1f08c3bdfSopenharmony_ci#!/bin/sh 2f08c3bdfSopenharmony_ci# SPDX-License-Identifier: GPL-2.0-or-later 3f08c3bdfSopenharmony_ci# Copyright (c) Linux Test Project, 2019-2022 4f08c3bdfSopenharmony_ci# Copyright (c) 2018-2019 Oracle and/or its affiliates. All Rights Reserved. 5f08c3bdfSopenharmony_ci# Copyright (c) International Business Machines Corp., 2001 6f08c3bdfSopenharmony_ci# 7f08c3bdfSopenharmony_ci# Author: Jan 20 2004 Hubert Lin <linux02NOSPAAAM@tw.ibm.com> 8f08c3bdfSopenharmony_ci# <hubertNOSPAAAM@symbio.com.tw> 9f08c3bdfSopenharmony_ci 10f08c3bdfSopenharmony_ciTST_CNT=6 11f08c3bdfSopenharmony_ciTST_TESTFUNC="test" 12f08c3bdfSopenharmony_ciTST_NEEDS_TMPDIR=1 13f08c3bdfSopenharmony_ciTST_NEEDS_ROOT=1 14f08c3bdfSopenharmony_ciTST_SETUP="${TST_SETUP:-init}" 15f08c3bdfSopenharmony_ciTST_CLEANUP="${TST_CLEANUP:-cleanup}" 16f08c3bdfSopenharmony_ciTST_NEEDS_CMDS="grep telnet" 17f08c3bdfSopenharmony_ci 18f08c3bdfSopenharmony_ciNFRUN() 19f08c3bdfSopenharmony_ci{ 20f08c3bdfSopenharmony_ci local rule 21f08c3bdfSopenharmony_ci 22f08c3bdfSopenharmony_ci if [ "$use_iptables" = 1 ]; then 23f08c3bdfSopenharmony_ci ip${TST_IPV6}tables $@ 24f08c3bdfSopenharmony_ci else 25f08c3bdfSopenharmony_ci $(ip${TST_IPV6}tables-translate $@ | sed "s/[\']//g") 26f08c3bdfSopenharmony_ci fi 27f08c3bdfSopenharmony_ci} 28f08c3bdfSopenharmony_ci 29f08c3bdfSopenharmony_ciNFRUN_REMOVE() 30f08c3bdfSopenharmony_ci{ 31f08c3bdfSopenharmony_ci if [ "$use_iptables" = 1 ]; then 32f08c3bdfSopenharmony_ci ROD ip${TST_IPV6}tables -D INPUT 1 33f08c3bdfSopenharmony_ci else 34f08c3bdfSopenharmony_ci ROD nft flush chain ip${TST_IPV6} filter INPUT 35f08c3bdfSopenharmony_ci fi 36f08c3bdfSopenharmony_ci} 37f08c3bdfSopenharmony_ci 38f08c3bdfSopenharmony_ciinit() 39f08c3bdfSopenharmony_ci{ 40f08c3bdfSopenharmony_ci if [ "$use_iptables" = 1 ]; then 41f08c3bdfSopenharmony_ci toolname=ip${TST_IPV6}tables 42f08c3bdfSopenharmony_ci cmds="$toolname" 43f08c3bdfSopenharmony_ci tst_require_drivers ip${TST_IPV6}_tables 44f08c3bdfSopenharmony_ci else 45f08c3bdfSopenharmony_ci toolname=nft 46f08c3bdfSopenharmony_ci cmds="$toolname ip${TST_IPV6}tables-translate" 47f08c3bdfSopenharmony_ci fi 48f08c3bdfSopenharmony_ci 49f08c3bdfSopenharmony_ci if [ "$TST_IPV6" ];then 50f08c3bdfSopenharmony_ci loc_addr="::1" 51f08c3bdfSopenharmony_ci proto="icmpv6" 52f08c3bdfSopenharmony_ci else 53f08c3bdfSopenharmony_ci loc_addr="127.0.0.1" 54f08c3bdfSopenharmony_ci proto="icmp" 55f08c3bdfSopenharmony_ci fi 56f08c3bdfSopenharmony_ci 57f08c3bdfSopenharmony_ci ping_cmd="ping$TST_IPV6" 58f08c3bdfSopenharmony_ci tst_require_cmds $cmds $ping_cmd 59f08c3bdfSopenharmony_ci 60f08c3bdfSopenharmony_ci tst_res TINFO "INIT: Flushing all rules" 61f08c3bdfSopenharmony_ci NFRUN -F -t filter > tst_iptables.out 2>&1 62f08c3bdfSopenharmony_ci NFRUN -F -t nat > tst_iptables.out 