[netfilter-cvslog] r3456 - in trunk/nfsim-testsuite: . 01iptables

gandalf at netfilter.org gandalf at netfilter.org
Sun Dec 19 20:52:47 CET 2004 

Author: gandalf at netfilter.org
Date: 2004-12-19 20:52:46 +0100 (Sun, 19 Dec 2004)
New Revision: 3456

Modified:
   trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim
   trunk/nfsim-testsuite/things-to-test
Log:
Test ttl not equal
Switch to mangle table to avoid surprises with states...


Modified: trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim	2004-12-19 19:27:31 UTC (rev 3455)
+++ trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim	2004-12-19 19:52:46 UTC (rev 3456)
@@ -1,17 +1,28 @@
 # Test for match function.
 # These should get NF_DROP verdict.
-expect gen_ip hook:NF_IP_PRE_ROUTING iptable_nat NF_DROP *
+expect gen_ip hook:NF_IP_PRE_ROUTING iptable_mangle NF_DROP *
 
-iptables -t nat -I PREROUTING -m ttl --ttl-eq 50 -j DROP
+iptables -t mangle -I PREROUTING -m ttl --ttl-eq 50 -j DROP
 gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
 
-iptables -t nat -I PREROUTING -m ttl --ttl-gt 51 -j DROP
+iptables -t mangle -I PREROUTING -m ttl --ttl-gt 51 -j DROP
 gen_ip IF=eth0 TTL=55 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
 
-iptables -t nat -I PREROUTING -m ttl --ttl-lt 50 -j DROP
+iptables -t mangle -I PREROUTING -m ttl --ttl-lt 50 -j DROP
 gen_ip IF=eth0 TTL=49 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
 
 # This packet with TTL=51 should be NF_ACCEPT'ed
-expect gen_ip hook:NF_IP_PRE_ROUTING iptable_nat NF_ACCEPT *
+expect gen_ip hook:NF_IP_PRE_ROUTING iptable_mangle NF_ACCEPT *
 gen_ip IF=eth0 TTL=51 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
 
+iptables -t mangle -F
+
+# Test inverted equals, --ttl-ne doesn't exist.
+# ttl 50 should be accepted
+iptables -t mangle -I PREROUTING -m ttl ! --ttl-eq 50 -j DROP
+gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+
+# But ttl 51 should be dropped
+expect gen_ip hook:NF_IP_PRE_ROUTING iptable_mangle NF_DROP *
+gen_ip IF=eth0 TTL=55 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+

Modified: trunk/nfsim-testsuite/things-to-test
===================================================================
--- trunk/nfsim-testsuite/things-to-test	2004-12-19 19:27:31 UTC (rev 3455)
+++ trunk/nfsim-testsuite/things-to-test	2004-12-19 19:52:46 UTC (rev 3456)
@@ -96,11 +96,6 @@
 test state UNTRACKED
 
 
-ipt_ttl.c
----------
-test ttl not equal
-
-
 ip_conntrack_amanda.c
 ip_conntrack_irc.c
 ip_nat_irc.c

More information about the netfilter-cvslog mailing list