From 5df2f2e203230eeecb8617992741652226fc3ca4 Mon Sep 17 00:00:00 2001 From: Harsha Sharma Date: Tue, 14 Aug 2018 01:07:55 +0530 Subject: tests: py: add ct timeout tests Add test for adding ct timeout objects and assigning it via rule. Signed-off-by: Harsha Sharma Signed-off-by: Pablo Neira Ayuso --- tests/py/ip/objects.t | 9 +++++++++ tests/py/ip/objects.t.payload | 4 ++++ tests/py/nft-test.py | 4 ++++ 3 files changed, 17 insertions(+) (limited to 'tests') diff --git a/tests/py/ip/objects.t b/tests/py/ip/objects.t index 5e8c7631..fc2ee266 100644 --- a/tests/py/ip/objects.t +++ b/tests/py/ip/objects.t @@ -32,3 +32,12 @@ ct helper set tcp dport map {21 : "cthelp1", 2121 : "cthelp1" };ok ip saddr 192.168.1.3 limit name "lim1";ok ip saddr 192.168.1.3 limit name "lim3";fail limit name tcp dport map {443 : "lim1", 80 : "lim2", 22 : "lim1"};ok + +# ct timeout +%cttime1 type ct timeout { protocol tcp; policy = { established:122 } ;};ok +%cttime2 type ct timeout { protocol udp; policy = { syn_sent:122 } ;};fail +%cttime3 type ct timeout { protocol tcp; policy = { established:132, close:16, close_wait:16 } ; l3proto ip ;};ok +%cttime4 type ct timeout { protocol udp; policy = { replied:14, unreplied:19 } ;};ok +%cttime5 type ct timeout {protocol tcp; policy = { estalbished:100 } ;};fail + +ct timeout set "cttime1";ok diff --git a/tests/py/ip/objects.t.payload b/tests/py/ip/objects.t.payload index 193d7972..719b6c37 100644 --- a/tests/py/ip/objects.t.payload +++ b/tests/py/ip/objects.t.payload @@ -59,3 +59,7 @@ ip test-ip4 output [ cmp eq reg 1 0x00000006 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ objref sreg 1 set __objmap%d ] + +# ct timeout set "cttime1" +ip test-ip4 output + [ objref type 7 name cttime1 ] diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py index 3b89ec35..23f73d50 100755 --- a/tests/py/nft-test.py +++ b/tests/py/nft-test.py @@ -1081,6 +1081,10 @@ def obj_process(obj_line, filename, lineno): obj_type = "ct helper" tokens[3] = "" + if obj_type == "ct" and tokens[3] == "timeout": + obj_type = "ct timeout" + tokens[3] = "" + if len(tokens) > 3: obj_spcf = " ".join(tokens[3:]) -- cgit v1.2.3