[netfilter-cvslog] r3294 - trunk/nfsim-testsuite/02conntrack
rusty at netfilter.org
rusty at netfilter.org
Sun Nov 21 09:58:07 CET 2004
Author: rusty at netfilter.org
Date: 2004-11-21 09:58:07 +0100 (Sun, 21 Nov 2004)
New Revision: 3294
Modified:
trunk/nfsim-testsuite/02conntrack/03tcp.sim
Log:
Beef up TCP checks
Modified: trunk/nfsim-testsuite/02conntrack/03tcp.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/03tcp.sim 2004-11-21 08:57:05 UTC (rev 3293)
+++ trunk/nfsim-testsuite/02conntrack/03tcp.sim 2004-11-21 08:58:07 UTC (rev 3294)
@@ -1,20 +1,42 @@
# establish forwarded tcp session
-gen_ip IF=eth1 192.168.1.2 192.168.0.2 50 tcp 1025 80 SYN
+# Kill packets which are invalid.
+iptables -A FORWARD -m state --state INVALID -j DROP
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 0 6 1025 80 SYN SEQ=100}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 0 6 1025 80 SYN SEQ=100
-gen_ip IF=eth0 192.168.0.2 192.168.1.2 50 tcp 80 1025 SYN/ACK
-gen_ip IF=eth1 192.168.1.2 192.168.0.2 50 tcp 1025 80 ACK
+expect proc tcp 6 120 SYN_SENT src=192.168.1.2 dst=192.168.0.2 sport=1025 dport=80 [UNREPLIED] src=192.168.0.2 dst=192.168.1.2 sport=80 dport=1025 use=1
+proc cat /proc/net/ip_conntrack
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 80 1025 SYN/ACK SEQ=200 ACK=101}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 tcp 80 1025 SYN/ACK SEQ=200 ACK=101
+
+expect proc tcp 6 60 SYN_RECV src=192.168.1.2 dst=192.168.0.2 sport=1025 dport=80 src=192.168.0.2 dst=192.168.1.2 sport=80 dport=1025 use=1
+proc cat /proc/net/ip_conntrack
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 0 6 1025 80 ACK SEQ=101 ACK=201}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 0 tcp 1025 80 ACK SEQ=101 ACK=201
+
+expect proc tcp 6 432000 ESTABLISHED src=192.168.1.2 dst=192.168.0.2 sport=1025 dport=80 src=192.168.0.2 dst=192.168.1.2 sport=80 dport=1025 [ASSURED] use=1
+proc cat /proc/net/ip_conntrack
+
# exchange data
-gen_ip IF=eth1 192.168.1.2 192.168.0.2 50 tcp 1025 80 NONE
-gen_ip IF=eth0 192.168.0.2 192.168.1.2 50 tcp 80 1025 ACK
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 1 6 1025 80 ACK SEQ=101 ACK=201}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 1 6 1025 80 ACK SEQ=101 ACK=201
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 80 1025 ACK SEQ=201 ACK=102}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 80 1025 ACK SEQ=201 ACK=102
# other direction
-gen_ip IF=eth0 192.168.0.2 192.168.1.2 50 tcp 80 1025 NONE
-gen_ip IF=eth1 192.168.1.2 192.168.0.2 50 tcp 1025 80 ACK
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 1 6 80 1025 ACK SEQ=201 ACK=102}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 1 6 80 1025 ACK SEQ=201 ACK=102
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 0 6 1025 80 ACK SEQ=102 ACK=202}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 0 6 1025 80 ACK SEQ=102 ACK=202
-# close
-gen_ip IF=eth1 192.168.1.2 192.168.0.2 50 tcp 1025 80 FIN
-gen_ip IF=eth0 192.168.0.2 192.168.1.2 50 tcp 80 1025 FIN/ACK
-gen_ip IF=eth1 192.168.1.2 192.168.0.2 50 tcp 1025 80 ACK
+# Close
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 0 6 1025 80 FIN/ACK SEQ=102 ACK=202}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 0 6 1025 80 FIN/ACK SEQ=102 ACK=202
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 80 1025 FIN/ACK SEQ=202 ACK=103}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 80 1025 FIN/ACK SEQ=202 ACK=103
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 0 6 1025 80 ACK SEQ=103 ACK=203}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 0 6 1025 80 ACK SEQ=103 ACK=203
More information about the netfilter-cvslog
mailing list