summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases/sets/reset_command_0
diff options
context:
space:
mode:
Diffstat (limited to 'tests/shell/testcases/sets/reset_command_0')
-rwxr-xr-xtests/shell/testcases/sets/reset_command_087
1 files changed, 48 insertions, 39 deletions
diff --git a/tests/shell/testcases/sets/reset_command_0 b/tests/shell/testcases/sets/reset_command_0
index 7a088aea..ad2e16a7 100755
--- a/tests/shell/testcases/sets/reset_command_0
+++ b/tests/shell/testcases/sets/reset_command_0
@@ -1,17 +1,18 @@
#!/bin/bash
set -e
-set -x
+
+trap '[[ $? -eq 0 ]] || echo FAIL' EXIT
RULESET="table t {
set s {
type ipv4_addr . inet_proto . inet_service
flags interval, timeout
counter
- timeout 30s
+ timeout 30m
elements = {
- 1.0.0.1 . udp . 53 counter packets 5 bytes 30,
- 2.0.0.2 . tcp . 22 counter packets 10 bytes 100 timeout 15s
+ 1.0.0.1 . udp . 53 counter packets 5 bytes 30 expires 20m,
+ 2.0.0.2 . tcp . 22 counter packets 10 bytes 100 timeout 15m expires 10m
}
}
map m {
@@ -24,59 +25,67 @@ RULESET="table t {
}
}"
+echo -n "applying test ruleset: "
$NFT -f - <<< "$RULESET"
+echo OK
-sleep 2
-
-drop_ms() {
- sed 's/s[0-9]*ms/s/g'
+drop_seconds() {
+ sed 's/m[0-9]*s[0-9]*ms/m/g'
}
-expires_seconds() {
- sed -n 's/.*expires \([0-9]*\)s.*/\1/p'
+expires_minutes() {
+ sed -n 's/.*expires \([0-9]*\)m.*/\1/p'
}
-# 'reset element' output is supposed to match 'get element' one
-# apart from changing expires ms value
-EXP=$($NFT get element t s '{ 1.0.0.1 . udp . 53 }' | drop_ms)
-OUT=$($NFT reset element t s '{ 1.0.0.1 . udp . 53 }' | drop_ms)
-$DIFF -u <(echo "$EXP") <(echo "$OUT")
-
-EXP=$($NFT get element t m '{ 1.2.3.4 }')
-OUT=$($NFT reset element t m '{ 1.2.3.4 }')
-$DIFF -u <(echo "$EXP") <(echo "$OUT")
+echo -n "get set elem matches reset set elem: "
+elem='element t s { 1.0.0.1 . udp . 53 }'
+[[ $($NFT "get $elem ; reset $elem" | \
+ grep 'elements = ' | drop_seconds | uniq | wc -l) == 1 ]]
+echo OK
-# assert counter value is zeroed
-$NFT get element t s '{ 1.0.0.1 . udp . 53 }' | grep -q 'counter packets 0 bytes 0'
+echo -n "counters and expiry are reset: "
+NEW=$($NFT "get $elem")
+grep -q 'counter packets 0 bytes 0' <<< "$NEW"
+[[ $(expires_minutes <<< "$NEW") -gt 20 ]]
+echo OK
-# assert expiry is reset
-VAL=$($NFT get element t s '{ 1.0.0.1 . udp . 53 }' | expires_seconds)
-[[ $VAL -gt 28 ]]
+echo -n "get map elem matches reset map elem: "
+elem='element t m { 1.2.3.4 }'
+[[ $($NFT "get $elem ; reset $elem" | \
+ grep 'elements = ' | uniq | wc -l) == 1 ]]
+echo OK
-# assert quota value is reset
+echo -n "quota value is reset: "
$NFT get element t m '{ 1.2.3.4 }' | grep -q 'quota 50 bytes : 10.2.3.4'
+echo OK
-# assert other elements remain unchanged
-$NFT get element t s '{ 2.0.0.2 . tcp . 22 }'
+echo -n "other elements remain the same: "
OUT=$($NFT get element t s '{ 2.0.0.2 . tcp . 22 }')
-grep -q 'counter packets 10 bytes 100 timeout 15s' <<< "$OUT"
-VAL=$(expires_seconds <<< "$OUT")
-[[ $val -lt 14 ]]
+grep -q 'counter packets 10 bytes 100 timeout 15m' <<< "$OUT"
+VAL=$(expires_minutes <<< "$OUT")
+[[ $val -lt 10 ]]
$NFT get element t m '{ 5.6.7.8 }' | grep -q 'quota 100 bytes used 50 bytes'
+echo OK
-# 'reset set' output is supposed to match 'list set' one, again strip the ms values
-EXP=$($NFT list set t s | drop_ms)
-OUT=$($NFT reset set t s | drop_ms)
+echo -n "list set matches reset set: "
+EXP=$($NFT list set t s | drop_seconds)
+OUT=$($NFT reset set t s | drop_seconds)
$DIFF -u <(echo "$EXP") <(echo "$OUT")
+echo OK
-EXP=$($NFT list map t m | drop_ms)
-OUT=$($NFT reset map t m | drop_ms)
+echo -n "list map matches reset map: "
+EXP=$($NFT list map t m)
+OUT=$($NFT reset map t m)
$DIFF -u <(echo "$EXP") <(echo "$OUT")
+echo OK
-# assert expiry of element with custom timeout is correct
-VAL=$($NFT get element t s '{ 2.0.0.2 . tcp . 22 }' | expires_seconds)
-[[ $VAL -lt 15 ]]
+echo -n "reset command respects per-element timeout: "
+VAL=$($NFT get element t s '{ 2.0.0.2 . tcp . 22 }' | expires_minutes)
+[[ $VAL -lt 15 ]] # custom timeout applies
+[[ $VAL -gt 10 ]] # expires was reset
+echo OK
-# assert remaining elements are now all reset
+echo -n "remaining elements are reset: "
OUT=$($NFT list ruleset)
grep -q '2.0.0.2 . tcp . 22 counter packets 0 bytes 0' <<< "$OUT"
grep -q '5.6.7.8 quota 100 bytes : 50.6.7.8' <<< "$OUT"
+echo OK