[netfilter-cvslog] r3556 - in trunk: nfsim/core/ipv4 nfsim/tools
nfsim-testsuite/02conntrack nfsim-testsuite/03NAT
rusty at netfilter.org
rusty at netfilter.org
Mon Jan 3 04:45:16 CET 2005
Author: rusty at netfilter.org
Date: 2005-01-03 04:45:15 +0100 (Mon, 03 Jan 2005)
New Revision: 3556
Added:
trunk/nfsim-testsuite/02conntrack/12amanda.sim
trunk/nfsim-testsuite/03NAT/66amanda.sim
Modified:
trunk/nfsim/core/ipv4/ipv4.c
trunk/nfsim/tools/gen_ip.c
Log:
Fixup UDP packets with data.
Test AMANDA protocol conntrack and NAT.
Modified: trunk/nfsim/core/ipv4/ipv4.c
===================================================================
--- trunk/nfsim/core/ipv4/ipv4.c 2005-01-03 03:44:18 UTC (rev 3555)
+++ trunk/nfsim/core/ipv4/ipv4.c 2005-01-03 03:45:15 UTC (rev 3556)
@@ -874,6 +874,10 @@
udph->check);
goto out;
}
+
+ if (dump_flags && strstr(dump_flags, "data"))
+ ptr = print_data(ptr, (char *)(udph + 1),
+ iplen - sizeof(*udph));
break;
case IPPROTO_TCP:
Modified: trunk/nfsim/tools/gen_ip.c
===================================================================
--- trunk/nfsim/tools/gen_ip.c 2005-01-03 03:44:18 UTC (rev 3555)
+++ trunk/nfsim/tools/gen_ip.c 2005-01-03 03:45:15 UTC (rev 3556)
@@ -321,7 +321,7 @@
*dump_flags = talloc_asprintf_append(*dump_flags, "data");
data = (void *)&packet->u.udph + sizeof(packet->u.udph);
- for (arg = args+4; *arg; arg++) {
+ for (arg = args+3; *arg; arg++) {
data = copy_printable(data, *arg);
if (!data)
return -1;
Added: trunk/nfsim-testsuite/02conntrack/12amanda.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/12amanda.sim 2005-01-03 03:44:18 UTC (rev 3555)
+++ trunk/nfsim-testsuite/02conntrack/12amanda.sim 2005-01-03 03:45:15 UTC (rev 3556)
@@ -0,0 +1,54 @@
+# Track the AMANDA backup protocol. UDP port 10080.
+
+# Test just connection tracking.
+rmmod ip_nat_amanda
+
+# Data must in the reply from the server.
+expect gen_ip send:eth1 *
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 100 udp 1 10080
+
+# Three kinds: "DATA", "MESG" and "INDEX".
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 1 DATA CONNECT DATA 1024}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 17 udp 10080 1 DATA CONNECT DATA 1024
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=1024
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connection.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 1024
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession CLOSE original
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 1 DATA CONNECT MESG 1025}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 17 udp 10080 1 DATA CONNECT MESG 1025
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=1025
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connection.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 1025
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession CLOSE original
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 18 17 10080 1 DATA CONNECT INDEX 1026}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 18 udp 10080 1 DATA CONNECT INDEX 1026
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=1026
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connection.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 1026
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession CLOSE original
Added: trunk/nfsim-testsuite/03NAT/66amanda.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/66amanda.sim 2005-01-03 03:44:18 UTC (rev 3555)
+++ trunk/nfsim-testsuite/03NAT/66amanda.sim 2005-01-03 03:45:15 UTC (rev 3556)
@@ -0,0 +1,66 @@
+# Track the AMANDA backup protocol. UDP port 10080.
+
+# Destination NAT: server's reply is to be mangled.
+iptables -t nat -A PREROUTING -d 192.168.1.2 -j DNAT --to-dest 192.168.1.13
+
+# Data must in the reply from the server.
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.13 100 17 1 10080}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 100 udp 1 10080
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 1 DATA CONNECT DATA 1024}
+gen_ip IF=eth1 192.168.1.13 192.168.0.2 17 udp 10080 1 DATA CONNECT DATA 1024
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=1024
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connection.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 1024 192.168.1.13 192.168.0.2 1024 2
+tcpsession CLOSE reply
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+
+# Now, this time, try it with a port already taken (changes 1025 -> 1026)
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.13 100 17 2 10080}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 100 udp 2 10080
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 2 DATA CONNECT DATA 1025}
+gen_ip IF=eth1 192.168.1.13 192.168.0.2 17 udp 10080 2 DATA CONNECT DATA 1025
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 1 DATA CONNECT DATA 1026}
+gen_ip IF=eth1 192.168.1.13 192.168.0.2 17 udp 10080 1 DATA CONNECT DATA 1025
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=1026
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connections.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 1026 192.168.1.13 192.168.0.2 1025 2
+tcpsession CLOSE reply
+tcpsession OPEN 192.168.0.2 192.168.1.2 3 1025 192.168.1.13 192.168.0.2 1025 3
+tcpsession CLOSE reply
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+
+# Now try extending the packet.
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.13 100 17 3 10080}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 100 udp 3 10080
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 3 DATA CONNECT DATA 9999}
+gen_ip IF=eth1 192.168.1.13 192.168.0.2 17 udp 10080 3 DATA CONNECT DATA 9999
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 18 17 10080 1 DATA CONNECT DATA 10000}
+gen_ip IF=eth1 192.168.1.13 192.168.0.2 17 udp 10080 1 DATA CONNECT DATA 9999
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=10000
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connections.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 10000 192.168.1.13 192.168.0.2 9999 2
+tcpsession CLOSE reply
+tcpsession OPEN 192.168.0.2 192.168.1.2 3 9999 192.168.1.13 192.168.0.2 9999 3
+tcpsession CLOSE reply
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
More information about the netfilter-cvslog
mailing list