Options and flags support added to the kernel API

The support makes possible to specify the timeout value for
the SET target and a flag to reset the timeout for already existing
entries.

2 files changed, 26 insertions, 0 deletions

diff --git a/tests/iptables.sh b/tests/iptables.sh
index b5b82e4..9b1c90c 100755
--- a/tests/iptables.sh
+++ b/tests/iptables.sh
@@ -64,6 +64,10 @@ del)
 	$cmd -F INPUT
 	$cmd -A INPUT -j SET --del-set ipport src,src
 	;;
+timeout)
+	../src/ipset n test hash:ip,port timeout 2
+	$cmd -A INPUT -j SET --add-set test src,src --timeout 10 --exist
+	;;
 stop)
 	$cmd -F
 	$cmd -X
diff --git a/tests/match_target.t b/tests/match_target.t
index 0c6e7e7..4a2b9be 100644
--- a/tests/match_target.t
+++ b/tests/match_target.t
@@ -58,4 +58,26 @@
 1 ipset test ipport 10.255.255.64,icmp:host-prohibited
 # Destroy sets and rules
 0 ./iptables.sh inet stop
+# Create set and rules to check --exist and --timeout flags of SET target
+0 ./iptables.sh inet timeout
+# Add 10.255.255.64,icmp:host-prohibited to the set
+0 ipset add test 10.255.255.64,icmp:host-prohibited 
+# Check that 10.255.255.64,icmp:3/10 is in ipport set
+0 ipset test test 10.255.255.64,icmp:host-prohibited
+# Sleep 3s so that entry can time out
+0 sleep 3s
+# Check that 10.255.255.64,icmp:3/10 is not in ipport set
+1 ipset test test 10.255.255.64,icmp:host-prohibited
+# Add 10.255.255.64,icmp:host-prohibited to the set again
+0 ipset add test 10.255.255.64,icmp:host-prohibited
+# Sleep 1s
+0 sleep 1s
+# Send probe packet 10.255.255.64,icmp:host-prohibited
+0 sendip -d r10 -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p icmp -ct 3 -cd 10 127.0.0.1
+# Sleep 5s, so original entry could time out
+0 sleep 5s
+# Check that 10.255.255.64,icmp:3/10 is not in ipport set
+0 ipset test test 10.255.255.64,icmp:host-prohibited
+# Destroy sets and rules
+0 ./iptables.sh inet stop
 # eof