summaryrefslogtreecommitdiffstats
path: root/tests/match_target6.t
blob: 86197c0e2d1504ffbe0484752ef827db3396b39f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Create test set
0 ipset create test hash:ip family inet6
# Check that iptables set match catches invalid number of dir parameters
2 ip6tables -m set --match-set test src,dst,src,dst,src,dst,src
# Check reference number of test set
0 ref=`ipset list test|grep References|sed 's/References: //'` && test $ref -eq 0
# Check that iptables SET target catches invalid number of dir parameters
2 ip6tables -j SET --del-set test src,dst,src,dst,src,dst,src
# Check reference number of test set
0 ref=`ipset list test|grep References|sed 's/References: //'` && test $ref -eq 0
# Destroy test set
0 ipset destroy test
# Create sets and inet6 rules which call set match and SET target
0 ./iptables.sh inet6 start
# Check that 1002:1002:1002:1002::64,tcp:1025 is not in ipport set
1 ipset test ipport 1002:1002:1002:1002::64,tcp:1025
# Send probe packet from 1002:1002:1002:1002::64,tcp:1025
0 sendip -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p tcp -td 80 -ts 1025 ::1
# Check that proper sets matched and target worked
0 ./check_klog.sh 1002:1002:1002:1002::64 tcp 1025 ipport list
# Check that 1002:1002:1002:1002::64,tcp:1025 is in ipport set now
0 ipset test ipport 1002:1002:1002:1002::64,tcp:1025
# Check that 1002:1002:1002:1002::64,udp:1025 is not in ipport set
1 ipset test ipport 1002:1002:1002:1002::64,udp:1025
# Send probe packet from 1002:1002:1002:1002::64,udp:1025
0 sendip -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p udp -ud 80 -us 1025 ::1
# Check that proper sets matched and target worked
0 ./check_klog.sh 1002:1002:1002:1002::64 udp 1025 ipport list
# Check that 1002:1002:1002:1002::64,udp:1025 is in ipport set now
0 ipset test ipport 1002:1002:1002:1002::64,udp:1025
# Check that 1002:1002:1002:1002::1,tcp:1025 is not in ipport set
1 ipset test ipport 1002:1002:1002:1002::1,tcp:1025
# Send probe packet from 1002:1002:1002:1002::1,tcp:1025
0 sendip -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::1 -p tcp -td 80 -ts 1025 ::1
# Check that proper sets matched and target worked
0 ./check_klog.sh 1002:1002:1002:1002::1 tcp 1025 ip1 list
# Check that 1002:1002:1002:1002::1,tcp:1025 is not in ipport set
1 ipset test ipport 1002:1002:1002:1002::1,tcp:1025
# Check that 1002:1002:1002:1002::32,tcp:1025 is not in ipport set
1 ipset test ipport 1002:1002:1002:1002::32,tcp:1025
# Send probe packet from 1002:1002:1002:1002::32,tcp:1025
0 sendip -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::32 -p tcp -td 80 -ts 1025 ::1
# Check that proper sets matched and target worked
0 ./check_klog.sh 1002:1002:1002:1002::32 tcp 1025 ip2
# Check that 1002:1002:1002:1002::32,tcp:1025 is not in ipport set
1 ipset test ipport 1002:1002:1002:1002::32,tcp:1025
# Check that 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly is not in ipport set
1 ipset test ipport 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly
# Send probe packet from 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly
0 sendip -d r10 -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p icmp -ct 3 -cd 1 ::1
# Check that 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly is in ipport set now
0 ipset test ipport 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly
# Modify rules to check target and deletion
0 ./iptables.sh inet6 del
# Send probe packet from 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly
0 sendip -d r10 -p ipv6 -6d ::1 -6s 1002:1002:1002:1002::64 -p icmp -ct 3 -cd 1 ::1
# Check that 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly isn't in ipport set
1 ipset test ipport 1002:1002:1002:1002::64,icmpv6:ttl-zero-during-reassembly
# Destroy sets and rules
0 ./iptables.sh inet6 stop
# eof