j LOG --log-prefix Barthol:

More information about the netfilter-cvslog mailing list