tests: add nfct tests for cttimeout

This patch adds the automated tests for the cttimeout infrastructure.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 73 insertions, 0 deletions

diff --git a/tests/nfct/test-live.sh b/tests/nfct/test-live.sh
new file mode 100644
index 0000000..c338e63
--- /dev/null
+++ b/tests/nfct/test-live.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# simple testing for cttimeout infrastructure using one single computer
+#
+
+WAIT_BETWEEN_TESTS=10
+
+# flush cttimeout table
+nfct timeout flush
+
+# flush the conntrack table
+conntrack -F
+
+#
+# No.1: test generic timeout policy
+#
+
+echo "---- test no. 1 ----"
+
+conntrack -E -p 13 &
+
+nfct timeout add test-generic inet generic timeout 100
+iptables -I OUTPUT -t raw -p all -j CT --timeout test-generic
+hping3 -c 1 -V -I eth0 -0 8.8.8.8 -H 13
+
+killall -15 conntrack
+
+echo "---- end test no. 1 ----"
+
+sleep $WAIT_BETWEEN_TESTS
+
+iptables -D OUTPUT -t raw -p all -j CT --timeout test-generic
+nfct timeout del test-generic
+
+#
+# No.2: test TCP timeout policy
+#
+
+echo "---- test no. 2 ----"
+
+conntrack -E -p tcp &
+
+nfct timeout add test-tcp inet tcp syn_sent 100
+iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp
+hping3 -V -S -p 80 -s 5050 8.8.8.8 -c 1
+
+sleep $WAIT_BETWEEN_TESTS
+
+iptables -D OUTPUT -t raw -p tcp -j CT --timeout test-tcp
+nfct timeout del test-tcp
+
+killall -15 conntrack
+
+echo "---- end test no. 2 ----"
+
+#
+# No. 3: test ICMP timeout policy
+#
+
+echo "---- test no. 3 ----"
+
+conntrack -E -p icmp &
+
+nfct timeout add test-icmp inet icmp timeout 50
+iptables -I OUTPUT -t raw -p icmp -j CT --timeout test-icmp
+hping3 -1 8.8.8.8 -c 2
+
+iptables -D OUTPUT -t raw -p icmp -j CT --timeout test-icmp
+nfct timeout del test-icmp
+
+killall -15 conntrack
+
+echo "---- end test no. 3 ----"