From 0e1ce4f491e2134d6207f55c4a5f52e157a54707 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 26 May 2012 17:43:49 +0200 Subject: move qa directory to tests/conntrack/ All automated testing for the conntrack-tools will now reside under the test directory. Signed-off-by: Pablo Neira Ayuso --- qa/test-conntrack.c | 94 -------------------------------------- qa/testsuite/00create | 20 -------- qa/testsuite/01delete | 6 --- qa/testsuite/02filter | 23 ---------- qa/testsuite/03nat | 40 ---------------- qa/testsuite/04zone | 8 ---- qa/testsuite/05mark | 27 ----------- qa/testsuite/06update | 8 ---- tests/conntrack/test-conntrack.c | 94 ++++++++++++++++++++++++++++++++++++++ tests/conntrack/testsuite/00create | 20 ++++++++ tests/conntrack/testsuite/01delete | 6 +++ tests/conntrack/testsuite/02filter | 23 ++++++++++ tests/conntrack/testsuite/03nat | 40 ++++++++++++++++ tests/conntrack/testsuite/04zone | 8 ++++ tests/conntrack/testsuite/05mark | 27 +++++++++++ tests/conntrack/testsuite/06update | 8 ++++ 16 files changed, 226 insertions(+), 226 deletions(-) delete mode 100644 qa/test-conntrack.c delete mode 100644 qa/testsuite/00create delete mode 100644 qa/testsuite/01delete delete mode 100644 qa/testsuite/02filter delete mode 100644 qa/testsuite/03nat delete mode 100644 qa/testsuite/04zone delete mode 100644 qa/testsuite/05mark delete mode 100644 qa/testsuite/06update create mode 100644 tests/conntrack/test-conntrack.c create mode 100644 tests/conntrack/testsuite/00create create mode 100644 tests/conntrack/testsuite/01delete create mode 100644 tests/conntrack/testsuite/02filter create mode 100644 tests/conntrack/testsuite/03nat create mode 100644 tests/conntrack/testsuite/04zone create mode 100644 tests/conntrack/testsuite/05mark create mode 100644 tests/conntrack/testsuite/06update diff --git a/qa/test-conntrack.c b/qa/test-conntrack.c deleted file mode 100644 index c9097b6..0000000 --- a/qa/test-conntrack.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Very simple test-tool for the command line tool `conntrack'. - * This code is released under GPLv2 or any later at your option. - * - * gcc test-conntrack.c -o test - * - * Do not forget that you need *root* or CAP_NET_ADMIN capabilities ;-) - * - * (c) 2008 Pablo Neira Ayuso - */ - -#include -#include -#include -#include -#include -#include -#include - -#define CT_PROG "/usr/sbin/conntrack" - -int main() -{ - int ret, ok = 0, bad = 0, line; - FILE *fp; - DIR *d; - char buf[1024]; - struct dirent *dent; - char file[1024]; - - d = opendir("testsuite"); - - while ((dent = readdir(d)) != NULL) { - - sprintf(file, "testsuite/%s", dent->d_name); - - line = 0; - - fp = fopen(file, "r"); - if (fp == NULL) { - perror("cannot find testsuite file"); - exit(EXIT_FAILURE); - } - - while (fgets(buf, sizeof(buf), fp)) { - char tmp[1024] = CT_PROG, *res; - tmp[strlen(CT_PROG)] = ' '; - - line++; - - if (buf[0] == '#' || buf[0] == ' ') - continue; - - res = strchr(buf, ';'); - if (!res) { - printf("malformed file %s at line %d\n", - dent->d_name, line); - exit(EXIT_FAILURE); - } - *res = '\0'; - res+=2; - - strcpy(tmp + strlen(CT_PROG) + 1, buf); - printf("(%d) Executing: %s\n", line, tmp); - - ret = system(tmp); - - if (WIFEXITED(ret) && - WEXITSTATUS(ret) == EXIT_SUCCESS) { - if (res[0] == 'O' && - res[1] == 'K') - ok++; - else { - bad++; - printf("^----- BAD\n"); - } - } else { - if (res[0] == 'B' && - res[1] == 'A' && - res[2] == 'D') - ok++; - else { - bad++; - printf("^----- BAD\n"); - } - } - printf("=====\n"); - } - fclose(fp); - } - closedir(d); - - fprintf(stdout, "OK: %d BAD: %d\n", ok, bad); -} diff --git a/qa/testsuite/00create b/qa/testsuite/00create deleted file mode 100644 index 40e2c19..0000000 --- a/qa/testsuite/00create +++ /dev/null @@ -1,20 +0,0 @@ -#missing destination --I -s 1.1.1.1 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD -#missing source --I -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD -#missing protocol --I -s 1.1.1.1 -d 2.2.2.2 --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD -#missing source port --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD -#missing timeout --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY ; BAD -# create a conntrack --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK -# create again --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD -# delete --D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK -# create from reply --I -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 --state LISTEN -u SEEN_REPLY -t 50 ; OK -# delete reverse --D -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK diff --git a/qa/testsuite/01delete b/qa/testsuite/01delete deleted file mode 100644 index 3c38ac5..0000000 --- a/qa/testsuite/01delete +++ /dev/null @@ -1,6 +0,0 @@ -# create dummy --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK -# delete bad source --D -s 2.2.2.2 -p tcp --sport 10 --dport 20 ; BAD -# delete by source --D -s 1.1.1.1 ; OK diff --git a/qa/testsuite/02filter b/qa/testsuite/02filter deleted file mode 100644 index 204c4e8..0000000 --- a/qa/testsuite/02filter +++ /dev/null @@ -1,23 +0,0 @@ -# create dummy -conntrack -I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK -# filter by source -conntrack -L -s 1.1.1.1 ; OK -# filter by destination -conntrack -L -d 2.2.2.2 ; OK -# filter by protocol -conntrack -L -p tcp ; OK -# filter by status -conntrack -L -u SEEN_REPLY ; OK -# filter by TCP protocol state -conntrack -L -p tcp --state LISTEN ; OK -# update mark of dummy conntrack -conntrack -U -s 1.1.1.1 -m 1 ; OK -# filter by mark -conntrack -L -m 1 ; OK -# filter by layer 3 protocol -conntrack -L -f ipv4 ; OK -# filter by mark -conntrack -L --mark 0 ; OK -conntrack -L --mark 0/0xffffffff; OK -# delete dummy -conntrack -D -d 2.2.2.2 ; OK diff --git a/qa/testsuite/03nat b/qa/testsuite/03nat deleted file mode 100644 index f94e8ff..0000000 --- a/qa/testsuite/03nat +++ /dev/null @@ -1,40 +0,0 @@ -# create dummy --I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK -# show --L --dst-nat ; OK -# show --L --dst-nat 3.3.3.3 ; OK -# show --L --src-nat ; OK -# delete --D -s 1.1.1.1 ; OK -# create dummy again --I -s 1.1.1.1 -d 2.2.2.2 --src-nat 3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK -# show --L --src-nat ; OK -# show --L --src-nat 3.3.3.3 ; OK -# show --L --dst-nat ; OK -# show any-nat --L --any-nat ; OK -# delete --D -s 1.1.1.1 ; OK -# bad combination --L --dst-nat --any-nat ; BAD -# bad combination --L --src-nat --any-nat ; BAD -# bad combination --L --src-nat --dst-nat --any-nat ; BAD -# create --I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 3.3.3.3:80 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK -# show --L --dst-nat 3.3.3.3:80 ; OK -# show --L --any-nat 3.3.3.3:80 ; OK -# show --L --dst-nat 3.3.3.3:81 ; OK -# show --L --dst-nat 1.1.1.1:80 ; OK -# delete --D -s 1.1.1.1 ; OK diff --git a/qa/testsuite/04zone b/qa/testsuite/04zone deleted file mode 100644 index 4ff3d34..0000000 --- a/qa/testsuite/04zone +++ /dev/null @@ -1,8 +0,0 @@ -# create dummy --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --zone 1; OK -# display dummy --L --zone 1; OK -# display dummy --L --zone 0; OK -# delete dummy --D --zone 1; OK diff --git a/qa/testsuite/05mark b/qa/testsuite/05mark deleted file mode 100644 index 4d99dea..0000000 --- a/qa/testsuite/05mark +++ /dev/null @@ -1,27 +0,0 @@ -# create with a mark --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 42 ; OK -# find it again using mark --L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; OK --L --mark 42; OK -# ct already exists --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 42/0xffffffff ; BAD -# delete by mark --D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0xffffffff ; OK -# try again after del --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 417889/0xffffffff ; OK -# delete by mark --D --mark 417889 ; OK --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 0xffffffff ; OK -# zap top 16. --U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 0/0xffff0000 ; OK --L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 0x0000ffff ; OK --U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0xffff ; OK --L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0x0000ffff ; OK --L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/42 ; OK --L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/2 ; OK --L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/3 ; OK -# OK, but no flow entries should be shown here: --L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/0xf ; OK -# BAD, because no updates done (mark is already 42). --U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; BAD --D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; OK diff --git a/qa/testsuite/06update b/qa/testsuite/06update deleted file mode 100644 index 0408303..0000000 --- a/qa/testsuite/06update +++ /dev/null @@ -1,8 +0,0 @@ -# create dummy flow --I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state SYN_RECV -u SEEN_REPLY,ASSURED -t 50 ; OK -# find it again using mark --L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK -# set fixed timeout --U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 -u FIXED_TIMEOUT; OK -# delete it --D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20; OK diff --git a/tests/conntrack/test-conntrack.c b/tests/conntrack/test-conntrack.c new file mode 100644 index 0000000..c9097b6 --- /dev/null +++ b/tests/conntrack/test-conntrack.c @@ -0,0 +1,94 @@ +/* + * Very simple test-tool for the command line tool `conntrack'. + * This code is released under GPLv2 or any later at your option. + * + * gcc test-conntrack.c -o test + * + * Do not forget that you need *root* or CAP_NET_ADMIN capabilities ;-) + * + * (c) 2008 Pablo Neira Ayuso + */ + +#include +#include +#include +#include +#include +#include +#include + +#define CT_PROG "/usr/sbin/conntrack" + +int main() +{ + int ret, ok = 0, bad = 0, line; + FILE *fp; + DIR *d; + char buf[1024]; + struct dirent *dent; + char file[1024]; + + d = opendir("testsuite"); + + while ((dent = readdir(d)) != NULL) { + + sprintf(file, "testsuite/%s", dent->d_name); + + line = 0; + + fp = fopen(file, "r"); + if (fp == NULL) { + perror("cannot find testsuite file"); + exit(EXIT_FAILURE); + } + + while (fgets(buf, sizeof(buf), fp)) { + char tmp[1024] = CT_PROG, *res; + tmp[strlen(CT_PROG)] = ' '; + + line++; + + if (buf[0] == '#' || buf[0] == ' ') + continue; + + res = strchr(buf, ';'); + if (!res) { + printf("malformed file %s at line %d\n", + dent->d_name, line); + exit(EXIT_FAILURE); + } + *res = '\0'; + res+=2; + + strcpy(tmp + strlen(CT_PROG) + 1, buf); + printf("(%d) Executing: %s\n", line, tmp); + + ret = system(tmp); + + if (WIFEXITED(ret) && + WEXITSTATUS(ret) == EXIT_SUCCESS) { + if (res[0] == 'O' && + res[1] == 'K') + ok++; + else { + bad++; + printf("^----- BAD\n"); + } + } else { + if (res[0] == 'B' && + res[1] == 'A' && + res[2] == 'D') + ok++; + else { + bad++; + printf("^----- BAD\n"); + } + } + printf("=====\n"); + } + fclose(fp); + } + closedir(d); + + fprintf(stdout, "OK: %d BAD: %d\n", ok, bad); +} diff --git a/tests/conntrack/testsuite/00create b/tests/conntrack/testsuite/00create new file mode 100644 index 0000000..40e2c19 --- /dev/null +++ b/tests/conntrack/testsuite/00create @@ -0,0 +1,20 @@ +#missing destination +-I -s 1.1.1.1 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD +#missing source +-I -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD +#missing protocol +-I -s 1.1.1.1 -d 2.2.2.2 --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD +#missing source port +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD +#missing timeout +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY ; BAD +# create a conntrack +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK +# create again +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD +# delete +-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK +# create from reply +-I -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 --state LISTEN -u SEEN_REPLY -t 50 ; OK +# delete reverse +-D -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK diff --git a/tests/conntrack/testsuite/01delete b/tests/conntrack/testsuite/01delete new file mode 100644 index 0000000..3c38ac5 --- /dev/null +++ b/tests/conntrack/testsuite/01delete @@ -0,0 +1,6 @@ +# create dummy +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK +# delete bad source +-D -s 2.2.2.2 -p tcp --sport 10 --dport 20 ; BAD +# delete by source +-D -s 1.1.1.1 ; OK diff --git a/tests/conntrack/testsuite/02filter b/tests/conntrack/testsuite/02filter new file mode 100644 index 0000000..204c4e8 --- /dev/null +++ b/tests/conntrack/testsuite/02filter @@ -0,0 +1,23 @@ +# create dummy +conntrack -I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK +# filter by source +conntrack -L -s 1.1.1.1 ; OK +# filter by destination +conntrack -L -d 2.2.2.2 ; OK +# filter by protocol +conntrack -L -p tcp ; OK +# filter by status +conntrack -L -u SEEN_REPLY ; OK +# filter by TCP protocol state +conntrack -L -p tcp --state LISTEN ; OK +# update mark of dummy conntrack +conntrack -U -s 1.1.1.1 -m 1 ; OK +# filter by mark +conntrack -L -m 1 ; OK +# filter by layer 3 protocol +conntrack -L -f ipv4 ; OK +# filter by mark +conntrack -L --mark 0 ; OK +conntrack -L --mark 0/0xffffffff; OK +# delete dummy +conntrack -D -d 2.2.2.2 ; OK diff --git a/tests/conntrack/testsuite/03nat b/tests/conntrack/testsuite/03nat new file mode 100644 index 0000000..f94e8ff --- /dev/null +++ b/tests/conntrack/testsuite/03nat @@ -0,0 +1,40 @@ +# create dummy +-I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK +# show +-L --dst-nat ; OK +# show +-L --dst-nat 3.3.3.3 ; OK +# show +-L --src-nat ; OK +# delete +-D -s 1.1.1.1 ; OK +# create dummy again +-I -s 1.1.1.1 -d 2.2.2.2 --src-nat 3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK +# show +-L --src-nat ; OK +# show +-L --src-nat 3.3.3.3 ; OK +# show +-L --dst-nat ; OK +# show any-nat +-L --any-nat ; OK +# delete +-D -s 1.1.1.1 ; OK +# bad combination +-L --dst-nat --any-nat ; BAD +# bad combination +-L --src-nat --any-nat ; BAD +# bad combination +-L --src-nat --dst-nat --any-nat ; BAD +# create +-I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 3.3.3.3:80 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK +# show +-L --dst-nat 3.3.3.3:80 ; OK +# show +-L --any-nat 3.3.3.3:80 ; OK +# show +-L --dst-nat 3.3.3.3:81 ; OK +# show +-L --dst-nat 1.1.1.1:80 ; OK +# delete +-D -s 1.1.1.1 ; OK diff --git a/tests/conntrack/testsuite/04zone b/tests/conntrack/testsuite/04zone new file mode 100644 index 0000000..4ff3d34 --- /dev/null +++ b/tests/conntrack/testsuite/04zone @@ -0,0 +1,8 @@ +# create dummy +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --zone 1; OK +# display dummy +-L --zone 1; OK +# display dummy +-L --zone 0; OK +# delete dummy +-D --zone 1; OK diff --git a/tests/conntrack/testsuite/05mark b/tests/conntrack/testsuite/05mark new file mode 100644 index 0000000..4d99dea --- /dev/null +++ b/tests/conntrack/testsuite/05mark @@ -0,0 +1,27 @@ +# create with a mark +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 42 ; OK +# find it again using mark +-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; OK +-L --mark 42; OK +# ct already exists +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 42/0xffffffff ; BAD +# delete by mark +-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0xffffffff ; OK +# try again after del +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 417889/0xffffffff ; OK +# delete by mark +-D --mark 417889 ; OK +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 0xffffffff ; OK +# zap top 16. +-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 0/0xffff0000 ; OK +-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 0x0000ffff ; OK +-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0xffff ; OK +-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0x0000ffff ; OK +-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/42 ; OK +-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/2 ; OK +-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/3 ; OK +# OK, but no flow entries should be shown here: +-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/0xf ; OK +# BAD, because no updates done (mark is already 42). +-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; BAD +-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; OK diff --git a/tests/conntrack/testsuite/06update b/tests/conntrack/testsuite/06update new file mode 100644 index 0000000..0408303 --- /dev/null +++ b/tests/conntrack/testsuite/06update @@ -0,0 +1,8 @@ +# create dummy flow +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state SYN_RECV -u SEEN_REPLY,ASSURED -t 50 ; OK +# find it again using mark +-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK +# set fixed timeout +-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 -u FIXED_TIMEOUT; OK +# delete it +-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20; OK -- cgit v1.2.3