From d894e26211f38db37015850afab6b7331edeecdb Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org" Date: Sun, 1 May 2005 23:19:42 +0000 Subject: o Created changelog file o Deleted libctnetlink.h and libnfnetlink.h from the include/ dir. o Added support for version (-V) and help (-h) o Added event mask based support o Added GPLv2 headers o Use fprintf instead of printf o Defined print_tuple and print_proto output interfaces o ctnl_[get|del]_conntrack handles return value from kernel via msgerr o Added support for conntrack table flushing o Added test case file (test.sh) o Improve dump output o Autoconf stuff for conntrack + some pablo's modifications. o Fixed packet counters formatting (use %llu instead of %lu) --- test.sh | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 test.sh (limited to 'test.sh') diff --git a/test.sh b/test.sh new file mode 100644 index 0000000..dd67a83 --- /dev/null +++ b/test.sh @@ -0,0 +1,67 @@ +CONNTRACK=conntrack + +SRC=1.1.1.1 +DST=2.2.2.2 +SPORT=1980 +DPORT=2005 + +case $1 in + dump) + # Setting dump mask + echo "dump mask set to TUPLE" + $CONNTRACK -A -m TUPLE + $CONNTRACK -L + echo "Press any key to continue..." + read + echo "dump mask set to TUPLE,COUNTERS" + $CONNTRACK -A -m TUPLE,COUNTERS + $CONNTRACK -L + echo "Press any key to continue..." + read + echo "dump mask set to ALL" + $CONNTRACK -A -m ALL + $CONNTRACK -L + echo "Press any key to continue..." + read + ;; + new) + echo "creating a new conntrack" + $CONNTRACK -I --orig-src $SRC --orig-dst $DST \ + --reply-src $DST --reply-dst $SRC -p tcp \ + --orig-port-src $SPORT --orig-port-dst $DPORT \ + --reply-port-src $DPORT --reply-port-dst $SPORT \ + --state LISTEN -u SEEN_REPLY -t 50 + ;; + + change) + echo "change a conntrack" + $CONNTRACK -I --orig-src $SRC --orig-dst $DST \ + --reply-src $DST --reply-dst $SRC -p tcp \ + --orig-port-src $SPORT --orig-port-dst $DPORT \ + --reply-port-src $DPORT --reply-port-dst $SPORT \ + --state TIME_WAIT -u ASSURED -t 500 + ;; + delete) + # 66.111.58.52 dst=85.136.125.64 sport=22 dport=60239 + $CONNTRACK -D conntrack --orig-src 66.111.58.1 \ + --orig-dst 85.136.125.64 -p tcp --orig-port-src 22 \ + --orig-port-dst 60239 + ;; + output) + proc=$(cat /proc/net/ip_conntrack | wc -l) + netl=$($CONNTRACK -L | wc -l) + count=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count) + if [ $proc -ne $netl ]; then + echo "proc is $proc and netl is $netl and count is $count" + else + if [ $proc -ne $count ]; then + echo "proc is $proc and netl is $netl and count is $count" + else + echo "now $proc" + fi + fi + ;; + *) + echo "Usage: $0 [dump|new|change|delete|output]" + ;; +esac -- cgit v1.2.3