[netfilter-cvslog] r3458 - trunk/nfsim-testsuite/01iptables
gandalf at netfilter.org
gandalf at netfilter.org
Sun Dec 19 21:39:40 CET 2004
Author: gandalf at netfilter.org
Date: 2004-12-19 21:39:40 +0100 (Sun, 19 Dec 2004)
New Revision: 3458
Modified:
trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim
Log:
Samuel Jean: rewritten tests, just like they should be
Modified: trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim 2004-12-19 20:01:45 UTC (rev 3457)
+++ trunk/nfsim-testsuite/01iptables/25ipt_ttl.sim 2004-12-19 20:39:40 UTC (rev 3458)
@@ -1,31 +1,55 @@
-# Test for match function.
-# These should get NF_DROP verdict.
+# TTL is equal to 50 ?
-iptables -t mangle -I PREROUTING -m ttl --ttl-eq 50 -j DROP
-expect gen_ip hook:NF_IP_PRE_ROUTING iptable_mangle NF_DROP *
-gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+iptables -I INPUT -m ttl --ttl-eq 50 -j DROP
-iptables -t mangle -I PREROUTING -m ttl --ttl-gt 51 -j DROP
-expect gen_ip hook:NF_IP_PRE_ROUTING iptable_mangle NF_DROP *
-gen_ip IF=eth0 TTL=55 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT *
+gen_ip IF=eth0 TTL=49 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP *
+gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT *
+gen_ip IF=eth0 TTL=51 192.168.0.2 192.168.0.1 0 6 1 2 SYN
-iptables -t mangle -I PREROUTING -m ttl --ttl-lt 50 -j DROP
-expect gen_ip hook:NF_IP_PRE_ROUTING iptable_mangle NF_DROP *
-gen_ip IF=eth0 TTL=49 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+iptables -D INPUT -m ttl --ttl-eq 50 -j DROP
-# This packet with TTL=51 should be NF_ACCEPT'ed
-expect gen_ip hook:NF_IP_PRE_ROUTING iptable_mangle NF_ACCEPT *
-gen_ip IF=eth0 TTL=51 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
-iptables -t mangle -F
+# TTL is not equal to 50 ?
-# Test inverted equals, --ttl-ne doesn't exist.
-# ttl 50 should be accepted
-iptables -t mangle -I PREROUTING -m ttl ! --ttl-eq 50 -j DROP
-expect gen_ip hook:NF_IP_PRE_ROUTING iptable_mangle NF_ACCEPT *
-gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+iptables -I INPUT -m ttl ! --ttl-eq 50 -j DROP
-# But ttl 51 should be dropped
-expect gen_ip hook:NF_IP_PRE_ROUTING iptable_mangle NF_DROP *
-gen_ip IF=eth0 TTL=55 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP *
+gen_ip IF=eth0 TTL=49 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT *
+gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP *
+gen_ip IF=eth0 TTL=51 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+iptables -D INPUT -m ttl ! --ttl-eq 50 -j DROP
+
+
+# TTL is greater than 50 ?
+iptables -I INPUT -m ttl --ttl-gt 50 -j DROP
+
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT *
+gen_ip IF=eth0 TTL=49 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT *
+gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP *
+gen_ip IF=eth0 TTL=51 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+
+iptables -D INPUT -m ttl --ttl-gt 50 -j DROP
+
+
+# TTL is less than 50 ?
+iptables -I INPUT -m ttl --ttl-lt 50 -j DROP
+
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP *
+gen_ip IF=eth0 TTL=49 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT *
+gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT *
+gen_ip IF=eth0 TTL=51 192.168.0.2 192.168.0.1 0 6 1 2 SYN
+
+iptables -D INPUT -m ttl --ttl-lt 50 -j DROP
+
+
+
More information about the netfilter-cvslog
mailing list