[netfilter-cvslog] r3583 - trunk/nfsim-testsuite/03NAT

rusty at netfilter.org rusty at netfilter.org
Sun Jan 9 14:42:33 CET 2005


Author: rusty at netfilter.org
Date: 2005-01-09 14:42:32 +0100 (Sun, 09 Jan 2005)
New Revision: 3583

Added:
   trunk/nfsim-testsuite/03NAT/04icmp-correct-source.sim
   trunk/nfsim-testsuite/03NAT/04icmp.sim
Log:
Add thorough ICMP NAT testing.


Added: trunk/nfsim-testsuite/03NAT/04icmp-correct-source.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/04icmp-correct-source.sim	2005-01-09 12:59:33 UTC (rev 3582)
+++ trunk/nfsim-testsuite/03NAT/04icmp-correct-source.sim	2005-01-09 13:42:32 UTC (rev 3583)
@@ -0,0 +1,57 @@
+# ICMP errors, including locally-generated errors on half-NATted packets.
+# Needs remove-nat-manips.patch
+# XFAIL:linux:*
+
+# Source manip only
+iptables -t nat -A POSTROUTING -p udp -o eth1 -j SNAT --to-source 192.168.1.3:3
+
+# Straight through, then error.
+expect gen_ip send:eth1 {IPv4 192.168.1.3 192.168.1.2 0 17 3 2}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+
+expect gen_err send:eth0 {IPv4 192.168.1.5 192.168.0.2 28 1 3 0 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_err IF=eth1 192.168.1.5 3 0 192.168.1.3 192.168.1.2 0 17 3 2
+
+# Error at forward hook (existing connection).
+iptables -A FORWARD -j REJECT
+expect gen_ip send:eth0 {IPv4 192.168.0.1 192.168.0.2 28 1 3 3 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+iptables -D FORWARD -j REJECT
+iptables -t nat -D POSTROUTING -p udp -o eth1 -j SNAT --to-source 192.168.1.3:3
+
+# Destination manip only.
+time +infinity
+iptables -t nat -A PREROUTING -p udp -i eth0 -j DNAT --to-dest 192.168.1.3:3
+
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.3 0 17 1 3}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+
+expect gen_err send:eth0 {IPv4 192.168.1.5 192.168.0.2 28 1 3 0 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_err IF=eth1 192.168.1.5 3 0 192.168.0.2 192.168.1.3 0 17 1 3
+
+# Error at forward hook (existing connection).
+iptables -A FORWARD -j REJECT
+expect gen_ip send:eth0 {IPv4 192.168.0.1 192.168.0.2 28 1 3 3 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+iptables -D FORWARD -j REJECT
+iptables -t nat -D PREROUTING -p udp -i eth0 -j DNAT --to-dest 192.168.1.3:3
+
+## Both source and destination manips
+time +infinity
+iptables -t nat -A POSTROUTING -p udp -o eth1 -j SNAT --to-source 192.168.0.3:3
+iptables -t nat -A PREROUTING -p udp -i eth0 -j DNAT --to-dest 192.168.1.4:4
+
+# Straight through, then error.
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.4 0 17 3 4}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+
+expect gen_err send:eth0 {IPv4 192.168.1.5 192.168.0.2 28 1 3 0 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_err IF=eth1 192.168.1.5 3 0 192.168.0.3 192.168.1.4 0 17 3 4
+
+# Error at forward hook (existing connection).
+iptables -A FORWARD -j REJECT
+expect gen_ip send:eth0 {IPv4 192.168.0.1 192.168.0.2 28 1 3 3 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+iptables -D FORWARD -j REJECT
+iptables -t nat -D POSTROUTING -p udp -o eth1 -j SNAT --to-source 192.168.0.3:3
+iptables -t nat -D PREROUTING -p udp -i eth0 -j DNAT --to-dest 192.168.1.4:4

Added: trunk/nfsim-testsuite/03NAT/04icmp.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/04icmp.sim	2005-01-09 12:59:33 UTC (rev 3582)
+++ trunk/nfsim-testsuite/03NAT/04icmp.sim	2005-01-09 13:42:32 UTC (rev 3583)
@@ -0,0 +1,57 @@
+# ICMP errors, including locally-generated errors on half-NATted packets.
+
+# Source manip only
+iptables -t nat -A POSTROUTING -p udp -o eth1 -j SNAT --to-source 192.168.1.3:3
+
+# Straight through, then error.
+expect gen_ip send:eth1 {IPv4 192.168.1.3 192.168.1.2 0 17 3 2}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+
+expect gen_err send:eth0 {IPv4 192.168.1.5 192.168.0.2 28 1 3 0 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_err IF=eth1 192.168.1.5 3 0 192.168.1.3 192.168.1.2 0 17 3 2
+
+# Error at forward hook (existing connection).
+iptables -A FORWARD -j REJECT
+expect gen_ip send:eth0 {IPv4 192.168.0.1 192.168.0.2 28 1 3 3 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+iptables -D FORWARD -j REJECT
+iptables -t nat -D POSTROUTING -p udp -o eth1 -j SNAT --to-source 192.168.1.3:3
+
+# Destination manip only.
+time +infinity
+iptables -t nat -A PREROUTING -p udp -i eth0 -j DNAT --to-dest 192.168.1.3:3
+
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.3 0 17 1 3}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+
+expect gen_err send:eth0 {IPv4 192.168.1.2 192.168.0.2 28 1 3 0 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_err IF=eth1 192.168.1.3 3 0 192.168.0.2 192.168.1.3 0 17 1 3
+
+# Error at forward hook (existing connection).
+iptables -A FORWARD -j REJECT
+# FIXME: should come from 192.168.0.1, but old NAT maps to 192.168.1.2
+expect gen_ip send:eth0 {IPv4 * 192.168.0.2 28 1 3 3 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+iptables -D FORWARD -j REJECT
+iptables -t nat -D PREROUTING -p udp -i eth0 -j DNAT --to-dest 192.168.1.3:3
+
+## Both source and destination manips
+time +infinity
+iptables -t nat -A POSTROUTING -p udp -o eth1 -j SNAT --to-source 192.168.0.3:3
+iptables -t nat -A PREROUTING -p udp -i eth0 -j DNAT --to-dest 192.168.1.4:4
+
+# Straight through, then error.
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.4 0 17 3 4}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+
+expect gen_err send:eth0 {IPv4 192.168.1.2 192.168.0.2 28 1 3 0 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_err IF=eth1 192.168.1.2 3 0 192.168.0.3 192.168.1.4 0 17 3 4
+
+# Error at forward hook (existing connection).
+iptables -A FORWARD -j REJECT
+# FIXME: should come from 192.168.0.1, but old nat maps to 1.2.
+expect gen_ip send:eth0 {IPv4 * 192.168.0.2 28 1 3 3 CONTAINS 192.168.0.2 192.168.1.2 0 17 1 2}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1 2
+iptables -D FORWARD -j REJECT
+iptables -t nat -D POSTROUTING -p udp -o eth1 -j SNAT --to-source 192.168.0.3:3
+iptables -t nat -D PREROUTING -p udp -i eth0 -j DNAT --to-dest 192.168.1.4:4




More information about the netfilter-cvslog mailing list