diff options
| author | Florian Westphal <fw@strlen.de> | 2023-08-10 21:48:01 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2023-08-13 20:59:14 +0200 |
| commit | 8b92ee8cd1e8fe9fff1fa8763644a0e118a226ec (patch) | |
| tree | 22b5aece546a05ef830ec578277780d7c3eee14b /tests/shell/testcases/maps | |
| parent | cd9bf74eacc15a3ec2719b6a62cc6b1060734764 (diff) | |
tests: add test with concatenation, vmap and timeout
Add 4k elements to map, with timeouts in range 1..3s, also add a
catchall element with timeout.
Check that all elements are no longer included in set list after 4s.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/maps')
| -rw-r--r-- | tests/shell/testcases/maps/dumps/vmap_timeout.nft | 29 | ||||
| -rwxr-xr-x | tests/shell/testcases/maps/vmap_timeout | 33 |
2 files changed, 62 insertions, 0 deletions
diff --git a/tests/shell/testcases/maps/dumps/vmap_timeout.nft b/tests/shell/testcases/maps/dumps/vmap_timeout.nft new file mode 100644 index 00000000..7bbad87c --- /dev/null +++ b/tests/shell/testcases/maps/dumps/vmap_timeout.nft @@ -0,0 +1,29 @@ +table inet filter { + map portmap { + type inet_service : verdict + flags timeout + elements = { 22 : jump ssh_input } + } + + map portaddrmap { + typeof ip daddr . th dport : verdict + flags timeout + elements = { 1.2.3.4 . 22 : jump ssh_input } + } + + chain ssh_input { + } + + chain other_input { + } + + chain wan_input { + ip daddr . tcp dport vmap @portaddrmap + tcp dport vmap @portmap + } + + chain prerouting { + type filter hook prerouting priority raw; policy accept; + iif vmap { "lo" : jump wan_input } + } +} diff --git a/tests/shell/testcases/maps/vmap_timeout b/tests/shell/testcases/maps/vmap_timeout new file mode 100755 index 00000000..a81ff4f5 --- /dev/null +++ b/tests/shell/testcases/maps/vmap_timeout @@ -0,0 +1,33 @@ +#!/bin/bash + +set -e + +dumpfile=$(dirname $0)/dumps/$(basename $0).nft +$NFT -f $dumpfile + +port=23 +for i in $(seq 1 400) ; do + timeout=$((RANDOM%3)) + timeout=$((timeout+1)) + j=1 + + batched="{ $port timeout 3s : jump other_input " + batched_addr="{ 10.0.$((i%256)).$j . $port timeout 3s : jump other_input " + port=$((port + 1)) + for j in $(seq 2 100); do + batched="$batched, $port timeout ${timeout}s : jump other_input " + batched_addr="$batched_addr, 10.0.$((i%256)).$j . $port timeout ${timeout}s : jump other_input " + port=$((port + 1)) + done + + batched="$batched }" + batched_addr="$batched_addr }" + $NFT add element inet filter portmap "$batched" + $NFT add element inet filter portaddrmap "$batched_addr" +done + +$NFT add element inet filter portaddrmap { "* timeout 2s : drop" } +$NFT add element inet filter portmap { "* timeout 3s : drop" } + +# wait for elements to time out +sleep 4 |