diff options
Diffstat (limited to 'tests/nfct')
-rw-r--r-- | tests/nfct/run-test.sh | 20 | ||||
-rw-r--r-- | tests/nfct/test-live.sh | 73 | ||||
-rw-r--r-- | tests/nfct/test.c | 100 | ||||
-rw-r--r-- | tests/nfct/timeout/00tcp | 16 | ||||
-rw-r--r-- | tests/nfct/timeout/01udp | 16 | ||||
-rw-r--r-- | tests/nfct/timeout/02generic | 16 | ||||
-rw-r--r-- | tests/nfct/timeout/03udplite | 16 | ||||
-rw-r--r-- | tests/nfct/timeout/04icmp | 16 | ||||
-rw-r--r-- | tests/nfct/timeout/05icmpv6 | 16 | ||||
-rw-r--r-- | tests/nfct/timeout/06sctp | 16 | ||||
-rw-r--r-- | tests/nfct/timeout/07dccp | 16 | ||||
-rw-r--r-- | tests/nfct/timeout/08gre | 16 |
12 files changed, 337 insertions, 0 deletions
diff --git a/tests/nfct/run-test.sh b/tests/nfct/run-test.sh new file mode 100644 index 0000000..851ee75 --- /dev/null +++ b/tests/nfct/run-test.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +_UID=`id -u` +if [ $_UID -ne 0 ] +then + echo "Run this test as root" + exit 1 +fi + +gcc test.c -o test +# +# XXX: module auto-load not support by nfnetlink_cttimeout yet :-( +# +modprobe nf_conntrack_ipv4 +modprobe nf_conntrack_ipv6 +modprobe nf_conntrack_proto_udplite +modprobe nf_conntrack_proto_sctp +modprobe nf_conntrack_proto_dccp +modprobe nf_conntrack_proto_gre +./test timeout diff --git a/tests/nfct/test-live.sh b/tests/nfct/test-live.sh new file mode 100644 index 0000000..2257087 --- /dev/null +++ b/tests/nfct/test-live.sh @@ -0,0 +1,73 @@ +#!/bin/sh +# +# simple testing for cttimeout infrastructure using one single computer +# + +WAIT_BETWEEN_TESTS=10 + +# flush cttimeout table +nfct flush timeout + +# flush the conntrack table +conntrack -F + +# +# No.1: test generic timeout policy +# + +echo "---- test no. 1 ----" + +conntrack -E -p 13 & + +nfct add timeout test-generic inet generic timeout 100 +iptables -I OUTPUT -t raw -p all -j CT --timeout test-generic +hping3 -c 1 -V -I eth0 -0 8.8.8.8 -H 13 + +killall -15 conntrack + +echo "---- end test no. 1 ----" + +sleep $WAIT_BETWEEN_TESTS + +iptables -D OUTPUT -t raw -p all -j CT --timeout test-generic +nfct del timeout test-generic + +# +# No.2: test TCP timeout policy +# + +echo "---- test no. 2 ----" + +conntrack -E -p tcp & + +nfct add timeout test-tcp inet tcp syn_sent 100 +iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp +hping3 -V -S -p 80 -s 5050 8.8.8.8 -c 1 + +sleep $WAIT_BETWEEN_TESTS + +iptables -D OUTPUT -t raw -p tcp -j CT --timeout test-tcp +nfct del timeout test-tcp + +killall -15 conntrack + +echo "---- end test no. 2 ----" + +# +# No. 3: test ICMP timeout policy +# + +echo "---- test no. 3 ----" + +conntrack -E -p icmp & + +nfct add timeout test-icmp inet icmp timeout 50 +iptables -I OUTPUT -t raw -p icmp -j CT --timeout test-icmp +hping3 -1 8.8.8.8 -c 2 + +iptables -D OUTPUT -t raw -p icmp -j CT --timeout test-icmp +nfct del timeout test-icmp + +killall -15 conntrack + +echo "---- end test no. 3 ----" diff --git a/tests/nfct/test.c b/tests/nfct/test.c new file mode 100644 index 0000000..a833dcc --- /dev/null +++ b/tests/nfct/test.c @@ -0,0 +1,100 @@ +/* + * (c) 2012 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * Extremely simple test utility for the command line tools. + * + * Based on test-conntrack.c + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <dirent.h> + +#define PATH "/usr/sbin" + +int main(int argc, char *argv[]) +{ + int ret, ok = 0, bad = 0, line; + FILE *fp; + DIR *d; + char buf[1024]; + struct dirent *dent; + char file[1024]; + + if (argc < 2) { + fprintf(stderr, "Usage: %s directory\n", argv[0]); + exit(EXIT_FAILURE); + } + + d = opendir(argv[1]); + if (d == NULL) { + perror("opendir"); + exit(EXIT_FAILURE); + } + + setenv("PATH", PATH, 1); + + while ((dent = readdir(d)) != NULL) { + + sprintf(file, "%s/%s", argv[1], dent->d_name); + + line = 0; + + fp = fopen(file, "r"); + if (fp == NULL) { + perror("cannot find testsuite file"); + exit(EXIT_FAILURE); + } + + while (fgets(buf, sizeof(buf), fp)) { + char *res; + + line++; + + if (buf[0] == '#' || buf[0] == ' ') + continue; + + res = strchr(buf, ';'); + if (!res) { + printf("malformed file %s at line %d\n", + dent->d_name, line); + exit(EXIT_FAILURE); + } + *res = '\0'; + res+=2; + + printf("(%d) Executing: %s\n", line, buf); + + ret = system(buf); + + if (WIFEXITED(ret) && + WEXITSTATUS(ret) == EXIT_SUCCESS) { + if (res[0] == 'O' && + res[1] == 'K') + ok++; + else { + bad++; + printf("^----- BAD\n"); + } + } else { + if (res[0] == 'B' && + res[1] == 'A' && + res[2] == 'D') + ok++; + else { + bad++; + printf("^----- BAD\n"); + } + } + printf("=====\n"); + } + fclose(fp); + } + closedir(d); + + fprintf(stdout, "OK: %d BAD: %d\n", ok, bad); +} diff --git a/tests/nfct/timeout/00tcp b/tests/nfct/timeout/00tcp new file mode 100644 index 0000000..ab2e6fc --- /dev/null +++ b/tests/nfct/timeout/00tcp @@ -0,0 +1,16 @@ +# add policy object `test' +nfct add timeout test inet tcp established 100 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK +# get unexistent policy object `dummy' +nfct get timeout test ; BAD +# delete policy object `test', however, it does not exists anymore +nfct delete timeout test ; BAD +# add policy object `test' +nfct add timeout test inet tcp syn_sent 1 syn_recv 2 established 3 fin_wait 4 close_wait 5 last_ack 6 time_wait 7 close 8 syn_sent2 9 retrans 10 unacknowledged 11 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK diff --git a/tests/nfct/timeout/01udp b/tests/nfct/timeout/01udp new file mode 100644 index 0000000..f8097d6 --- /dev/null +++ b/tests/nfct/timeout/01udp @@ -0,0 +1,16 @@ +# add policy object `test' +nfct add timeout test inet udp unreplied 10 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK +# get unexistent policy object `dummy' +nfct get timeout test ; BAD +# delete policy object `test', however, it does not exists anymore +nfct delete timeout test ; BAD +# add policy object `test' +nfct add timeout test inet udp unreplied 1 replied 2 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK diff --git a/tests/nfct/timeout/02generic b/tests/nfct/timeout/02generic new file mode 100644 index 0000000..ffba138 --- /dev/null +++ b/tests/nfct/timeout/02generic @@ -0,0 +1,16 @@ +# add policy object `test' +nfct add timeout test inet generic timeout 10 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK +# get unexistent policy object `dummy' +nfct get timeout test ; BAD +# delete policy object `test', however, it does not exists anymore +nfct delete timeout test ; BAD +# add policy object `test' +nfct add timeout test inet generic timeout 1 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK diff --git a/tests/nfct/timeout/03udplite b/tests/nfct/timeout/03udplite new file mode 100644 index 0000000..8ed3459 --- /dev/null +++ b/tests/nfct/timeout/03udplite @@ -0,0 +1,16 @@ +# add policy object `test' +nfct add timeout test inet udplite unreplied 10 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK +# get unexistent policy object `dummy' +nfct get timeout