[netfilter-cvslog] r3556 - in trunk: nfsim/core/ipv4 nfsim/tools nfsim-testsuite/02conntrack nfsim-testsuite/03NAT

rusty at netfilter.org rusty at netfilter.org
Mon Jan 3 04:45:16 CET 2005 

Author: rusty at netfilter.org
Date: 2005-01-03 04:45:15 +0100 (Mon, 03 Jan 2005)
New Revision: 3556

Added:
   trunk/nfsim-testsuite/02conntrack/12amanda.sim
   trunk/nfsim-testsuite/03NAT/66amanda.sim
Modified:
   trunk/nfsim/core/ipv4/ipv4.c
   trunk/nfsim/tools/gen_ip.c
Log:
Fixup UDP packets with data.
Test AMANDA protocol conntrack and NAT.


Modified: trunk/nfsim/core/ipv4/ipv4.c
===================================================================
--- trunk/nfsim/core/ipv4/ipv4.c	2005-01-03 03:44:18 UTC (rev 3555)
+++ trunk/nfsim/core/ipv4/ipv4.c	2005-01-03 03:45:15 UTC (rev 3556)
@@ -874,6 +874,10 @@
 				       udph->check);
 			goto out;
 		}
+
+		if (dump_flags && strstr(dump_flags, "data"))
+			ptr = print_data(ptr, (char *)(udph + 1),
+					 iplen - sizeof(*udph));
 		break;
 
 	case IPPROTO_TCP:

Modified: trunk/nfsim/tools/gen_ip.c
===================================================================
--- trunk/nfsim/tools/gen_ip.c	2005-01-03 03:44:18 UTC (rev 3555)
+++ trunk/nfsim/tools/gen_ip.c	2005-01-03 03:45:15 UTC (rev 3556)
@@ -321,7 +321,7 @@
 
 		*dump_flags = talloc_asprintf_append(*dump_flags, "data");
 		data = (void *)&packet->u.udph + sizeof(packet->u.udph);
-		for (arg = args+4; *arg; arg++) {
+		for (arg = args+3; *arg; arg++) {
 			data = copy_printable(data, *arg);
 			if (!data)
 				return -1;

Added: trunk/nfsim-testsuite/02conntrack/12amanda.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/12amanda.sim	2005-01-03 03:44:18 UTC (rev 3555)
+++ trunk/nfsim-testsuite/02conntrack/12amanda.sim	2005-01-03 03:45:15 UTC (rev 3556)
@@ -0,0 +1,54 @@
+# Track the AMANDA backup protocol.  UDP port 10080.
+
+# Test just connection tracking.
+rmmod ip_nat_amanda
+
+# Data must in the reply from the server.
+expect gen_ip send:eth1 *
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 100 udp 1 10080
+
+# Three kinds: "DATA", "MESG" and "INDEX".
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 1 DATA CONNECT DATA 1024}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 17 udp 10080 1 DATA CONNECT DATA 1024
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=1024
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connection.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 1024
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession CLOSE original
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 1 DATA CONNECT MESG 1025}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 17 udp 10080 1 DATA CONNECT MESG 1025
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=1025
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connection.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 1025
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession CLOSE original
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 18 17 10080 1 DATA CONNECT INDEX 1026}
+gen_ip IF=eth1 192.168.1.2 192.168.0.2 18 udp 10080 1 DATA CONNECT INDEX 1026
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=1026
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connection.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 1026
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession CLOSE original

Added: trunk/nfsim-testsuite/03NAT/66amanda.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/66amanda.sim	2005-01-03 03:44:18 UTC (rev 3555)
+++ trunk/nfsim-testsuite/03NAT/66amanda.sim	2005-01-03 03:45:15 UTC (rev 3556)
@@ -0,0 +1,66 @@
+# Track the AMANDA backup protocol.  UDP port 10080.
+
+# Destination NAT: server's reply is to be mangled.
+iptables -t nat -A PREROUTING -d 192.168.1.2 -j DNAT --to-dest 192.168.1.13
+
+# Data must in the reply from the server.
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.13 100 17 1 10080}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 100 udp 1 10080
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 1 DATA CONNECT DATA 1024}
+gen_ip IF=eth1 192.168.1.13 192.168.0.2 17 udp 10080 1 DATA CONNECT DATA 1024
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=1024
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connection.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 1024 192.168.1.13 192.168.0.2 1024 2
+tcpsession CLOSE reply
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+
+# Now, this time, try it with a port already taken (changes 1025 -> 1026)
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.13 100 17 2 10080}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 100 udp 2 10080
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 2 DATA CONNECT DATA 1025}
+gen_ip IF=eth1 192.168.1.13 192.168.0.2 17 udp 10080 2 DATA CONNECT DATA 1025
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 1 DATA CONNECT DATA 1026}
+gen_ip IF=eth1 192.168.1.13 192.168.0.2 17 udp 10080 1 DATA CONNECT DATA 1025
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=1026
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connections.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 1026 192.168.1.13 192.168.0.2 1025 2
+tcpsession CLOSE reply
+tcpsession OPEN 192.168.0.2 192.168.1.2 3 1025 192.168.1.13 192.168.0.2 1025 3
+tcpsession CLOSE reply
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect
+
+# Now try extending the packet.
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.13 100 17 3 10080}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 100 udp 3 10080
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 17 17 10080 3 DATA CONNECT DATA 9999}
+gen_ip IF=eth1 192.168.1.13 192.168.0.2 17 udp 10080 3 DATA CONNECT DATA 9999
+
+expect gen_ip send:eth0 {IPv4 192.168.1.2 192.168.0.2 18 17 10080 1 DATA CONNECT DATA 10000}
+gen_ip IF=eth1 192.168.1.13 192.168.0.2 17 udp 10080 1 DATA CONNECT DATA 9999
+
+expect proc *proto=6 src=192.168.0.2 dst=192.168.1.2 sport=0 dport=10000
+proc cat /proc/net/ip_conntrack_expect
+
+# Send the expected connections.
+iptables -A FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+tcpsession OPEN 192.168.0.2 192.168.1.2 2 10000 192.168.1.13 192.168.0.2 9999 2
+tcpsession CLOSE reply
+tcpsession OPEN 192.168.0.2 192.168.1.2 3 9999 192.168.1.13 192.168.0.2 9999 3
+tcpsession CLOSE reply
+iptables -D FORWARD -m state ! --state RELATED,ESTABLISHED -j DROP
+
+expect ! proc *
+proc cat /proc/net/ip_conntrack_expect

More information about the netfilter-cvslog mailing list