From 953bcf62fbd110f63c946905f9642d17b63c50cf Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org"
 </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Date: Wed, 16 Apr 2008 14:54:24 +0000
Subject: o fix NAT filtering via --src-nat and --dst-nat (reported by
 K.Oledzki) o recover the ID support o show display counters to stderr o
 enable filtering by status and ID

---
 qa/test-conntrack.c   | 18 ++++++++++++++----
 qa/testsuite/00create |  4 ++++
 qa/testsuite/01delete |  8 ++++++--
 qa/testsuite/02filter | 20 ++++++++++++++++++++
 4 files changed, 44 insertions(+), 6 deletions(-)
 create mode 100644 qa/testsuite/02filter

(limited to 'qa')

diff --git a/qa/test-conntrack.c b/qa/test-conntrack.c
index c58aa8d..c9097b6 100644
--- a/qa/test-conntrack.c
+++ b/qa/test-conntrack.c
@@ -21,7 +21,7 @@
 
 int main()
 {
-	int ret, ok = 0, bad = 0;
+	int ret, ok = 0, bad = 0, line;
 	FILE *fp;
 	DIR *d;
 	char buf[1024];
@@ -34,6 +34,8 @@ int main()
 
 		sprintf(file, "testsuite/%s", dent->d_name);
 
+		line = 0;
+
 		fp = fopen(file, "r");
 		if (fp == NULL) {
 			perror("cannot find testsuite file");
@@ -44,15 +46,22 @@ int main()
 			char tmp[1024] = CT_PROG, *res;
 			tmp[strlen(CT_PROG)] = ' ';
 
+			line++;
+
 			if (buf[0] == '#' || buf[0] == ' ')
 				continue;
 
 			res = strchr(buf, ';');
+			if (!res) {
+				printf("malformed file %s at line %d\n", 
+					dent->d_name, line);
+				exit(EXIT_FAILURE);
+			}
 			*res = '\0';
 			res+=2;
 
 			strcpy(tmp + strlen(CT_PROG) + 1, buf);
-			printf("Executing: %s\n", tmp);
+			printf("(%d) Executing: %s\n", line, tmp);
 
 			ret = system(tmp);
 
@@ -75,10 +84,11 @@ int main()
 					printf("^----- BAD\n");
 				}
 			}
+			printf("=====\n");
 		}
+		fclose(fp);
 	}
+	closedir(d);
 
 	fprintf(stdout, "OK: %d BAD: %d\n", ok, bad);
-
-	fclose(fp);
 }
diff --git a/qa/testsuite/00create b/qa/testsuite/00create
index 7af7d37..40e2c19 100644
--- a/qa/testsuite/00create
+++ b/qa/testsuite/00create
@@ -12,5 +12,9 @@
 -I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
 # create again
 -I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+# delete
+-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
 # create from reply
 -I -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# delete reverse
+-D -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK
diff --git a/qa/testsuite/01delete b/qa/testsuite/01delete
index dd3ca8b..3c38ac5 100644
--- a/qa/testsuite/01delete
+++ b/qa/testsuite/01delete
@@ -1,2 +1,6 @@
-# delete
--D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
+# create dummy
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# delete bad source
+-D -s 2.2.2.2 -p tcp --sport 10 --dport 20 ; BAD
+# delete by source
+-D -s 1.1.1.1 ; OK
diff --git a/qa/testsuite/02filter b/qa/testsuite/02filter
new file mode 100644
index 0000000..1ae9abd
--- /dev/null
+++ b/qa/testsuite/02filter
@@ -0,0 +1,20 @@
+# create dummy
+conntrack -I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# filter by source
+conntrack -L -s 1.1.1.1 ; OK
+# filter by destination
+conntrack -L -d 2.2.2.2 ; OK
+# filter by protocol
+conntrack -L -p tcp ; OK
+# filter by status
+conntrack -L -u SEEN_REPLY ; OK
+# filter by TCP protocol state
+conntrack -L -p tcp --state LISTEN ; OK
+# update mark of dummy conntrack
+conntrack -U -s 1.1.1.1 -m 1 ; OK
+# filter by mark
+conntrack -L -m 1 ; OK
+# filter by layer 3 protocol
+conntrack -L -f ipv4 ; OK
+# delete dummy
+conntrack -D -d 2.2.2.2 ; OK
-- 
cgit v1.2.3