summaryrefslogtreecommitdiffstats
path: root/tests/nfct/test-live.sh
blob: c338e63f061f1f22a91c41347c2b1d1c5edb62c9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#!/bin/sh
#
# simple testing for cttimeout infrastructure using one single computer
#

WAIT_BETWEEN_TESTS=10

# flush cttimeout table
nfct timeout flush

# flush the conntrack table
conntrack -F

#
# No.1: test generic timeout policy
#

echo "---- test no. 1 ----"

conntrack -E -p 13 &

nfct timeout add test-generic inet generic timeout 100
iptables -I OUTPUT -t raw -p all -j CT --timeout test-generic
hping3 -c 1 -V -I eth0 -0 8.8.8.8 -H 13

killall -15 conntrack

echo "---- end test no. 1 ----"

sleep $WAIT_BETWEEN_TESTS

iptables -D OUTPUT -t raw -p all -j CT --timeout test-generic
nfct timeout del test-generic

#
# No.2: test TCP timeout policy
#

echo "---- test no. 2 ----"

conntrack -E -p tcp &

nfct timeout add test-tcp inet tcp syn_sent 100
iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp
hping3 -V -S -p 80 -s 5050 8.8.8.8 -c 1

sleep $WAIT_BETWEEN_TESTS

iptables -D OUTPUT -t raw -p tcp -j CT --timeout test-tcp
nfct timeout del test-tcp

killall -15 conntrack

echo "---- end test no. 2 ----"

#
# No. 3: test ICMP timeout policy
#

echo "---- test no. 3 ----"

conntrack -E -p icmp &

nfct timeout add test-icmp inet icmp timeout 50
iptables -I OUTPUT -t raw -p icmp -j CT --timeout test-icmp
hping3 -1 8.8.8.8 -c 2

iptables -D OUTPUT -t raw -p icmp -j CT --timeout test-icmp
nfct timeout del test-icmp

killall -15 conntrack

echo "---- end test no. 3 ----"