2>&1 63f08c3bdfSopenharmony_ci NFRUN -F -t mangle > tst_iptables.out 2>&1 64f08c3bdfSopenharmony_ci} 65f08c3bdfSopenharmony_ci 66f08c3bdfSopenharmony_cicleanup() 67f08c3bdfSopenharmony_ci{ 68f08c3bdfSopenharmony_ci if lsmod | grep -q "ip${TST_IPV6}_tables"; then 69f08c3bdfSopenharmony_ci NFRUN -F -t filter > /dev/null 2>&1 70f08c3bdfSopenharmony_ci NFRUN -F -t nat > /dev/null 2>&1 71f08c3bdfSopenharmony_ci NFRUN -F -t mangle > /dev/null 2>&1 72f08c3bdfSopenharmony_ci rmmod -v ipt_limit ipt_multiport ipt_LOG ipt_REJECT \ 73f08c3bdfSopenharmony_ci ip${TST_IPV6}table_mangle ip${TST_IPV6}table_nat ip_conntrack \ 74f08c3bdfSopenharmony_ci ip${TST_IPV6}table_filter ip${TST_IPV6}_tables nf_nat_ipv${TST_IPVER} nf_nat \ 75f08c3bdfSopenharmony_ci nf_log_ipv${TST_IPVER} nf_log_common nf_reject_ipv${TST_IPVER} \ 76f08c3bdfSopenharmony_ci nf_conntrack_ipv${TST_IPVER} nf_defrag_ipv${TST_IPVER} nf_conntrack \ 77f08c3bdfSopenharmony_ci > tst_iptables.out 2>&1 78f08c3bdfSopenharmony_ci fi 79f08c3bdfSopenharmony_ci} 80f08c3bdfSopenharmony_ci 81f08c3bdfSopenharmony_citest1() 82f08c3bdfSopenharmony_ci{ 83f08c3bdfSopenharmony_ci if [ "$use_iptables" != 1 ]; then 84f08c3bdfSopenharmony_ci tst_res TCONF "$toolname not applicable for test $1" 85f08c3bdfSopenharmony_ci return 86f08c3bdfSopenharmony_ci fi 87f08c3bdfSopenharmony_ci local chaincnt=0 88f08c3bdfSopenharmony_ci local ipt_cmd="ip${TST_IPV6}tables" 89f08c3bdfSopenharmony_ci local cmd="$ipt_cmd -L -t filter" 90f08c3bdfSopenharmony_ci tst_res TINFO "$cmd will list all rules in table filter" 91f08c3bdfSopenharmony_ci $cmd > tst_iptables.out 2>&1 92f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 93f08c3bdfSopenharmony_ci tst_res TFAIL "$cmd failed to list rules" 94f08c3bdfSopenharmony_ci cat tst_iptables.out 95f08c3bdfSopenharmony_ci return 96f08c3bdfSopenharmony_ci else 97f08c3bdfSopenharmony_ci chaincnt=$(grep -c Chain tst_iptables.out) 98f08c3bdfSopenharmony_ci if [ $chaincnt -lt 3 ]; then 99f08c3bdfSopenharmony_ci tst_res TFAIL "$cmd failed to list rules" 100f08c3bdfSopenharmony_ci cat tst_iptables.out 101f08c3bdfSopenharmony_ci return 102f08c3bdfSopenharmony_ci else 103f08c3bdfSopenharmony_ci tst_res TINFO "$cmd lists rules" 104f08c3bdfSopenharmony_ci fi 105f08c3bdfSopenharmony_ci fi 106f08c3bdfSopenharmony_ci 107f08c3bdfSopenharmony_ci local cmd="$ipt_cmd -L -t nat" 108f08c3bdfSopenharmony_ci tst_res TINFO "$cmd will list all rules in table nat" 109f08c3bdfSopenharmony_ci $cmd > tst_iptables.out 2>&1 110f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 111f08c3bdfSopenharmony_ci tst_res TFAIL "$cmd failed to list rules" 112f08c3bdfSopenharmony_ci cat tst_iptables.out 113f08c3bdfSopenharmony_ci return 114f08c3bdfSopenharmony_ci else 115f08c3bdfSopenharmony_ci chaincnt=$(grep -c Chain tst_iptables.out) 116f08c3bdfSopenharmony_ci if [ $chaincnt -lt 3 ]; then 117f08c3bdfSopenharmony_ci tst_res TFAIL "$cmd failed to list rules" 118f08c3bdfSopenharmony_ci cat tst_iptables.out 119f08c3bdfSopenharmony_ci return 120f08c3bdfSopenharmony_ci else 121f08c3bdfSopenharmony_ci tst_res TINFO "$cmd lists rules" 122f08c3bdfSopenharmony_ci fi 123f08c3bdfSopenharmony_ci fi 124f08c3bdfSopenharmony_ci 125f08c3bdfSopenharmony_ci local cmd="$ipt_cmd -L -t mangle" 126f08c3bdfSopenharmony_ci tst_res TINFO "$cmd will list all rules in table mangle" 127f08c3bdfSopenharmony_ci $cmd > tst_iptables.out 2>&1 128f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 129f08c3bdfSopenharmony_ci tst_res TFAIL "$cmd failed to list rules" 130f08c3bdfSopenharmony_ci cat tst_iptables.out 131f08c3bdfSopenharmony_ci return 132f08c3bdfSopenharmony_ci else 133f08c3bdfSopenharmony_ci chaincnt=$(grep -c Chain tst_iptables.out) 134f08c3bdfSopenharmony_ci if [ $chaincnt -lt 5 ]; then 135f08c3bdfSopenharmony_ci tst_res TFAIL "$cmd failed to list rules" 136f08c3bdfSopenharmony_ci cat tst_iptables.out 137f08c3bdfSopenharmony_ci else 138f08c3bdfSopenharmony_ci tst_res TINFO "$cmd lists rules" 139f08c3bdfSopenharmony_ci fi 140f08c3bdfSopenharmony_ci fi 141f08c3bdfSopenharmony_ci 142f08c3bdfSopenharmony_ci tst_res TPASS "$ipt_cmd -L lists rules" 143f08c3bdfSopenharmony_ci} 144f08c3bdfSopenharmony_ci 145f08c3bdfSopenharmony_citest2() 146f08c3bdfSopenharmony_ci{ 147f08c3bdfSopenharmony_ci tst_res TINFO "Use $toolname to DROP packets from particular IP" 148f08c3bdfSopenharmony_ci tst_res TINFO "Rule to block icmp from $loc_addr" 149f08c3bdfSopenharmony_ci 150f08c3bdfSopenharmony_ci NFRUN -A INPUT -s $loc_addr -p $proto -j DROP > tst_iptables.out 2>&1 151f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 152f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname command failed to append new rule" 153f08c3bdfSopenharmony_ci cat tst_iptables.out 154f08c3bdfSopenharmony_ci return 155f08c3bdfSopenharmony_ci fi 156f08c3bdfSopenharmony_ci 157f08c3bdfSopenharmony_ci tst_res TINFO "Pinging $loc_addr" 158f08c3bdfSopenharmony_ci $ping_cmd -c 2 $loc_addr -W 1 -i 0 > tst_iptables.out 2>&1 159f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 160f08c3bdfSopenharmony_ci grep "100% packet loss" tst_iptables.out > tst_iptables.err 2>&1 161f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 162f08c3bdfSopenharmony_ci tst_res TFAIL \ 163f08c3bdfSopenharmony_ci "$toolname did not block packets from loopback" 164f08c3bdfSopenharmony_ci cat tst_iptables.err 165f08c3bdfSopenharmony_ci return 166f08c3bdfSopenharmony_ci else 167f08c3bdfSopenharmony_ci tst_res TINFO "Ping $loc_addr not successful" 168f08c3bdfSopenharmony_ci fi 169f08c3bdfSopenharmony_ci else 170f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname did not block $proto from $loc_addr" 171f08c3bdfSopenharmony_ci