[testsuite] ipt

All of lore.kernel.org
 help / color / mirror / Atom feed

* [testsuite] ipt_iprange
@ 2004-12-16 23:02 Samuel Jean
  2004-12-16 23:49 ` Rusty Russell
  2004-12-17  1:17 ` Rusty Russell
  0 siblings, 2 replies; 4+ messages in thread
From: Samuel Jean @ 2004-12-16 23:02 UTC (permalink / raw)
  To: netfilter-devel; +Cc: rusty, nib

[-- Attachment #1: Type: text/plain, Size: 186 bytes --]

Hi rusty,

Here's a (probably complete) nfsim testsuite against ipt_iprange match.
By now, 27ipt_iprange-bad-addr.sim is failing.. safe to add into 
expected-failures.

Cheers,

Samuel


[-- Attachment #2: 27ipt_iprange-bad-addr.sim --]
[-- Type: text/plain, Size: 1047 bytes --]

# Input some junk ip range.
# Obiously, this test must fail.
expect iptables iptables: command failed
iptables -A INPUT -m iprange --src-range 0.0.0.0-500.400.300.200
iptables -A INPUT -m iprange --dst-range 0.0.0.0-500.400.300.200

# Check if inputing the same option twice override previous one.
# This should ring the bell.
# Side note: Fixed in SVN since Mon Jul 12 07:16:54 2004 UTC, Revision 1407

iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --src-range 1.1.1.1-2.2.2.2
iptables -A INPUT -m iprange --dst-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2

# Giving a source and destination range should succeed.
expect ! iptables iptables: command failed
iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2

# Invert
iptables -A INPUT -m iprange ! --src-range 0.0.0.0-1.1.1.1 ! --dst-range 1.1.1.1-2.2.2.2

# Remove me!
iptables -D INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
iptables -D INPUT -m iprange ! --src-range 0.0.0.0-1.1.1.1 ! --dst-range 1.1.1.1-2.2.2.2


[-- Attachment #3: 28ipt_iprange.sim --]
[-- Type: text/plain, Size: 1740 bytes --]

# Initial scenario: give a route for FORWARD'ed packets
route add 0.0.0.0/0 eth1

# Source address belong to this range ?
iptables -I INPUT -m iprange --src-range 10.0.0.0-10.0.0.5 -j DROP
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 10.0.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 10.0.0.2 192.168.0.1 0 tcp 1 2 SYN

# Source address doesn't belong to this range ?
iptables -I INPUT -m iprange ! --src-range 10.0.0.0-10.0.0.5 -j ACCEPT
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN

# Destination address belong to this range ?
iptables -I INPUT -m iprange --dst-range 192.168.0.0-192.168.0.255 -j DROP
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 10.0.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 10.0.0.2 192.168.0.1 0 tcp 1 2 SYN

# Destination address doesn't belong to this range ?
iptables -I FORWARD -m iprange ! --dst-range 192.168.0.0-192.168.0.255 -j DROP
expect gen_ip hook:NF_IP_FORWARD iptable_filter NF_DROP {IPv4 10.0.0.2 10.0.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 10.0.0.2 10.0.0.1 0 tcp 1 2 SYN

# Source and Destination belong..
iptables -I INPUT -m iprange --src-range 10.0.0.0-10.0.0.5 --dst-range 192.168.0.0-192.168.0.255 -j DROP
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 10.0.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 10.0.0.2 192.168.0.1 0 tcp 1 2 SYN

# Source and Destination doesn't belong..
iptables -I FORWARD -m iprange ! --src-range 10.0.0.0-10.0.0.5 ! --dst-range 192.168.0.0-192.168.0.255 -j DROP
expect gen_ip hook:NF_IP_FORWARD iptable_filter NF_DROP {IPv4 192.168.0.1 10.0.0.2 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.1 10.0.0.2 0 tcp 1 2 SYN


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [testsuite] ipt_iprange
  2004-12-16 23:02 [testsuite] ipt_iprange Samuel Jean
@ 2004-12-16 23:49 ` Rusty Russell
  2004-12-17  1:17 ` Rusty Russell
  1 sibling, 0 replies; 4+ messages in thread
From: Rusty Russell @ 2004-12-16 23:49 UTC (permalink / raw)
  To: Samuel Jean; +Cc: Netfilter development mailing list, nib

On Thu, 2004-12-16 at 18:02 -0500, Samuel Jean wrote:
> Hi rusty,
> 
> Here's a (probably complete) nfsim testsuite against ipt_iprange match.
> By now, 27ipt_iprange-bad-addr.sim is failing.. safe to add into 
> expected-failures.

