diff options
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/iptables.sh | 4 | ||||
-rw-r--r-- | tests/match_target.t | 22 |
2 files changed, 26 insertions, 0 deletions
diff --git a/tests/iptables.sh b/tests/iptables.sh index b5b82e4..9b1c90c 100755 --- a/tests/iptables.sh +++ b/tests/iptables.sh @@ -64,6 +64,10 @@ del) $cmd -F INPUT $cmd -A INPUT -j SET --del-set ipport src,src ;; +timeout) + ../src/ipset n test hash:ip,port timeout 2 + $cmd -A INPUT -j SET --add-set test src,src --timeout 10 --exist + ;; stop) $cmd -F $cmd -X diff --git a/tests/match_target.t b/tests/match_target.t index 0c6e7e7..4a2b9be 100644 --- a/tests/match_target.t +++ b/tests/match_target.t @@ -58,4 +58,26 @@ 1 ipset test ipport 10.255.255.64,icmp:host-prohibited # Destroy sets and rules 0 ./iptables.sh inet stop +# Create set and rules to check --exist and --timeout flags of SET target +0 ./iptables.sh inet timeout +# Add 10.255.255.64,icmp:host-prohibited to the set +0 ipset add test 10.255.255.64,icmp:host-prohibited +# Check that 10.255.255.64,icmp:3/10 is in ipport set +0 ipset test test 10.255.255.64,icmp:host-prohibited +# Sleep 3s so that entry can time out +0 sleep 3s +# Check that 10.255.255.64,icmp:3/10 is not in ipport set +1 ipset test test 10.255.255.64,icmp:host-prohibited +# Add 10.255.255.64,icmp:host-prohibited to the set again +0 ipset add test 10.255.255.64,icmp:host-prohibited +# Sleep 1s +0 sleep 1s +# Send probe packet 10.255.255.64,icmp:host-prohibited +0 sendip -d r10 -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p icmp -ct 3 -cd 10 127.0.0.1 +# Sleep 5s, so original entry could time out +0 sleep 5s +# Check that 10.255.255.64,icmp:3/10 is not in ipport set +0 ipset test test 10.255.255.64,icmp:host-prohibited +# Destroy sets and rules +0 ./iptables.sh inet stop # eof |