cat tst_iptables.out 172f08c3bdfSopenharmony_ci return 173f08c3bdfSopenharmony_ci fi 174f08c3bdfSopenharmony_ci 175f08c3bdfSopenharmony_ci tst_res TINFO "Deleting $proto DROP from $loc_addr rule" 176f08c3bdfSopenharmony_ci NFRUN_REMOVE 177f08c3bdfSopenharmony_ci 178f08c3bdfSopenharmony_ci tst_res TINFO "Pinging $loc_addr again" 179f08c3bdfSopenharmony_ci $ping_cmd -c 2 $loc_addr -W 1 -i 0 > tst_iptables.out 2>&1 180f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 181f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname blocking loopback. This is expected" \ 182f08c3bdfSopenharmony_ci "behaviour on certain distributions where" \ 183f08c3bdfSopenharmony_ci "enabling firewall drops all packets by default" 184f08c3bdfSopenharmony_ci cat tst_iptables.out 185f08c3bdfSopenharmony_ci return 186f08c3bdfSopenharmony_ci fi 187f08c3bdfSopenharmony_ci tst_res TINFO "Ping succsess" 188f08c3bdfSopenharmony_ci tst_res TPASS "$toolname can DROP packets from particular IP" 189f08c3bdfSopenharmony_ci} 190f08c3bdfSopenharmony_ci 191f08c3bdfSopenharmony_citest3() 192f08c3bdfSopenharmony_ci{ 193f08c3bdfSopenharmony_ci tst_res TINFO "Use $toolname to REJECT ping request" 194f08c3bdfSopenharmony_ci tst_res TINFO "Rule to reject ping request" 195f08c3bdfSopenharmony_ci 196f08c3bdfSopenharmony_ci NFRUN -A INPUT -p $proto --${proto}-type echo-request -d $loc_addr -j \ 197f08c3bdfSopenharmony_ci REJECT > tst_iptables.out 2>&1 198f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 199f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname command failed to append new rule" 200f08c3bdfSopenharmony_ci cat tst_iptables.out 201f08c3bdfSopenharmony_ci return 202f08c3bdfSopenharmony_ci fi 203f08c3bdfSopenharmony_ci 204f08c3bdfSopenharmony_ci tst_res TINFO "Pinging $loc_addr" 205f08c3bdfSopenharmony_ci $ping_cmd -c 2 $loc_addr -W 1 -i 0 > tst_iptables.out 2>&1 206f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 207f08c3bdfSopenharmony_ci grep "100% packet loss" tst_iptables.out > tst_iptables.err 2>&1 208f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 209f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname did not block ping request" 210f08c3bdfSopenharmony_ci cat tst_iptables.err 211f08c3bdfSopenharmony_ci return 212f08c3bdfSopenharmony_ci else 213f08c3bdfSopenharmony_ci tst_res TINFO "Ping $loc_addr not successful" 214f08c3bdfSopenharmony_ci fi 215f08c3bdfSopenharmony_ci else 216f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname did not reject ping request" 217f08c3bdfSopenharmony_ci cat tst_iptables.out 218f08c3bdfSopenharmony_ci return 219f08c3bdfSopenharmony_ci fi 220f08c3bdfSopenharmony_ci 221f08c3bdfSopenharmony_ci tst_res TINFO "Deleting icmp request REJECT rule" 222f08c3bdfSopenharmony_ci NFRUN_REMOVE 223f08c3bdfSopenharmony_ci 224f08c3bdfSopenharmony_ci