diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-04-18 12:53:25 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-04-18 12:53:25 +0200 |
commit | 0b6f88e662d54cabf15ef3dbf70e9f0fcdb1412e (patch) | |
tree | 61015b37af82ea3852fe1a93ee19fc2f8ae16a1a /tests/match_target.t | |
parent | 8ca014410d1b64d802772c168f416d8bcc99fbe3 (diff) |
Options and flags support added to the kernel API
The support makes possible to specify the timeout value for
the SET target and a flag to reset the timeout for already existing
entries.
Diffstat (limited to 'tests/match_target.t')
-rw-r--r-- | tests/match_target.t | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/tests/match_target.t b/tests/match_target.t index 0c6e7e7..4a2b9be 100644 --- a/tests/match_target.t +++ b/tests/match_target.t @@ -58,4 +58,26 @@ 1 ipset test ipport 10.255.255.64,icmp:host-prohibited # Destroy sets and rules 0 ./iptables.sh inet stop +# Create set and rules to check --exist and --timeout flags of SET target +0 ./iptables.sh inet timeout +# Add 10.255.255.64,icmp:host-prohibited to the set +0 ipset add test 10.255.255.64,icmp:host-prohibited +# Check that 10.255.255.64,icmp:3/10 is in ipport set +0 ipset test test 10.255.255.64,icmp:host-prohibited +# Sleep 3s so that entry can time out +0 sleep 3s +# Check that 10.255.255.64,icmp:3/10 is not in ipport set +1 ipset test test 10.255.255.64,icmp:host-prohibited +# Add 10.255.255.64,icmp:host-prohibited to the set again +0 ipset add test 10.255.255.64,icmp:host-prohibited +# Sleep 1s +0 sleep 1s +# Send probe packet 10.255.255.64,icmp:host-prohibited +0 sendip -d r10 -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p icmp -ct 3 -cd 10 127.0.0.1 +# Sleep 5s, so original entry could time out +0 sleep 5s +# Check that 10.255.255.64,icmp:3/10 is not in ipport set +0 ipset test test 10.255.255.64,icmp:host-prohibited +# Destroy sets and rules +0 ./iptables.sh inet stop # eof |