[testsuite] ipt_iprange

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Samuel Jean <sj-netfilter@cookinglinux.org>
To: netfilter-devel@lists.netfilter.org
Cc: rusty@rustcorp.com.au, nib@cookinglinux.org
Subject: [testsuite] ipt_iprange
Date: Thu, 16 Dec 2004 18:02:19 -0500	[thread overview]
Message-ID: <41C213FB.2000101@cookinglinux.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 186 bytes --]

Hi rusty,

Here's a (probably complete) nfsim testsuite against ipt_iprange match.
By now, 27ipt_iprange-bad-addr.sim is failing.. safe to add into 
expected-failures.

Cheers,

Samuel


[-- Attachment #2: 27ipt_iprange-bad-addr.sim --]
[-- Type: text/plain, Size: 1047 bytes --]

# Input some junk ip range.
# Obiously, this test must fail.
expect iptables iptables: command failed
iptables -A INPUT -m iprange --src-range 0.0.0.0-500.400.300.200
iptables -A INPUT -m iprange --dst-range 0.0.0.0-500.400.300.200

# Check if inputing the same option twice override previous one.
# This should ring the bell.
# Side note: Fixed in SVN since Mon Jul 12 07:16:54 2004 UTC, Revision 1407

iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --src-range 1.1.1.1-2.2.2.2
iptables -A INPUT -m iprange --dst-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2

# Giving a source and destination range should succeed.
expect ! iptables iptables: command failed
iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2

# Invert
iptables -A INPUT -m iprange ! --src-range 0.0.0.0-1.1.1.1 ! --dst-range 1.1.1.1-2.2.2.2

# Remove me!
iptables -D INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
iptables -D INPUT -m iprange ! --src-range 0.0.0.0-1.1.1.1 ! --dst-range 1.1.1.1-2.2.2.2


[-- Attachment #3: 28ipt_iprange.sim --]
[-- Type: text/plain, Size: 1740 bytes --]

# Initial scenario: give a route for FORWARD'ed packets
route add 0.0.0.0/0 eth1

# Source address belong to this range ?
iptables -I INPUT -m iprange --src-range 10.0.0.0-10.0.0.5 -j DROP
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 10.0.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 10.0.0.2 192.168.0.1 0 tcp 1 2 SYN

# Source address doesn't belong to this range ?
iptables -I INPUT -m iprange ! --src-range 10.0.0.0-10.0.0.5 -j ACCEPT
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN

# Destination address belong to this range ?
iptables -I INPUT -m iprange --dst-range 192.168.0.0-192.168.0.255 -j DROP
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 10.0.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 10.0.0.2 192.168.0.1 0 tcp 1 2 SYN

# Destination address doesn't belong to this range ?
iptables -I FORWARD -m iprange ! --dst-range 192.168.0.0-192.168.0.255 -j DROP
expect gen_ip hook:NF_IP_FORWARD iptable_filter NF_DROP {IPv4 10.0.0.2 10.0.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 10.0.0.2 10.0.0.1 0 tcp 1 2 SYN

# Source and Destination belong..
iptables -I INPUT -m iprange --src-range 10.0.0.0-10.0.0.5 --dst-range 192.168.0.0-192.168.0.255 -j DROP
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 10.0.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 10.0.0.2 192.168.0.1 0 tcp 1 2 SYN

# Source and Destination doesn't belong..
iptables -I FORWARD -m iprange ! --src-range 10.0.0.0-10.0.0.5 ! --dst-range 192.168.0.0-192.168.0.255 -j DROP
expect gen_ip hook:NF_IP_FORWARD iptable_filter NF_DROP {IPv4 192.168.0.1 10.0.0.2 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.1 10.0.0.2 0 tcp 1 2 SYN

next             reply	other threads:[~2004-12-16 23:02 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-12-16 23:02 Samuel Jean [this message]
2004-12-16 23:49 ` [testsuite] ipt_iprange Rusty Russell
2004-12-17  1:17 ` Rusty Russell
2004-12-17  1:26   ` Samuel Jean

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41C213FB.2000101@cookinglinux.org \
    --to=sj-netfilter@cookinglinux.org \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=nib@cookinglinux.org \
    --cc=rusty@rustcorp.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.