tst_res TINFO "Pinging $loc_addr again" 225f08c3bdfSopenharmony_ci $ping_cmd -c 2 $loc_addr -W 1 -i 0 > tst_iptables.out 2>&1 226f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 227f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname blocking ping requests. This is" \ 228f08c3bdfSopenharmony_ci "expected behaviour on certain distributions" \ 229f08c3bdfSopenharmony_ci "where enabling firewall drops all packets by" \ 230f08c3bdfSopenharmony_ci "default" 231f08c3bdfSopenharmony_ci cat tst_iptables.out 232f08c3bdfSopenharmony_ci return 233f08c3bdfSopenharmony_ci fi 234f08c3bdfSopenharmony_ci tst_res TINFO "Ping succsess" 235f08c3bdfSopenharmony_ci tst_res TPASS "$toolname can REJECT ping requests" 236f08c3bdfSopenharmony_ci} 237f08c3bdfSopenharmony_ci 238f08c3bdfSopenharmony_citest4() 239f08c3bdfSopenharmony_ci{ 240f08c3bdfSopenharmony_ci local dport=45886 241f08c3bdfSopenharmony_ci local logprefix="${TCID}$(date +%m%d%H%M%S):" 242f08c3bdfSopenharmony_ci 243f08c3bdfSopenharmony_ci tst_res TINFO "Use $toolname to log packets to particular port" 244f08c3bdfSopenharmony_ci tst_res TINFO "Rule to log tcp packets to particular port" 245f08c3bdfSopenharmony_ci 246f08c3bdfSopenharmony_ci NFRUN -A INPUT -p tcp -d $loc_addr --dport $dport -j LOG \ 247f08c3bdfSopenharmony_ci --log-prefix "$logprefix" > tst_iptables.out 2>&1 248f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 249f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname command failed to append new rule" 250f08c3bdfSopenharmony_ci cat tst_iptables.out 251f08c3bdfSopenharmony_ci return 252f08c3bdfSopenharmony_ci fi 253f08c3bdfSopenharmony_ci 254f08c3bdfSopenharmony_ci tst_res TINFO "telnet $loc_addr $dport" 255f08c3bdfSopenharmony_ci telnet $loc_addr $dport > tst_iptables.out 2>&1 256f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 257f08c3bdfSopenharmony_ci sleep 2 258f08c3bdfSopenharmony_ci dmesg | grep "$logprefix" > tst_iptables.err 2>&1 259f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 260f08c3bdfSopenharmony_ci tst_res TFAIL \ 261f08c3bdfSopenharmony_ci "$toolname did not log packets to port $dport" 262f08c3bdfSopenharmony_ci cat tst_iptables.err 263f08c3bdfSopenharmony_ci return 264f08c3bdfSopenharmony_ci else 265f08c3bdfSopenharmony_ci tst_res TINFO "Packets to port $dport logged" 266f08c3bdfSopenharmony_ci fi 267f08c3bdfSopenharmony_ci else 268f08c3bdfSopenharmony_ci tst_res TFAIL "telnet to $loc_addr $dport should fail" 269f08c3bdfSopenharmony_ci cat tst_iptables.out 270f08c3bdfSopenharmony_ci return 271f08c3bdfSopenharmony_ci fi 272f08c3bdfSopenharmony_ci 273f08c3bdfSopenharmony_ci tst_res TINFO "Deleting the rule to log" 274f08c3bdfSopenharmony_ci NFRUN_REMOVE 275f08c3bdfSopenharmony_ci 276f08c3bdfSopenharmony_ci tst_res TINFO "$toolname logging succsess" 277f08c3bdfSopenharmony_ci