diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2018-01-04 13:21:26 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2018-01-04 13:21:26 +0100 |
commit | ad92ed77e77fe421a86f0fde907c51286ed47928 (patch) | |
tree | 412d16a99a72446666734d404ffd380eb85d6f49 /tests | |
parent | 0a81ab50306539788e2dd0471f3b1ed5b9dcc5ef (diff) |
Fix "don't update counters" mode when counters used at the matching
The matching of the counters was not taken into account, fixed.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/hash:net.t | 2 | ||||
-rwxr-xr-x | tests/iptables.sh | 9 | ||||
-rw-r--r-- | tests/match_target.t | 6 |
3 files changed, 17 insertions, 0 deletions
diff --git a/tests/hash:net.t b/tests/hash:net.t index 4db9e9a..501f63e 100644 --- a/tests/hash:net.t +++ b/tests/hash:net.t @@ -86,6 +86,8 @@ 0 ipset -A test 1.1.1.0/26 # Check non-matching IP 1 ipset -T test 1.1.1.1 +# Check non-matching IP with nomatch flag +0 ipset -T test 1.1.1.1 nomatch # Check matching IP from non-matchin small net 0 ipset -T test 1.1.1.3 # Check non-matching IP from larger net diff --git a/tests/iptables.sh b/tests/iptables.sh index 8bc77ef..bca3253 100755 --- a/tests/iptables.sh +++ b/tests/iptables.sh @@ -116,6 +116,15 @@ netiface) $cmd -A OUTPUT -m set --match-set test dst,dst -j LOG --log-prefix "in set netiface: " $cmd -A OUTPUT -d 10.255.255.254 -j DROP ;; +counter) + $ipset n test hash:ip counters + $ipset a test 10.255.255.64 + $cmd -A OUTPUT -m set --match-set test src --packets-gt 1 ! --update-counters -j DROP + $cmd -A OUTPUT -m set --match-set test src -j DROP + ./sendip.sh -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1 + ./sendip.sh -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1 + ./sendip.sh -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1 + ;; stop) $cmd -F $cmd -X diff --git a/tests/match_target.t b/tests/match_target.t index 3d7ed1b..4141ce6 100644 --- a/tests/match_target.t +++ b/tests/match_target.t @@ -112,4 +112,10 @@ 0 ./check_klog.sh 10.255.255.64 udp 1025 netiface # Destroy sets and rules 0 ./iptables.sh inet stop +# Create set and rules for the counter test +0 ./iptables.sh inet counter +# Check packet counter +0 ipset l test |grep -q '^10.255.255.64 packets 2' +# Destroy sets and rules +0 ./iptables.sh inet stop # eof |