summaryrefslogtreecommitdiffstats
path: root/qa
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-04-16 14:54:24 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-04-16 14:54:24 +0000
commit953bcf62fbd110f63c946905f9642d17b63c50cf (patch)
tree7ac481d0e730acdad4a7e919ebc59d482053d2fe /qa
parentebb9a1aa3813d71b99d7508c88b9cbf525e15b4a (diff)
o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki)
o recover the ID support o show display counters to stderr o enable filtering by status and ID
Diffstat (limited to 'qa')
-rw-r--r--qa/test-conntrack.c18
-rw-r--r--qa/testsuite/00create4
-rw-r--r--qa/testsuite/01delete8
-rw-r--r--qa/testsuite/02filter20
4 files changed, 44 insertions, 6 deletions
diff --git a/qa/test-conntrack.c b/qa/test-conntrack.c
index c58aa8d..c9097b6 100644
--- a/qa/test-conntrack.c
+++ b/qa/test-conntrack.c
@@ -21,7 +21,7 @@
int main()
{
- int ret, ok = 0, bad = 0;
+ int ret, ok = 0, bad = 0, line;
FILE *fp;
DIR *d;
char buf[1024];
@@ -34,6 +34,8 @@ int main()
sprintf(file, "testsuite/%s", dent->d_name);
+ line = 0;
+
fp = fopen(file, "r");
if (fp == NULL) {
perror("cannot find testsuite file");
@@ -44,15 +46,22 @@ int main()
char tmp[1024] = CT_PROG, *res;
tmp[strlen(CT_PROG)] = ' ';
+ line++;
+
if (buf[0] == '#' || buf[0] == ' ')
continue;
res = strchr(buf, ';');
+ if (!res) {
+ printf("malformed file %s at line %d\n",
+ dent->d_name, line);
+ exit(EXIT_FAILURE);
+ }
*res = '\0';
res+=2;
strcpy(tmp + strlen(CT_PROG) + 1, buf);
- printf("Executing: %s\n", tmp);
+ printf("(%d) Executing: %s\n", line, tmp);
ret = system(tmp);
@@ -75,10 +84,11 @@ int main()
printf("^----- BAD\n");
}
}
+ printf("=====\n");
}
+ fclose(fp);
}
+ closedir(d);
fprintf(stdout, "OK: %d BAD: %d\n", ok, bad);
-
- fclose(fp);
}
diff --git a/qa/testsuite/00create b/qa/testsuite/00create
index 7af7d37..40e2c19 100644
--- a/qa/testsuite/00create
+++ b/qa/testsuite/00create
@@ -12,5 +12,9 @@
-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
# create again
-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+# delete
+-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
# create from reply
-I -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# delete reverse
+-D -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK
diff --git a/qa/testsuite/01delete b/qa/testsuite/01delete
index dd3ca8b..3c38ac5 100644
--- a/qa/testsuite/01delete
+++ b/qa/testsuite/01delete
@@ -1,2 +1,6 @@
-# delete
--D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
+# create dummy
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# delete bad source
+-D -s 2.2.2.2 -p tcp --sport 10 --dport 20 ; BAD
+# delete by source
+-D -s 1.1.1.1 ; OK
diff --git a/qa/testsuite/02filter b/qa/testsuite/02filter
new file mode 100644
index 0000000..1ae9abd
--- /dev/null
+++ b/qa/testsuite/02filter
@@ -0,0 +1,20 @@
+# create dummy
+conntrack -I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# filter by source
+conntrack -L -s 1.1.1.1 ; OK
+# filter by destination
+conntrack -L -d 2.2.2.2 ; OK
+# filter by protocol
+conntrack -L -p tcp ; OK
+# filter by status
+conntrack -L -u SEEN_REPLY ; OK
+# filter by TCP protocol state
+conntrack -L -p tcp --state LISTEN ; OK
+# update mark of dummy conntrack
+conntrack -U -s 1.1.1.1 -m 1 ; OK
+# filter by mark
+conntrack -L -m 1 ; OK
+# filter by layer 3 protocol
+conntrack -L -f ipv4 ; OK
+# delete dummy
+conntrack -D -d 2.2.2.2 ; OK