tst_res TPASS "$toolname can log packets to particular port" 278f08c3bdfSopenharmony_ci} 279f08c3bdfSopenharmony_ci 280f08c3bdfSopenharmony_citest5() 281f08c3bdfSopenharmony_ci{ 282f08c3bdfSopenharmony_ci local dport=0 283f08c3bdfSopenharmony_ci local logprefix="${TCID}$(date +%m%d%H%M%S):" 284f08c3bdfSopenharmony_ci 285f08c3bdfSopenharmony_ci tst_res TINFO "Use $toolname to log packets to multiple ports" 286f08c3bdfSopenharmony_ci tst_res TINFO "Rule to log tcp packets to port 45801 - 45803" 287f08c3bdfSopenharmony_ci NFRUN -A INPUT -p tcp -d $loc_addr --dport 45801:45803 -j LOG \ 288f08c3bdfSopenharmony_ci --log-prefix "$logprefix" > tst_iptables.out 2>&1 289f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 290f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname command failed to append new rule" 291f08c3bdfSopenharmony_ci cat tst_iptables.out 292f08c3bdfSopenharmony_ci return 293f08c3bdfSopenharmony_ci fi 294f08c3bdfSopenharmony_ci 295f08c3bdfSopenharmony_ci tst_res TINFO "Rule to log tcp packets to port 45804 - 45806" 296f08c3bdfSopenharmony_ci NFRUN -A INPUT -p tcp -d $loc_addr -m multiport --dports \ 297f08c3bdfSopenharmony_ci 45804,45806,45805 -j LOG --log-prefix "$logprefix" \ 298f08c3bdfSopenharmony_ci > tst_iptables.out 2>&1 299f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 300f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname command failed to append new rule" 301f08c3bdfSopenharmony_ci cat tst_iptables.out 302f08c3bdfSopenharmony_ci return 303f08c3bdfSopenharmony_ci fi 304f08c3bdfSopenharmony_ci 305f08c3bdfSopenharmony_ci for dport in 45801 45802 45803 45804 45805 45806; do 306f08c3bdfSopenharmony_ci tst_res TINFO "telnet $loc_addr $dport" 307f08c3bdfSopenharmony_ci telnet $loc_addr $dport > tst_iptables.out 2>&1 308f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 309f08c3bdfSopenharmony_ci sleep 2 310f08c3bdfSopenharmony_ci dmesg | grep "$logprefix" | grep "=$dport " \ 311f08c3bdfSopenharmony_ci > tst_iptables.err 2>&1 312f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 313f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname did not log packets" \ 314f08c3bdfSopenharmony_ci "to port $dport" 315f08c3bdfSopenharmony_ci cat tst_iptables.err 316f08c3bdfSopenharmony_ci return 317f08c3bdfSopenharmony_ci else 318f08c3bdfSopenharmony_ci tst_res TINFO "Packets to port $dport logged" 319f08c3bdfSopenharmony_ci fi 320f08c3bdfSopenharmony_ci else 321f08c3bdfSopenharmony_ci tst_res TFAIL "telnet to $loc_addr $dport should fail" 322f08c3bdfSopenharmony_ci cat tst_iptables.out 323f08c3bdfSopenharmony_ci return 324f08c3bdfSopenharmony_ci fi 325f08c3bdfSopenharmony_ci done 326f08c3bdfSopenharmony_ci 327f08c3bdfSopenharmony_ci tst_res TINFO "Flushing all rules" 328f08c3bdfSopenharmony_ci NFRUN -F > tst_iptables.out 2>&1 