[netfilter-cvslog] r3546 - in trunk: nfsim/core/ipv4 nfsim/tools nfsim-testsuite/01iptables

Sun Jan 2 12:28:07 CET 2005

Author: rusty at netfilter.org
Date: 2005-01-02 12:28:07 +0100 (Sun, 02 Jan 2005)
New Revision: 3546

Added:
   trunk/nfsim-testsuite/01iptables/43ECN.sim
Modified:
   trunk/nfsim/core/ipv4/ipv4.c
   trunk/nfsim/tools/gen_ip.c
Log:
ECN target tests.


Modified: trunk/nfsim/core/ipv4/ipv4.c
===================================================================

--- trunk/nfsim/core/ipv4/ipv4.c	2005-01-02 10:09:01 UTC (rev 3545)
+++ trunk/nfsim/core/ipv4/ipv4.c	2005-01-02 11:28:07 UTC (rev 3546)
@@ -797,6 +797,8 @@
 	if (dump_flags && strstr(dump_flags, "dscp"))
 		ptr += sprintf(ptr, "DSCP=0x%x ",
 			       (iph->tos >> IPT_DSCP_SHIFT));
+	if (dump_flags && strstr(dump_flags, "ect"))
+		ptr += sprintf(ptr, "ECT=0x%x ", (iph->tos & 3));
 	ptr += sprintf(ptr, "%u.%u.%u.%u %u.%u.%u.%u ",
 		       NIPQUAD(iph->saddr),
 		       NIPQUAD(iph->daddr));

Modified: trunk/nfsim/tools/gen_ip.c
===================================================================
--- trunk/nfsim/tools/gen_ip.c	2005-01-02 10:09:01 UTC (rev 3545)
+++ trunk/nfsim/tools/gen_ip.c	2005-01-02 11:28:07 UTC (rev 3546)
@@ -766,6 +766,19 @@
 		argv++;
 	}
 
+	if (argc > 5 && strncmp(argv[1], "ECT=", 4) == 0) {
+		int ect;
+		if ((ect = string_to_number(argv[1]+4, 0, 3))==-1) {
+			nfsim_log(LOG_UI, "`%s' not >=0, <= %i", argv[1]+5, 3);
+			return false;
+		}
+
+		tos |= ect;
+		*dump_flags = talloc_asprintf_append(*dump_flags, "ect");
+		argc--;
+		argv++;
+	}
+
 	if (argc > 5 && strncmp(argv[1], "TTL=", 4) == 0) {
 		ttl = atoi(argv[1]+4);
 

Added: trunk/nfsim-testsuite/01iptables/43ECN.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/43ECN.sim	2005-01-02 10:09:01 UTC (rev 3545)
+++ trunk/nfsim-testsuite/01iptables/43ECN.sim	2005-01-02 11:28:07 UTC (rev 3546)
@@ -0,0 +1,161 @@
+# Test the ECN target
+# Prior to 2.6.11, they got the -p ! tcp case wrong, and corrupts TCP checksums.
+# XFAIL:linux:2.6.[0-9]
+# XFAIL:linux:2.6.10
+
+# Can only be in the mangle table.
+strace
+expect iptables setsockopt -> -EINVAL
+expect iptables iptables: command failed
+iptables -A FORWARD -j ECN --ecn-tcp-remove
+
+expect iptables setsockopt -> -EINVAL
+expect iptables iptables: command failed
+iptables -t nat -A POSTROUTING -j ECN --ecn-tcp-remove
+
+# Need protocol tcp
+expect iptables setsockopt -> -EINVAL
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -j ECN --ecn-tcp-remove
+expect iptables setsockopt -> -EINVAL
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -p udp -j ECN --ecn-tcp-remove
+expect iptables setsockopt -> -EINVAL
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -p ! tcp -j ECN --ecn-tcp-remove
+strace off
+
+# Each can only be used once.
+expect iptables *ECN target:*
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -p tcp -j ECN
+expect iptables *ECN target:*
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-remove --ecn-tcp-remove
+expect iptables *ECN target:*
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-cwr 1 --ecn-tcp-cwr 0
+expect iptables *ECN target:*
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-ece 1 --ecn-tcp-ece 0
+expect iptables *ECN target:*
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-ip-ect 1 --ecn-ip-ect 0
+expect iptables *ECN target:*
+expect iptables iptables: command failed
+
+# Range check for --ecn-ip-ect <0-3>
+expect iptables *ECN target:*
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-ip-ect 4
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-ip-ect 3
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-ip-ect 3
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-ip-ect 2
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-ip-ect 2
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-ip-ect 1
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-ip-ect 1
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-ip-ect 0
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-ip-ect 0
+
+# Range check for --ecn-tcp-cwr <0-1>
+expect iptables *ECN target:*
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-cwr 2
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-cwr 0
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-tcp-cwr 0
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-cwr 1
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-tcp-cwr 1
+
+# Range check for --ecn-tcp-ece <0-1>
+expect iptables *ECN target:*
+expect iptables iptables: command failed
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-ece 2
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-ece 0
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-tcp-ece 0
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-ece 1
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-tcp-ece 1
+
+# All combined is fine
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-ece 0 --ecn-tcp-cwr 0 --ecn-ip-ect 0
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-tcp-ece 0 --ecn-tcp-cwr 0 --ecn-ip-ect 0
+
+# Test --ecn-tcp-remove 
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-remove
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 6 2 1 SYN/ECE
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-tcp-remove
+
+# Test --ecn-tcp-cwr
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-cwr 0
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 6 2 1 SYN/CWR
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-tcp-cwr 0
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-cwr 1
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 2 1 SYN/CWR}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 2 1 SYN/CWR}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 6 2 1 SYN/CWR
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-tcp-cwr 1
+
+# Test --ecn-tcp-ece
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-ece 0
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 6 2 1 SYN/ECE
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-tcp-ece 0
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-tcp-ece 1
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 2 1 SYN/ECE}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 2 1 SYN/ECE}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 6 2 1 SYN/ECE
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-tcp-ece 1
+
+# Test --ecn-ip-ect
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-ip-ect 0
+expect gen_ip send:eth1 {IPv4 ECT=0x0 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=0 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x0 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=1 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x0 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=2 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x0 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=3 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-ip-ect 0
+
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-ip-ect 1
+expect gen_ip send:eth1 {IPv4 ECT=0x1 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=0 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x1 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=1 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x1 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=2 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x1 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=3 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-ip-ect 1
+
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-ip-ect 2
+expect gen_ip send:eth1 {IPv4 ECT=0x2 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=0 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x2 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=1 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x2 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=2 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x2 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=3 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-ip-ect 2
+
+iptables -t mangle -A POSTROUTING -p tcp -j ECN --ecn-ip-ect 3
+expect gen_ip send:eth1 {IPv4 ECT=0x3 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=0 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x3 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=1 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x3 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=2 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+expect gen_ip send:eth1 {IPv4 ECT=0x3 192.168.0.3 192.168.1.2 0 6 2 1 SYN}
+gen_ip IF=eth0 ECT=3 192.168.0.3 192.168.1.2 0 6 2 1 SYN
+iptables -t mangle -D POSTROUTING -p tcp -j ECN --ecn-ip-ect 3


