[testsuite] ipt_mac testcase

All of lore.kernel.org
 help / color / mirror / Atom feed

* [testsuite] ipt_mac testcase
@ 2004-12-17 23:15 Samuel Jean
  0 siblings, 0 replies; only message in thread
From: Samuel Jean @ 2004-12-17 23:15 UTC (permalink / raw)
  To: Rusty Russell; +Cc: netfilter-devel, Nicolas Bouliane

[-- Attachment #1: Type: text/plain, Size: 590 bytes --]

Hi Rusty,

Like the subject suggests, here's the ipt_mac testcase.
This is your third christmas gift. Please, don't try to find out how much
I paid for... 8)~

As of revision 3436:
    * attached a tiny patch removing bad entry into expected-failures.
    * the other one is about 01iptables/27ipt_iprange-bad-addr.sim

iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --src-range 
1.1.1.1-2.2.2.2
iptables -A INPUT -m iprange --dst-range 0.0.0.0-1.1.1.1 --dst-range 
1.1.1.1-2.2.2.2

Above rules should fail. Added expects...

Let me know if I missed something.

Cheers,

--peejix

[-- Attachment #2: 34ipt_mac-bad-addr.sim --]
[-- Type: text/plain, Size: 986 bytes --]

# Straight rule (expecting: success)
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A
iptables -D INPUT -m mac --mac-source 00:50:BA:56:CB:3A

# Inverted rule (expecting: success)
iptables -I INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A
iptables -D INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A
iptables -I INPUT -m mac --mac-source ! 00:50:BA:56:CB:3A
iptables -D INPUT -m mac --mac-source ! 00:50:BA:56:CB:3A

# Inverted twice (expecting: failure)
expect iptables iptables: command failed
iptables -I INPUT -m mac ! --mac-source ! 00:50:BA:56:CB:3A

# Bad MAC address (expecting: failure)
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A:
expect iptables iptables: command failed
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A:00

[-- Attachment #3: 35ipt_mac.sim --]
[-- Type: text/plain, Size: 1084 bytes --]

# Straight rule
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A -j DROP

	# source MAC matches
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:50:BA:56:CB:3A 192.168.0.2 192.168.0.1 0 6 1 2 SYN

	# source MAC doesn't
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:A0:C9:5A:94:EF 192.168.0.2 192.168.0.1 0 6 1 2 SYN

iptables -D INPUT -m mac --mac-source 00:50:BA:56:CB:3A -j DROP

# Inverted rule
iptables -I INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A -j DROP

	# source MAC matches
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:50:BA:56:CB:3A 192.168.0.2 192.168.0.1 0 6 1 2 SYN

	# source MAC doesn't
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:A0:C9:5A:94:EF 192.168.0.2 192.168.0.1 0 6 1 2 SYN

iptables -D INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A -j DROP


[-- Attachment #4: expected-failures-remove_entry.patch --]
[-- Type: text/x-patch, Size: 315 bytes --]

--- expected-failures	2004-12-17 17:34:13.000000000 -0500
+++ expected-failures.fix	2004-12-17 17:55:57.000000000 -0500
@@ -26,4 +26,3 @@
 linux:2.6.10*:03NAT/21loopback.sim
 iptables:*:01iptables/26ipt_ttl-out-of-range.sim
 iptables:*:01iptables/27ipt_iprange-bad-addr.sim
-*:01iptables/27ipt_iprange-bad-addr.sim

[-- Attachment #5: 27ipt_iprange-bad-addr.patch --]
[-- Type: text/x-patch, Size: 1158 bytes --]

--- 01iptables/27ipt_iprange-bad-addr.sim	2004-12-16 23:37:50.000000000 -0500
+++ 01iptables/27ipt_iprange-bad-addr.sim.fix	2004-12-17 17:52:22.000000000 -0500
@@ -8,17 +8,16 @@
 # Check if inputing the same option twice override previous one.
 # This should ring the bell.
 # Side note: Fixed in SVN since Mon Jul 12 07:16:54 2004 UTC, Revision 1407
-
+expect iptables iptables: command failed
 iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --src-range 1.1.1.1-2.2.2.2
+expect iptables iptables: command failed
 iptables -A INPUT -m iprange --dst-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
 
 # Giving a source and destination range should succeed.
 iptables -A INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
+iptables -D INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
 
-# Invert
+# Invert rule too...
 iptables -A INPUT -m iprange ! --src-range 0.0.0.0-1.1.1.1 ! --dst-range 1.1.1.1-2.2.2.2
-
-# Remove me!
-iptables -D INPUT -m iprange --src-range 0.0.0.0-1.1.1.1 --dst-range 1.1.1.1-2.2.2.2
 iptables -D INPUT -m iprange ! --src-range 0.0.0.0-1.1.1.1 ! --dst-range 1.1.1.1-2.2.2.2
 

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2004-12-17 23:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-17 23:15 [testsuite] ipt_mac testcase Samuel Jean

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.