* [testsuite] ipt_ttl
@ 2004-12-16 2:52 Samuel Jean
0 siblings, 0 replies; only message in thread
From: Samuel Jean @ 2004-12-16 2:52 UTC (permalink / raw)
To: netfilter-devel; +Cc: rusty, nib
[-- Attachment #1: Type: text/plain, Size: 83 bytes --]
Hi rusty,
Here's a little nfsim testsuite against ipt_ttl match.
Cheers,
Samuel
[-- Attachment #2: 25ipt_ttl.sim --]
[-- Type: text/plain, Size: 974 bytes --]
# This should fail but it doesn't because patch was lost
# somewhere in the outter limit.
# https://lists.netfilter.org/pipermail/netfilter-cvslog/2004-July/003454.html
expect iptables iptables: command failed
iptables -A INPUT -m ttl --ttl-eq -1
iptables -A INPUT -m ttl --ttl-gt 300
iptables -A INPUT -m ttl --ttl-lt -2000
# Test for match function.
# These should get NF_DROP verdict.
expect gen_ip hook:NF_IP_PRE_ROUTING iptable_nat NF_DROP *
iptables -t nat -I PREROUTING -m ttl --ttl-eq 50 -j DROP
gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
iptables -t nat -I PREROUTING -m ttl --ttl-gt 51 -j DROP
gen_ip IF=eth0 TTL=55 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
iptables -t nat -I PREROUTING -m ttl --ttl-lt 50 -j DROP
gen_ip IF=eth0 TTL=49 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
# This packet with TTL=51 should be NF_ACCEPT'ed
expect gen_ip hook:NF_IP_PRE_ROUTING iptable_nat NF_ACCEPT *
gen_ip IF=eth0 TTL=51 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-12-16 2:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-16 2:52 [testsuite] ipt_ttl Samuel Jean
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.