Thanks!

BTW, "expects" expire immediately after the command they "expect" on,
so:

> # Input some junk ip range.
> # Obiously, this test must fail.
> expect iptables iptables: command failed
> iptables -A INPUT -m iprange --src-range 0.0.0.0-500.400.300.200
> iptables -A INPUT -m iprange --dst-range 0.0.0.0-500.400.300.200

This expect would not apply to the second one.

> # Check if inputing the same option twice override previous one.
> # This should ring the bell.
> # Side note: Fixed in SVN since Mon Jul 12 07:16:54 2004 UTC, Revision 1407
> 
> iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --src-range 1.1.1.1-2.2.2.2
> iptables -A INPUT -m iprange --dst-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
> 
> # Giving a source and destination range should succeed.
> expect ! iptables iptables: command failed
> iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2

When you run ./test-sh (or better, ./test-kernel-source), it runs nfsim
with the -e option, so any unexpected command failures always exit the
script with failure.

I'll fix these up.

Thanks!
Rusty.
-- 
A bad analogy is like a leaky screwdriver -- Richard Braakman

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [testsuite] ipt_iprange
  2004-12-16 23:02 [testsuite] ipt_iprange Samuel Jean
  2004-12-16 23:49 ` Rusty Russell
@ 2004-12-17  1:17 ` Rusty Russell
  2004-12-17  1:26   ` Samuel Jean
  1 sibling, 1 reply; 4+ messages in thread
From: Rusty Russell @ 2004-12-17  1:17 UTC (permalink / raw)
  To: Samuel Jean; +Cc: Netfilter development mailing list, nib

On Thu, 2004-12-16 at 18:02 -0500, Samuel Jean wrote:
> Hi rusty,
> 
> Here's a (probably complete) nfsim testsuite against ipt_iprange match.

This is great.  As an exercise, I reworked 28ipt_range.sim as if I had
written it, to see what you think.  You might prefer your version, but I
thought it interesting to see how I would do it.

1) I like all the tests to only test one thing, and be as orthogonal and
simple as possible.  So I always try to use the same rule over and over,
with very simply changes.

2) The default setup is eth0: 192.168.0.*, and eth1: 192.168.1.*, so
unless there's a good reason you should probably stick with those
address ranges.

3) I ended up with one rule of form:
	iptables -I INPUT -m iprange --src-range 192.168.0.1-192.168.0.3 -j
DROP
   This makes it easy to test the edges: .0 and .4 should not
match, .1, .2 and .3 should.

4) The opposite case is always the exact opposite, making it simple to
write the test and ensure it's correct.

Here's the result:

# Source address belong to this range ?
iptables -I INPUT -m iprange --src-range 192.168.0.1-192.168.0.3 -j DROP
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.0 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.0 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.1 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.1 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.3 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.3 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.4 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.4 192.168.1.100 0 tcp 1 2 SYN
iptables -D INPUT -m iprange --src-range 192.168.0.1-192.168.0.3 -j DROP

# Source address doesn't belong to this range ?
iptables -I INPUT -m iprange ! --src-range 192.168.0.1-192.168.0.3 -j DROP
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.0 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.0 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.1 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.1 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.3 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.3 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.4 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.4 192.168.1.100 0 tcp 1 2 SYN
iptables -D INPUT -m iprange ! --src-range 192.168.0.1-192.168.0.3 -j DROP

# Destination address belong to this range ?
iptables -I INPUT -m iprange --dst-range 192.168.1.1-192.168.1.3 -j DROP
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.100 192.168.1.0 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.0 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.100 192.168.1.1 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.1 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.100 192.168.1.2 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.2 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.100 192.168.1.3 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.3 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.100 192.168.1.4 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.4 0 tcp 1 2 SYN
iptables -D INPUT -m iprange --dst-range 192.168.1.1-192.168.1.3 -j DROP

