[netfilter-cvslog] r3539 - in trunk/nfsim-testsuite: 01iptables 02conntrack

rusty at netfilter.org rusty at netfilter.org
Sat Jan 1 09:32:49 CET 2005 

Author: rusty at netfilter.org
Date: 2005-01-01 09:32:48 +0100 (Sat, 01 Jan 2005)
New Revision: 3539

Modified:
   trunk/nfsim-testsuite/01iptables/01icmp.sim
   trunk/nfsim-testsuite/02conntrack/02timeout.sim
Log:
02timeout.sim ignored failures.  Check fragments in icmp matching

Modified: trunk/nfsim-testsuite/01iptables/01icmp.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/01icmp.sim	2005-01-01 08:30:22 UTC (rev 3538)
+++ trunk/nfsim-testsuite/01iptables/01icmp.sim	2005-01-01 08:32:48 UTC (rev 3539)
@@ -55,6 +55,11 @@
 gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 1 2 1
 iptables -D FORWARD -p icmp --icmp-type ! 2/2 -j DROP
 
+# Fragments can never be examined, even if data would look like match.
+iptables -A FORWARD -p icmp --icmp-type 0 -j DROP
+expect gen_ip send:eth1 {IPv4 FRAG=8 192.168.0.3 192.168.1.2}
+gen_ip IF=eth0 FRAG=8,8 192.168.0.3 192.168.1.2 0 1 0 0 0 0
+
 # Check the type and code mnemonics: match by deleting rule.
 iptables -A FORWARD -p icmp --icmp-type echo-reply
 iptables -D FORWARD -p icmp --icmp-type 0

Modified: trunk/nfsim-testsuite/02conntrack/02timeout.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/02timeout.sim	2005-01-01 08:30:22 UTC (rev 3538)
+++ trunk/nfsim-testsuite/02conntrack/02timeout.sim	2005-01-01 08:32:48 UTC (rev 3539)
@@ -1,7 +1,11 @@
 # ICMP, TCP, UDP and UNKNOWN packets to local interface, new connection
+expect gen_ip send:LOCAL *
 gen_ip IF=eth0 192.168.0.2 192.168.0.1 50 udp 1 2
+expect gen_ip send:LOCAL *
 gen_ip IF=eth0 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
+expect gen_ip send:LOCAL *
 gen_ip IF=eth0 192.168.0.2 192.168.0.1 50 icmp 8 2 100 200
+expect gen_ip send:LOCAL *
 gen_ip IF=eth0 192.168.0.2 192.168.0.1 50 59
 
 expect proc udp      17 30 src=192.168.0.2 dst=192.168.0.1 sport=1 dport=2 *[UNREPLIED] src=192.168.0.1 dst=192.168.0.2 sport=2 dport=1 *use=1

More information about the netfilter-cvslog mailing list