[testsuite] ipt_mac testcase
Samuel Jean
sj-netfilter at cookinglinux.org
Sat Dec 18 00:15:22 CET 2004
Hi Rusty,
Like the subject suggests, here's the ipt_mac testcase.
This is your third christmas gift. Please, don't try to find out how much
I paid for... 8)~
As of revision 3436:
* attached a tiny patch removing bad entry into expected-failures.
* the other one is about 01iptables/27ipt_iprange-bad-addr.sim
iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --src-range
1.1.1.1-2.2.2.2
iptables -A INPUT -m iprange --dst-range 0.0.0.0-1.1.1.1 --dst-range
1.1.1.1-2.2.2.2
Above rules should fail. Added expects...
Let me know if I missed something.
Cheers,
--peejix
-------------- next part --------------
# Straight rule (expecting: success)
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A
iptables -D INPUT -m mac --mac-source 00:50:BA:56:CB:3A
# Inverted rule (expecting: success)
iptables -I INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A
iptables -D INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A
iptables -I INPUT -m mac --mac-source ! 00:50:BA:56:CB:3A
iptables -D INPUT -m mac --mac-source ! 00:50:BA:56:CB:3A
# Inverted twice (expecting: failure)
expect iptables iptables: command failed
iptables -I INPUT -m mac ! --mac-source ! 00:50:BA:56:CB:3A
# Bad MAC address (expecting: failure)
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A:
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A:00
-------------- next part --------------
# Straight rule
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A -j DROP
# source MAC matches
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:50:BA:56:CB:3A 192.168.0.2 192.168.0.1 0 6 1 2 SYN
# source MAC doesn't
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:A0:C9:5A:94:EF 192.168.0.2 192.168.0.1 0 6 1 2 SYN
iptables -D INPUT -m mac --mac-source 00:50:BA:56:CB:3A -j DROP
# Inverted rule
iptables -I INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A -j DROP
# source MAC matches
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:50:BA:56:CB:3A 192.168.0.2 192.168.0.1 0 6 1 2 SYN
# source MAC doesn't
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:A0:C9:5A:94:EF 192.168.0.2 192.168.0.1 0 6 1 2 SYN
iptables -D INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A -j DROP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: expected-failures-remove_entry.patch
Type: text/x-patch
Size: 315 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20041217/1b5bf05c/expected-failures-remove_entry.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 27ipt_iprange-bad-addr.patch
Type: text/x-patch
Size: 1158 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20041217/1b5bf05c/27ipt_iprange-bad-addr.bin
More information about the netfilter-devel
mailing list