# Destination address doesn't belong to this range ?
iptables -I INPUT -m iprange ! --dst-range 192.168.1.1-192.168.1.3 -j DROP
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.100 192.168.1.0 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.0 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.100 192.168.1.1 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.1 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.100 192.168.1.2 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.2 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.100 192.168.1.3 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.3 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.100 192.168.1.4 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.4 0 tcp 1 2 SYN
iptables -D INPUT -m iprange --dst-range 192.168.1.1-192.168.1.3 -j DROP

# Source and Destination belong..
iptables -I INPUT -m iprange --src-range 192.168.0.1-192.168.0.3 --dst-range 192.168.0.1-192.168.0.3 -j DROP

	# Just destination not sufficient.
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.100 192.168.1.0 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.0 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.100 192.168.1.1 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.1 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.100 192.168.1.2 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.2 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.100 192.168.1.3 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.3 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.100 192.168.1.4 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.4 0 tcp 1 2 SYN

	# Just source not sufficient.
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.0 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.0 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.1 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.1 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.3 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.3 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.4 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.4 192.168.1.100 0 tcp 1 2 SYN

	# Need both.
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.0 192.168.1.0 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.0 192.168.1.0 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.1 192.168.1.1 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.1 192.168.1.1 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.3 192.168.1.3 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.3 192.168.1.3 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.4 192.168.1.4 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.4 192.168.1.4 0 tcp 1 2 SYN

iptables -D INPUT -m iprange --src-range 192.168.0.1-192.168.0.3 --dst-range 192.168.0.1-192.168.0.3 -j DROP

# Source and Destination doesn't belong..
iptables -I INPUT -m iprange ! --src-range 192.168.0.1-192.168.0.3 ! --dst-range 192.168.0.1-192.168.0.3 -j DROP

	# Just destination not sufficient.
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.100 192.168.1.0 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.0 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.100 192.168.1.1 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.1 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.100 192.168.1.2 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.2 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.100 192.168.1.3 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.3 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.100 192.168.1.4 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.100 192.168.1.4 0 tcp 1 2 SYN

	# Just source not sufficient.
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.0 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.0 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.1 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.1 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.3 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.3 192.168.1.100 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.4 192.168.1.100 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.4 192.168.1.100 0 tcp 1 2 SYN

	# Need both.
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.0 192.168.1.0 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.0 192.168.1.0 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.1 192.168.1.1 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.1 192.168.1.1 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.1.2 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.3 192.168.1.3 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.3 192.168.1.3 0 tcp 1 2 SYN
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.4 192.168.1.4 0 6 1 2 SYN}
gen_ip IF=eth0 192.168.0.4 192.168.1.4 0 tcp 1 2 SYN

iptables -D INPUT -m iprange ! --src-range 192.168.0.1-192.168.0.3 ! --dst-range 192.168.0.1-192.168.0.3 -j DROP

-- 
A bad analogy is like a leaky screwdriver -- Richard Braakman

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [testsuite] ipt_iprange
  2004-12-17  1:17 ` Rusty Russell
@ 2004-12-17  1:26   ` Samuel Jean
  0 siblings, 0 replies; 4+ messages in thread
From: Samuel Jean @ 2004-12-17  1:26 UTC (permalink / raw)
  To: Rusty Russell; +Cc: netfilter-devel

Rusty Russell wrote:

> 1) I like all the tests to only test one thing, and be as orthogonal and
> simple as possible.  So I always try to use the same rule over and over,
> with very simply changes.

It is very interesting.

> 
> 2) The default setup is eth0: 192.168.0.*, and eth1: 192.168.1.*, so
> unless there's a good reason you should probably stick with those
> address ranges.
> 

This is noted.

> 4) The opposite case is always the exact opposite, making it simple to
> write the test and ensure it's correct.
> 

So far, this is the best way to do. I appreciate this come back and will 
stick to your way.

Thanks a bunch,

--peejix

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2004-12-17  1:26 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-16 23:02 [testsuite] ipt_iprange Samuel Jean
2004-12-16 23:49 ` Rusty Russell
2004-12-17  1:17 ` Rusty Russell
2004-12-17  1:26   ` Samuel Jean

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.