summaryrefslogtreecommitdiffstats
path: root/tests/conntrack/testsuite
diff options
context:
space:
mode:
Diffstat (limited to 'tests/conntrack/testsuite')
-rw-r--r--tests/conntrack/testsuite/00create20
-rw-r--r--tests/conntrack/testsuite/01delete6
-rw-r--r--tests/conntrack/testsuite/02filter23
-rw-r--r--tests/conntrack/testsuite/03nat40
-rw-r--r--tests/conntrack/testsuite/04zone8
-rw-r--r--tests/conntrack/testsuite/05mark27
-rw-r--r--tests/conntrack/testsuite/06update8
7 files changed, 132 insertions, 0 deletions
diff --git a/tests/conntrack/testsuite/00create b/tests/conntrack/testsuite/00create
new file mode 100644
index 0000000..40e2c19
--- /dev/null
+++ b/tests/conntrack/testsuite/00create
@@ -0,0 +1,20 @@
+#missing destination
+-I -s 1.1.1.1 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+#missing source
+-I -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+#missing protocol
+-I -s 1.1.1.1 -d 2.2.2.2 --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+#missing source port
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+#missing timeout
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY ; BAD
+# create a conntrack
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# create again
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+# delete
+-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
+# create from reply
+-I -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# delete reverse
+-D -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK
diff --git a/tests/conntrack/testsuite/01delete b/tests/conntrack/testsuite/01delete
new file mode 100644
index 0000000..3c38ac5
--- /dev/null
+++ b/tests/conntrack/testsuite/01delete
@@ -0,0 +1,6 @@
+# create dummy
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# delete bad source
+-D -s 2.2.2.2 -p tcp --sport 10 --dport 20 ; BAD
+# delete by source
+-D -s 1.1.1.1 ; OK
diff --git a/tests/conntrack/testsuite/02filter b/tests/conntrack/testsuite/02filter
new file mode 100644
index 0000000..204c4e8
--- /dev/null
+++ b/tests/conntrack/testsuite/02filter
@@ -0,0 +1,23 @@
+# create dummy
+conntrack -I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# filter by source
+conntrack -L -s 1.1.1.1 ; OK
+# filter by destination
+conntrack -L -d 2.2.2.2 ; OK
+# filter by protocol
+conntrack -L -p tcp ; OK
+# filter by status
+conntrack -L -u SEEN_REPLY ; OK
+# filter by TCP protocol state
+conntrack -L -p tcp --state LISTEN ; OK
+# update mark of dummy conntrack
+conntrack -U -s 1.1.1.1 -m 1 ; OK
+# filter by mark
+conntrack -L -m 1 ; OK
+# filter by layer 3 protocol
+conntrack -L -f ipv4 ; OK
+# filter by mark
+conntrack -L --mark 0 ; OK
+conntrack -L --mark 0/0xffffffff; OK
+# delete dummy
+conntrack -D -d 2.2.2.2 ; OK
diff --git a/tests/conntrack/testsuite/03nat b/tests/conntrack/testsuite/03nat
new file mode 100644
index 0000000..f94e8ff
--- /dev/null
+++ b/tests/conntrack/testsuite/03nat
@@ -0,0 +1,40 @@
+# create dummy
+-I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# show
+-L --dst-nat ; OK
+# show
+-L --dst-nat 3.3.3.3 ; OK
+# show
+-L --src-nat ; OK
+# delete
+-D -s 1.1.1.1 ; OK
+# create dummy again
+-I -s 1.1.1.1 -d 2.2.2.2 --src-nat 3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# show
+-L --src-nat ; OK
+# show
+-L --src-nat 3.3.3.3 ; OK
+# show
+-L --dst-nat ; OK
+# show any-nat
+-L --any-nat ; OK
+# delete
+-D -s 1.1.1.1 ; OK
+# bad combination
+-L --dst-nat --any-nat ; BAD
+# bad combination
+-L --src-nat --any-nat ; BAD
+# bad combination
+-L --src-nat --dst-nat --any-nat ; BAD
+# create
+-I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 3.3.3.3:80 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# show
+-L --dst-nat 3.3.3.3:80 ; OK
+# show
+-L --any-nat 3.3.3.3:80 ; OK
+# show
+-L --dst-nat 3.3.3.3:81 ; OK
+# show
+-L --dst-nat 1.1.1.1:80 ; OK
+# delete
+-D -s 1.1.1.1 ; OK
diff --git a/tests/conntrack/testsuite/04zone b/tests/conntrack/testsuite/04zone
new file mode 100644
index 0000000..4ff3d34
--- /dev/null
+++ b/tests/conntrack/testsuite/04zone
@@ -0,0 +1,8 @@
+# create dummy
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --zone 1; OK
+# display dummy
+-L --zone 1; OK
+# display dummy
+-L --zone 0; OK
+# delete dummy
+-D --zone 1; OK
diff --git a/tests/conntrack/testsuite/05mark b/tests/conntrack/testsuite/05mark
new file mode 100644
index 0000000..4d99dea
--- /dev/null
+++ b/tests/conntrack/testsuite/05mark
@@ -0,0 +1,27 @@
+# create with a mark
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 42 ; OK
+# find it again using mark
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; OK
+-L --mark 42; OK
+# ct already exists
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 42/0xffffffff ; BAD
+# delete by mark
+-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0xffffffff ; OK
+# try again after del
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 417889/0xffffffff ; OK
+# delete by mark
+-D --mark 417889 ; OK
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 0xffffffff ; OK
+# zap top 16.
+-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 0/0xffff0000 ; OK
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 0x0000ffff ; OK
+-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0xffff ; OK
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0x0000ffff ; OK
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/42 ; OK
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/2 ; OK
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/3 ; OK
+# OK, but no flow entries should be shown here:
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/0xf ; OK
+# BAD, because no updates done (mark is already 42).
+-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; BAD
+-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; OK
diff --git a/tests/conntrack/testsuite/06update b/tests/conntrack/testsuite/06update
new file mode 100644
index 0000000..0408303
--- /dev/null
+++ b/tests/conntrack/testsuite/06update
@@ -0,0 +1,8 @@
+# create dummy flow
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state SYN_RECV -u SEEN_REPLY,ASSURED -t 50 ; OK
+# find it again using mark
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
+# set fixed timeout
+-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 -u FIXED_TIMEOUT; OK
+# delete it
+-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20; OK