Testing iptables

Authors:
Daniel Hoffman;Durga Prabhakar;Paul Strooper
Affiliations:
Department of Computer Science, University of Victoria, PO Box 3055 STN CSC, Victoria, BC V8W 3P6;Department of Computer Science, University of Victoria, PO Box 3055 STN CSC, Victoria, BC V8W 3P6;School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, Qld. 4072, Australia
Venue:
CASCON '03 Proceedings of the 2003 conference of the Centre for Advanced Studies on Collaborative research
Year:
2003

Citing 15
Cited 3

Selecting Software Test Data Using Data Flow Information

IEEE Transactions on Software Engineering
Software testing techniques (2nd ed.)

Software testing techniques (2nd ed.)
Software testing based on formal specifications: a theory and a tool

Software Engineering Journal
The ASTOOT approach to testing object-oriented programs

ACM Transactions on Software Engineering and Methodology (TOSEM)
A Framework for Specification-Based Testing

IEEE Transactions on Software Engineering
Automatically Checking an Implementation against Its Formal Specification

IEEE Transactions on Software Engineering
High Speed Networks and Internets: Performance and Quality of Service

High Speed Networks and Internets: Performance and Quality of Service
Computer Networks

Computer Networks
Art of Software Testing

Art of Software Testing
Building Open Source Network Security Tools: Components and Techniques

Building Open Source Network Security Tools: Components and Techniques
Compilation of Z Specifications into C for Automatic Test Result Evaluation

ZUM '95 Proceedings of the 9th International Conference of Z Usres on The Z Formal Specification Notation
Improving Software Tests Using Z Specifications

ZUM '95 Proceedings of the 9th International Conference of Z Usres on The Z Formal Specification Notation
Testing as Abstraction

ZUM '95 Proceedings of the 9th International Conference of Z Usres on The Z Formal Specification Notation
Automating the Generation and Sequencing of Test Cases from Model-Based Specifications

FME '93 Proceedings of the First International Symposium of Formal Methods Europe on Industrial-Strength Formal Methods
Translating Object-Z Specifications to Passive Test Oracles

ICFEM '98 Proceedings of the Second IEEE International Conference on Formal Engineering Methods

Firewall policy verification and troubleshooting

Computer Networks: The International Journal of Computer and Telecommunications Networking
Firewall policy change-impact analysis

ACM Transactions on Internet Technology (TOIT)
Change-impact analysis of firewall policies

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

iptables is the most recent entry in a series of Linux firewall services. Because iptables is a security product in widespread use, correctness and performance are important issues. We present a methodology for iptables regression testing. Typically, correctness test suites generate test inputs and then log the observed output to a file. Log files from the first execution are manually checked for correctness and then compared to the results from subsequent test runs with a file differencing utility. The log files tend to be large; checking their correctness is tedious and error-prone. In contrast, we generate test traffic and verify the correctness of the iptables behaviour from the same program, eliminating the need for log files. We also present performance test results, focusing on throughput and delay as a function of the size of the iptables rule base. The measurements were conducted over Ethernet links running at 10, 100, and 1,000 Mbps.