summaryrefslogtreecommitdiffstats
path: root/tests/ct_mark_filter.sh
blob: a2c7fed2dd45551119747a2a8743bff707d8a4ec (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/sh

. `dirname $0`/nssocket_env.sh

echo "---- TCP echo with ctmark 0/0 [filter_mark_zero]"
pre_sync
echo | nc -q 0 $VETH_CHILD_ADDR $DSTPORT
post_sync

echo "---- iptables CONNMARK settings - ctmark tcp 2/2, tcp fin 1/1"
ip netns exec $NETNS sh <<EOF
    iptables -t mangle -I PREROUTING -p tcp -m tcp -j CONNMARK --set-mark 2/2
    iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags FIN FIN -j CONNMARK --set-mark 1/1
EOF

echo "---- TCP echo with mark filter 1/1 [filter_mark_1_1]"
pre_sync
echo | nc -q 0 $VETH_CHILD_ADDR $DSTPORT
post_sync

echo "---- TCP echo with mark filter ! 1/1 [filter_mark_neg_1_1]"
pre_sync
echo | nc -q 0 $VETH_CHILD_ADDR $DSTPORT
post_sync

echo "---- TCP echo with mark filter !0/fffffffd [filter_mark_neg_0_fffffffd]"
pre_sync
echo | nc -q 0 $VETH_CHILD_ADDR $DSTPORT
post_sync

echo "---- max mark filter entry [filter_mark_max]"
pre_sync
echo | nc -q 0 $VETH_CHILD_ADDR $DSTPORT
post_sync

fin