test ; BAD +# delete policy object `test', however, it does not exists anymore +nfct delete timeout test ; BAD +# add policy object `test' +nfct add timeout test inet udplite unreplied 1 replied 2 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK diff --git a/tests/nfct/timeout/04icmp b/tests/nfct/timeout/04icmp new file mode 100644 index 0000000..edb1c99 --- /dev/null +++ b/tests/nfct/timeout/04icmp @@ -0,0 +1,16 @@ +# add policy object `test' +nfct add timeout test inet icmp timeout 10 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK +# get unexistent policy object `dummy' +nfct get timeout test ; BAD +# delete policy object `test', however, it does not exists anymore +nfct delete timeout test ; BAD +# add policy object `test' +nfct add timeout test inet icmp timeout 1 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK diff --git a/tests/nfct/timeout/05icmpv6 b/tests/nfct/timeout/05icmpv6 new file mode 100644 index 0000000..40ccc49 --- /dev/null +++ b/tests/nfct/timeout/05icmpv6 @@ -0,0 +1,16 @@ +# add policy object `test' +nfct add timeout test inet6 icmpv6 timeout 10 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK +# get unexistent policy object `dummy' +nfct get timeout test ; BAD +# delete policy object `test', however, it does not exists anymore +nfct delete timeout test ; BAD +# add policy object `test' +nfct add timeout test inet6 icmpv6 timeout 1 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK diff --git a/tests/nfct/timeout/06sctp b/tests/nfct/timeout/06sctp new file mode 100644 index 0000000..62b44c6 --- /dev/null +++ b/tests/nfct/timeout/06sctp @@ -0,0 +1,16 @@ +# add policy object `test' +nfct add timeout test inet sctp established 100 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK +# get unexistent policy object `dummy' +nfct get timeout test ; BAD +# delete policy object `test', however, it does not exists anymore +nfct delete timeout test ; BAD +# add policy object `test' +nfct add timeout test inet sctp closed 1 cookie_wait 2 cookie_echoed 3 established 4 shutdown_sent 5 shutdown_recd 6 shutdown_ack_sent 7 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK diff --git a/tests/nfct/timeout/07dccp b/tests/nfct/timeout/07dccp new file mode 100644 index 0000000..1d88585 --- /dev/null +++ b/tests/nfct/timeout/07dccp @@ -0,0 +1,16 @@ +# add policy object `test' +nfct add timeout test inet dccp request 100 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK +# get unexistent policy object `dummy' +nfct get timeout test ; BAD +# delete policy object `test', however, it does not exists anymore +nfct delete timeout test ; BAD +# add policy object `test' +nfct add timeout test inet dccp request 1 respond 2 partopen 3 open 4 closereq 5 closing 6 timewait 7 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK diff --git a/tests/nfct/timeout/08gre b/tests/nfct/timeout/08gre new file mode 100644 index 0000000..709b943 --- /dev/null +++ b/tests/nfct/timeout/08gre @@ -0,0 +1,16 @@ +# add policy object `test' +nfct add timeout test inet gre unreplied 10 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK +# get unexistent policy object `dummy' +nfct get timeout test ; BAD +# delete policy object `test', however, it does not exists anymore +nfct delete timeout test ; BAD +# add policy object `test' +nfct add timeout test inet gre unreplied 1 replied 2 ; OK +# get policy object `test' +nfct get timeout test ; OK +# delete policy object `test' +nfct delete timeout test ; OK |