From 9ab85762233756f1e828f7c4c6007d25ac26f494 Mon Sep 17 00:00:00 2001
From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter
 Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org"
 </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>
Date: Tue, 12 Jul 2005 23:24:06 +0000
Subject: o Use conntrack netlink attributes: Major change o Kill action
 setting: Mask based dumping

---
 test.sh | 77 +++++++++++++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 58 insertions(+), 19 deletions(-)

(limited to 'test.sh')

diff --git a/test.sh b/test.sh
index 5999a8f..08c840f 100644
--- a/test.sh
+++ b/test.sh
@@ -2,27 +2,17 @@ CONNTRACK=conntrack
 
 SRC=1.1.1.1
 DST=2.2.2.2
-SPORT=1980
-DPORT=2005
+SPORT=2005
+DPORT=21
 
 case $1 in
 	dump)
-		# Setting dump mask
-		echo "dump mask set to TUPLE"
-		$CONNTRACK -A -m TUPLE
+		echo "Dumping conntrack table"
 		$CONNTRACK -L
-		echo "Press any key to continue..."
-		read
-		echo "dump mask set to TUPLE,COUNTERS"
-		$CONNTRACK -A -m TUPLE,COUNTERS
-		$CONNTRACK -L
-		echo "Press any key to continue..."
-		read
-		echo "dump mask set to ALL"
-		$CONNTRACK -A -m ALL
-		$CONNTRACK -L
-		echo "Press any key to continue..."
-		read
+		;;
+	flush)
+		echo "Flushing conntrack table"
+		$CONNTRACK -F
 		;;
 	new)
 		echo "creating a new conntrack"
@@ -32,6 +22,18 @@ case $1 in
 		 --reply-port-src $DPORT --reply-port-dst $SPORT \
 		--state LISTEN -u SEEN_REPLY -t 50
 		;;
+	new-simple)
+		echo "creating a new conntrack (simplified)"
+		$CONNTRACK -I --orig-src $SRC --orig-dst $DST \
+		-p tcp --orig-port-src $SPORT  --orig-port-dst $DPORT \
+		--state LISTEN -u SEEN_REPLY -t 50
+		;;
+	new-nat)
+		echo "creating a new conntrack (NAT)"
+		$CONNTRACK -I --orig-src $SRC --orig-dst $DST \
+		-p tcp --orig-port-src $SPORT  --orig-port-dst $DPORT \
+		--state LISTEN -u SEEN_REPLY,SRC_NAT -t 50 -a 8.8.8.8
+		;;
 	get)
 		echo "getting a conntrack"
 		$CONNTRACK -G --orig-src $SRC --orig-dst $DST \
@@ -40,7 +42,7 @@ case $1 in
 		;;
 	change)
 		echo "change a conntrack"
-		$CONNTRACK -I --orig-src $SRC --orig-dst $DST \
+		$CONNTRACK -U --orig-src $SRC --orig-dst $DST \
 		--reply-src $DST --reply-dst $SRC -p tcp \
 		--orig-port-src $SPORT --orig-port-dst $DPORT \
 		--reply-port-src $DPORT --reply-port-dst $SPORT \
@@ -64,7 +66,44 @@ case $1 in
 			fi
 		fi
 		;;
+	dump-expect)
+		$CONNTRACK -L expect
+		;;
+	flush-expect)
+		$CONNTRACK -F expect
+		;;
+	create-expect)
+		# requires modprobe ip_conntrack_ftp
+		$CONNTRACK -I expect --orig-src $SRC --orig-dst $DST \
+		--exp-src 4.4.4.4 --exp-dst 5.5.5.5 \
+		--mask-src 255.255.255.0 --mask-dst 255.255.255.255 \
+		-p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \
+		-t 200 --mask-port-src 10 --mask-port-dst 300
+		;;
+	get-expect)
+		$CONNTRACK -G expect --orig-src 4.4.4.4 --orig-dst 5.5.5.5 \
+		--p tcp --orig-port-src 0 --orig-port-dst 0 \
+		--mask-port-src 10 --mask-port-dst 11
+		;;
+	delete-expect)
+		$CONNTRACK -D expect --orig-src 4.4.4.4 \
+		--orig-dst 5.5.5.5 -p tcp --orig-port-src 0 \
+		--orig-port-dst 0 --mask-port-src 10 --mask-port-dst 11
+		;;
 	*)
-		echo "Usage: $0 [dump|new|change|delete|output]"
+		echo "Usage: $0 [dump"
+		echo "		|new"
+		echo "		|new-simple"
+		echo "		|new-nat"
+		echo "		|get"
+		echo "		|change"
+		echo "		|delete"
+		echo "		|output"
+		echo "		|flush"
+		echo "		|dump-expect"
+		echo "		|flush-expect"
+		echo "		|create-expect"
+		echo "		|get-expect"
+		echo "		|delete-expect]"
 		;;
 esac
-- 
cgit v1.2.3