[netfilter-cvslog] r3543 - trunk/nfsim-testsuite/01iptables
rusty at netfilter.org
rusty at netfilter.org
Sun Jan 2 10:27:56 CET 2005
Author: rusty at netfilter.org
Date: 2005-01-02 10:27:55 +0100 (Sun, 02 Jan 2005)
New Revision: 3543
Added:
trunk/nfsim-testsuite/01iptables/41TCPMSS.sim
Log:
Test for ipt_TCPMSS
Added: trunk/nfsim-testsuite/01iptables/41TCPMSS.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/41TCPMSS.sim 2005-01-02 09:26:33 UTC (rev 3542)
+++ trunk/nfsim-testsuite/01iptables/41TCPMSS.sim 2005-01-02 09:27:55 UTC (rev 3543)
@@ -0,0 +1,76 @@
+# Test for TCPMSS target.
+
+# Needs to have argument
+expect iptables iptables * At least one parameter is required
+expect iptables iptables: command failed
+iptables -A FORWARD -p tcp --syn -j TCPMSS
+
+# Need to have --syn
+strace
+expect iptables setsockopt -> -EINVAL
+expect iptables iptables: command failed
+iptables -A FORWARD -j TCPMSS --clamp-mss-to-pmtu
+
+expect iptables setsockopt -> -EINVAL
+expect iptables iptables: command failed
+iptables -A FORWARD -j TCPMSS -p tcp --clamp-mss-to-pmtu
+
+expect iptables setsockopt -> -EINVAL
+expect iptables iptables: command failed
+iptables -A FORWARD -j TCPMSS -p tcp --tcp-flags SYN NONE --clamp-mss-to-pmtu
+strace off
+
+# This succeeds, now test.
+iptables -A FORWARD -j TCPMSS -p tcp --syn --clamp-mss-to-pmtu
+
+# Should add MSS option, value = 1500 - 40 = 5,180
+expect gen_ip send:eth1 *
+expect gen_ip hook:NF_IP_FORWARD * {IPv4 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,5,180}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 2 1 SYN
+
+# Should not modify smaller MSS option.
+expect gen_ip send:eth1 *
+expect gen_ip hook:NF_IP_FORWARD * {IPv4 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,5,179}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,5,179
+
+# Should trim larger MSS option.
+expect gen_ip send:eth1 *
+expect gen_ip hook:NF_IP_FORWARD * {IPv4 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,5,180}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,5,181
+
+# Should not disturb other options.
+expect gen_ip send:eth1 *
+expect gen_ip hook:NF_IP_FORWARD * {IPv4 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,5,180,4,2,1,1}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,5,181,4,2,1,1
+
+expect gen_ip send:eth1 *
+expect gen_ip hook:NF_IP_FORWARD * {IPv4 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=4,2,1,1,2,4,5,180,4,2,1,1}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=4,2,1,1,2,4,5,181,4,2,1,1
+iptables -D FORWARD -j TCPMSS -p tcp --syn --clamp-mss-to-pmtu
+
+# Explicitly set MSS this time.
+iptables -A FORWARD -j TCPMSS -p tcp --syn --set-mss 512
+
+# Should add MSS option, value = 1500 - 40 = 5,180
+expect gen_ip send:eth1 *
+expect gen_ip hook:NF_IP_FORWARD * {IPv4 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,2,0}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 2 1 SYN
+
+# Should modify MSS, whether larger or smaller.
+expect gen_ip send:eth1 *
+expect gen_ip hook:NF_IP_FORWARD * {IPv4 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,2,0}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,1,255
+expect gen_ip send:eth1 *
+expect gen_ip hook:NF_IP_FORWARD * {IPv4 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,2,0}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,2,1
+
+# Should not disturb other options.
+expect gen_ip send:eth1 *
+expect gen_ip hook:NF_IP_FORWARD * {IPv4 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,2,0,4,2,1,1}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=2,4,5,181,4,2,1,1
+
+expect gen_ip send:eth1 *
+expect gen_ip hook:NF_IP_FORWARD * {IPv4 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=4,2,1,1,2,4,2,0,4,2,1,1}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 2 1 SYN OPT=4,2,1,1,2,4,5,181,4,2,1,1
+iptables -D FORWARD -j TCPMSS -p tcp --syn --set-mss 512
+
More information about the netfilter-cvslog
mailing list