From ad92ed77e77fe421a86f0fde907c51286ed47928 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Thu, 4 Jan 2018 13:21:26 +0100
Subject: Fix "don't update counters" mode when counters used at the matching

The matching of the counters was not taken into account, fixed.
---
 tests/iptables.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'tests/iptables.sh')

diff --git a/tests/iptables.sh b/tests/iptables.sh
index 8bc77ef..bca3253 100755
--- a/tests/iptables.sh
+++ b/tests/iptables.sh
@@ -116,6 +116,15 @@ netiface)
 	$cmd -A OUTPUT -m set --match-set test dst,dst -j LOG --log-prefix "in set netiface: "
 	$cmd -A OUTPUT -d 10.255.255.254 -j DROP
 	;;
+counter)
+	$ipset n test hash:ip counters
+	$ipset a test 10.255.255.64
+	$cmd -A OUTPUT -m set --match-set test src --packets-gt 1 ! --update-counters -j DROP
+	$cmd -A OUTPUT -m set --match-set test src -j DROP
+	./sendip.sh -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1
+	./sendip.sh -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1
+	./sendip.sh -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1
+	;;
 stop)
 	$cmd -F
 	$cmd -X
-- 
cgit v1.2.3