From: Samuel Jean <sj-netfilter@cookinglinux.org>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: netfilter-devel@lists.netfilter.org,
Nicolas Bouliane <nib@cookinglinux.org>
Subject: [testsuite] ipt_mac testcase
Date: Fri, 17 Dec 2004 18:15:22 -0500 [thread overview]
Message-ID: <41C3688A.4030302@cookinglinux.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 590 bytes --]
Hi Rusty,
Like the subject suggests, here's the ipt_mac testcase.
This is your third christmas gift. Please, don't try to find out how much
I paid for... 8)~
As of revision 3436:
* attached a tiny patch removing bad entry into expected-failures.
* the other one is about 01iptables/27ipt_iprange-bad-addr.sim
iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --src-range
1.1.1.1-2.2.2.2
iptables -A INPUT -m iprange --dst-range 0.0.0.0-1.1.1.1 --dst-range
1.1.1.1-2.2.2.2
Above rules should fail. Added expects...
Let me know if I missed something.
Cheers,
--peejix
[-- Attachment #2: 34ipt_mac-bad-addr.sim --]
[-- Type: text/plain, Size: 986 bytes --]
# Straight rule (expecting: success)
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A
iptables -D INPUT -m mac --mac-source 00:50:BA:56:CB:3A
# Inverted rule (expecting: success)
iptables -I INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A
iptables -D INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A
iptables -I INPUT -m mac --mac-source ! 00:50:BA:56:CB:3A
iptables -D INPUT -m mac --mac-source ! 00:50:BA:56:CB:3A
# Inverted twice (expecting: failure)
expect iptables iptables: command failed
iptables -I INPUT -m mac ! --mac-source ! 00:50:BA:56:CB:3A
# Bad MAC address (expecting: failure)
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A:
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A:00
[-- Attachment #3: 35ipt_mac.sim --]
[-- Type: text/plain, Size: 1084 bytes --]
# Straight rule
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A -j DROP
# source MAC matches
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:50:BA:56:CB:3A 192.168.0.2 192.168.0.1 0 6 1 2 SYN
# source MAC doesn't
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:A0:C9:5A:94:EF 192.168.0.2 192.168.0.1 0 6 1 2 SYN
iptables -D INPUT -m mac --mac-source 00:50:BA:56:CB:3A -j DROP
# Inverted rule
iptables -I INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A -j DROP
# source MAC matches
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:50:BA:56:CB:3A 192.168.0.2 192.168.0.1 0 6 1 2 SYN
# source MAC doesn't
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:A0:C9:5A:94:EF 192.168.0.2 192.168.0.1 0 6 1 2 SYN
iptables -D INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A -j DROP
[-- Attachment #4: expected-failures-remove_entry.patch --]
[-- Type: text/x-patch, Size: 315 bytes --]
--- expected-failures 2004-12-17 17:34:13.000000000 -0500
+++ expected-failures.fix 2004-12-17 17:55:57.000000000 -0500
@@ -26,4 +26,3 @@
linux:2.6.10*:03NAT/21loopback.sim
iptables:*:01iptables/26ipt_ttl-out-of-range.sim
iptables:*:01iptables/27ipt_iprange-bad-addr.sim
-*:01iptables/27ipt_iprange-bad-addr.sim
[-- Attachment #5: 27ipt_iprange-bad-addr.patch --]
[-- Type: text/x-patch, Size: 1158 bytes --]
--- 01iptables/27ipt_iprange-bad-addr.sim 2004-12-16 23:37:50.000000000 -0500
+++ 01iptables/27ipt_iprange-bad-addr.sim.fix 2004-12-17 17:52:22.000000000 -0500
@@ -8,17 +8,16 @@
# Check if inputing the same option twice override previous one.
# This should ring the bell.
# Side note: Fixed in SVN since Mon Jul 12 07:16:54 2004 UTC, Revision 1407
-
+expect iptables iptables: command failed
iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --src-range 1.1.1.1-2.2.2.2
+expect iptables iptables: command failed
iptables -A INPUT -m iprange --dst-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
# Giving a source and destination range should succeed.
iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
+iptables -D INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
-# Invert
+# Invert rule too...
iptables -A INPUT -m iprange ! --src-range 0.0.0.0-1.1.1.1 ! --dst-range 1.1.1.1-2.2.2.2
-
-# Remove me!
-iptables -D INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
iptables -D INPUT -m iprange ! --src-range 0.0.0.0-1.1.1.1 ! --dst-range 1.1.1.1-2.2.2.2
reply other threads:[~2004-12-17 23:15 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41C3688A.4030302@cookinglinux.org \
--to=sj-netfilter@cookinglinux.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=nib@cookinglinux.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.