329f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 330f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname did not flush all rules" 331f08c3bdfSopenharmony_ci cat tst_iptables.out 332f08c3bdfSopenharmony_ci return 333f08c3bdfSopenharmony_ci fi 334f08c3bdfSopenharmony_ci tst_res TINFO "$toolname logging succsess" 335f08c3bdfSopenharmony_ci tst_res TPASS "$toolname can log packets to multiple ports" 336f08c3bdfSopenharmony_ci} 337f08c3bdfSopenharmony_ci 338f08c3bdfSopenharmony_citest6() 339f08c3bdfSopenharmony_ci{ 340f08c3bdfSopenharmony_ci local logcnt=0 341f08c3bdfSopenharmony_ci local logprefix="${TCID}$(date +%m%d%H%M%S):" 342f08c3bdfSopenharmony_ci 343f08c3bdfSopenharmony_ci tst_res TINFO "Use $toolname to log ping request with limited rate" 344f08c3bdfSopenharmony_ci tst_res TINFO "Rule to log ping request" 345f08c3bdfSopenharmony_ci 346f08c3bdfSopenharmony_ci NFRUN -A INPUT -p $proto --$proto-type echo-request -d $loc_addr -m \ 347f08c3bdfSopenharmony_ci limit -j LOG --log-prefix "$logprefix" > tst_iptables.out 2>&1 348f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 349f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname command failed to append new rule" 350f08c3bdfSopenharmony_ci cat tst_iptables.out 351f08c3bdfSopenharmony_ci return 352f08c3bdfSopenharmony_ci fi 353f08c3bdfSopenharmony_ci 354f08c3bdfSopenharmony_ci tst_res TINFO "Pinging $loc_addr" 355f08c3bdfSopenharmony_ci $ping_cmd -c 10 $loc_addr -W 1 -i 0 > tst_iptables.out 2>&1 356f08c3bdfSopenharmony_ci if [ $? -eq 0 ]; then 357f08c3bdfSopenharmony_ci sleep 2 358f08c3bdfSopenharmony_ci logcnt=$(dmesg | grep -c "$logprefix") 359f08c3bdfSopenharmony_ci if [ $logcnt -ne 5 ]; then 360f08c3bdfSopenharmony_ci tst_res TFAIL "$toolname did not log packets with" \ 361f08c3bdfSopenharmony_ci "limited rate" 362f08c3bdfSopenharmony_ci cat tst_iptables.out 363f08c3bdfSopenharmony_ci return 364f08c3bdfSopenharmony_ci else 365f08c3bdfSopenharmony_ci tst_res TINFO "ping requests logged with limited rate" 366f08c3bdfSopenharmony_ci fi 367f08c3bdfSopenharmony_ci else 368f08c3bdfSopenharmony_ci tst_res TFAIL "ping to $loc_addr failed. This is expected" \ 369f08c3bdfSopenharmony_ci "behaviour on certain distributions where" \ 370f08c3bdfSopenharmony_ci "enabling firewall drops all packets by default" 371f08c3bdfSopenharmony_ci cat tst_iptables.out 372f08c3bdfSopenharmony_ci return 373f08c3bdfSopenharmony_ci fi 374f08c3bdfSopenharmony_ci 375f08c3bdfSopenharmony_ci tst_res TINFO "Deleting the rule to log" 376f08c3bdfSopenharmony_ci NFRUN_REMOVE 377f08c3bdfSopenharmony_ci 378f08c3bdfSopenharmony_ci tst_res TINFO "$toolname limited logging succsess" 379f08c3bdfSopenharmony_ci tst_res TPASS "$toolname can log packets with limited rate" 380f08c3bdfSopenharmony_ci} 381f08c3bdfSopenharmony_ci 382f08c3bdfSopenharmony_ci. tst_net.sh 383